Spam and bot user detection plugin for WordPress and WooCommerce that helps you identify, manage, and remove suspicious user accounts while protecting legitimate users.
- Multiple Pattern Analysis: Detects common spam username patterns and suspicious email addresses
- Domain Reputation: Identifies disposable email domains and suspicious registration patterns
- Bulk Registration Detection: Flags mass registrations from same domains or IP patterns
- Activity Analysis: Identifies dormant accounts with no posts, comments, or engagement
- Role-Based Protection: Automatically protects Administrators, Editors, and Shop Managers
- WooCommerce Integration: Special handling for customers with purchase history
- CSV Export: Export suspicious users with detailed analysis data
- Domain List Management: Import/export whitelist and suspicious domain lists
- Bulk Operations: Efficient management of large user databases
- Download the latest release from GitHub Releases
- Go to Plugins > Add New > Upload Plugin
- Choose the downloaded ZIP file and click Install Now
- Click Activate Plugin
- Download and extract the plugin files
- Upload the
spam-user-detectivefolder to/wp-content/plugins/ - Go to Plugins in your WordPress admin
- Find "Spam User Detective" and click Activate
cd /path/to/wordpress/wp-content/plugins/
git clone https://github.com/Open-WP-Club/Spam-User-Detective.git spam-user-detective- Create a Backup: Always backup your database before using any user management tool
- Access the Plugin: Go to Users > Spam Detective in your WordPress admin
- Configure Settings: Add trusted domains to whitelist and known spam domains to blacklist
- Run Analysis: Choose between Quick Scan (100 recent users) or Full Analysis
- Analyzes the 100 most recent user registrations
- Perfect for regular maintenance and recent spam detection
- Faster execution, ideal for larger sites
- Scans your entire user database
- Comprehensive detection for complete cleanup
- May take longer on sites with many users
| Risk Level | Score Range | Description | Recommended Action |
|---|---|---|---|
| π΄ High | 70+ | Multiple spam indicators | Safe to delete |
| π‘ Medium | 40-69 | Some suspicious patterns | Review manually |
| π’ Low | 25-39 | Minor flags detected | Investigate further |
| Icon | Meaning | Action |
|---|---|---|
| π‘οΈ | Protected Role (Admin/Editor) | Cannot be deleted |
| π | Protected User | Cannot be deleted |
| π | Has WooCommerce Orders | Protected by default |
| Can be deleted | Available for removal |
- Select All High Confidence: Selects users with 70+ risk score
- Select All Deletable: Selects non-protected users without orders
- Select All Suspicious: Selects all flagged users (respects protection)
- Delete Selected: Removes selected users immediately
- Export Selected: Downloads CSV with user details
The plugin automatically detects:
- Random character usernames:
xjk8m9p2,aqwerty123 - Pattern-based names:
user123,name-456 - Missing display names or profiles
- Bulk registrations from same domains
- Inactive accounts with no engagement
When WooCommerce is active:
- Users with completed orders are protected by default
- Shopping cart icon (π) indicates customers
- "Force Delete" option available for override
- Order status considered in risk scoring
- Uses WordPress transients for caching (24-hour expiration)
- No custom database tables created
- Minimal database footprint
- Automatic cache cleanup on deactivation
- Caching system reduces repeated analysis overhead
- Batch processing prevents memory exhaustion
- Progressive loading for large datasets
- Optimized database queries with proper indexing
# Clone the repository
git clone https://github.com/Open-WP-Club/Spam-User-Detective.git
# Install in WordPress plugins directory
cp -r Spam-User-Detective /path/to/wordpress/wp-content/plugins/spam-user-detective
# Activate via WordPress admin or WP-CLI
wp plugin activate spam-user-detectiveWe welcome contributions from the community! Here's how you can help:
- Check existing issues
- Create a new issue with detailed information
- Include WordPress version, PHP version, and error logs
- Describe expected vs actual behavior
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes following our coding standards
- Test thoroughly on different WordPress versions
- Commit with clear messages:
git commit -m 'Add amazing feature' - Push to your branch:
git push origin feature/amazing-feature - Open a Pull Request with detailed description
This project is licensed under the GNU General Public License v2.0 - see the LICENSE file for details.
- GitHub Issues - Bug reports and feature requests
- Documentation - Comprehensive usage guide
- Community Discussions - Questions and community help
- Update to latest version - Many issues are resolved in updates
- Check existing issues - Your question might already be answered
- Test with default theme - Rule out theme conflicts
- Disable other plugins - Identify plugin conflicts
- Provide system info - WordPress, PHP, and plugin versions