The user has verified their email address and requests that you approve their account.
This means that someone went to that page, filled in the form including the CAPTCHA, received an email and clicked on the link. That's a real human registering an account. The only way to prevent this is turning off user registration completely. However, the other extension you are using is erroneously depending on Joomla's user registration to be enabled.
I say "erroneously" because the objective of the extension you're using is to register users when they make a donation / payment. It stands to reason that user registration should take place regardless of Joomla's option so the site owner can choose to only provide user accounts to paying clients. It's not even a novel idea. I implemented that back in 2011 in Akeeba Subscriptions (this component is no longer available to the general public, it's what we use on our own site).
I think that the architecturally correct solution to your problem is contacting the developer of the other extension and explain the use case, as well as the fact that they can – in fact – register and activate a Joomla user despite Joomla's user registration options. The factor that controls the registration should only be the payment status. After they fix that problem you can disable user registration on your site. Note that this is how we used to run our own site until 2018. Since 2018 we allow people to register user accounts so they can file pre-sales requests.
On this note, it's not necessary to prevent user registration on your site altogether. You just need to create a new user group and view access level for subscribers, assigning paying customers to this user group and limiting access on the subscriber-only content to the view access level that only contains this group. If someone registers a user account they will only be added to the Registered group and have no access to anything of value. That's something we had implemented on our site since 2010, when we started selling subscriptions. Moreover, if anyone registers a user account – so what? It's not even remotely to be considered a security issue.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
