Quick Start Guide
Introduction
Get started with Secure User Registration by PureDevs in just a few minutes. This quick start guide covers the essential steps to protect your WordPress and WooCommerce registration forms from CSRF attacks and bot registrations.
Step 1: Install and Activate
Install the plugin from the WordPress plugin repository:
- Go to Plugins → Add New
- Search for “Secure User Registration by PureDevs”
- Click Install Now, then Activate
Once activated, your registration forms are immediately protected with basic CSRF security.
Step 2: Access Plugin Settings
Navigate to the plugin settings page:
- Go to Settings → Safe Registration in your WordPress admin menu
- You’ll see the General Settings page with all configuration options
Step 3: Enable Protection
Configure which registration forms to protect:
- Under Enable section, check:
- Protect user Registration – for WordPress registration forms
- Protect WooCommerce user Registration – for WooCommerce registration forms
- Enable the Enable Nonce checkbox to add custom nonce field protection
A nonce (number used once) is a security token that helps prevent CSRF attacks by verifying that form submissions are legitimate and coming from your site.
Step 4: Configure Email Blocking (Optional)
Block registrations from specific email addresses or domains:
- In the Email/Domain Blocklist field, enter email addresses or domains
- Use commas to separate multiple entries
- Examples:
spam@example.com– blocks a specific email@test.com– blocks all emails from test.com domain@example.com,@test.com– blocks multiple domains
Step 5: Set Up Google reCAPTCHA (Optional)
Add reCAPTCHA to protect against automated bot registrations:
- Get your reCAPTCHA keys from Google reCAPTCHA Admin
- Check the Enable Captcha checkbox
- Enter your Site Key in the Site Key field
- Enter your Secret Key in the Secret Key field
Use reCAPTCHA v2 (Checkbox) for best compatibility with this plugin. The plugin supports the standard “I’m not a robot” checkbox.
Step 6: Customize Error Messages (Optional)
Personalize the error messages shown to users:
- Invalid nonce error message – Shown when nonce validation fails
- Email/Domain blocklist error message – Shown when blocked email is used
- Captcha error message – Shown when reCAPTCHA validation fails
Default messages are provided, but you can customize them to match your site’s tone and language.
Step 7: Save and Test
- Click Save Changes at the bottom of the settings page
- Log out of WordPress
- Visit your registration page to verify:
- reCAPTCHA appears if enabled
- Blocked emails show error messages
- Forms are protected from CSRF attacks
Your WordPress and WooCommerce registration forms are now secured against CSRF attacks and unwanted bot registrations.
Recommended Settings for Most Sites
For optimal security with minimal impact on user experience:
- Enable both WordPress and WooCommerce protection – Complete coverage
- Enable Nonce – Core CSRF protection
- Enable Google reCAPTCHA – If you notice bot registrations
- Email/Domain Blocklist – Add domains as needed when spam appears
- Keep default error messages – Unless you need specific wording
Next Steps
Now that you’ve completed the quick start setup, explore these topics:
- CSRF Protection – Learn how nonce-based protection works
- Email and Domain Blocking – Advanced blocking strategies
- Google reCAPTCHA Integration – Detailed reCAPTCHA configuration
- Customizing Error Messages – Create branded error messages
- Troubleshooting – Common issues and solutions
Was this article helpful?
Help us improve our documentation by providing feedback