Dealing with unwanted (and probably spam) accounts via SSO?

Since you are SSOing (is that a word?) through WP, you might want to add a Captcha to your login. It is really effective against that kind of automated bot (if it is an automated spam bot) I’d try the new one by Google ( first as it only requires a code if it thinks you may be a bot.