I am facing quite a problem with spam-bots, and could really use some advice. My WP website/phpBB forum uses a WordPress to phpBB bridge, to allow integration of users/registration from phpBB to WordPress. I have disabled registration from WordPress entirely and kept registration through phpBB.

Somehow I am constantly getting spam registrations, After examining the MySQL database I noticed the user entries do not include an email address or password. How is it possible for a spam-bot to bypass the required fields or register without providing an email or password? Is this a sign of malicious code or SQL injection? I have run several security plugins for WordPress, which did not detect anything.

I would very much appreciate any help or advice on how and where to begin to address this issue.

Many Thanks, Sam