afaik, there is no hardcoded workaround other than disable anonymous registration, using .htaccess/httpd.conf restrictions, or removing wp-register.php for the time being, if you're using mod_security, you can block it using something like this: SecFilterSelective "THE_REQUEST" "wp-register.php" "id:1004,deny,log,status:412" more info. at http://www.modsecurity.org/