Technically, yeah, I’d be looking at the signup path before I’d blame the update too. I’ve had this exact thing where it *looks* like a sudden flood, but really the bots were already sniffing around and some form field or endpoint just got easier to hit. Check whether the same junk is coming through the normal register form, REST, XML-RPC, or some weird plugin-created endpoint. That’s usually where the fun starts. If it really kicked off right after the plugin update, though, I’d still roll it back or at least compare the old/new settings. Seen enough “minor update” nonsense to know it can flip a protection setting or expose something dumb. And yeah, the “bots got smarter” line is usually just people not wanting to dig through logs.
ToolDecision
Tools, compared and explained
ToolDecision
Tools, compared and explained