BuddyPress.org

I was having 5 or 6 sploggers sign up daily no matter what I did until about 2 weeks ago when I revamped my tactics. Since then, I have had 0 spam signups… not one. Fingers crossed Here’s what I’ve done:

– Removed references to WP/BP in footer text
– Changed the register slug to something unrecognizable that has no bearing whatsoever to the concept of signing up (so even those grossly underpaid 3rd-world human spammers can’t figure it out)
– Installed WPMU Super Captcha to let the nice humans through: https://wordpress.org/extend/plugins/super-capcha/
– Installed WP-Ban to block the not-so-nice ones: https://wordpress.org/extend/plugins/wp-ban/
– Installed Buddypress Humanity as a double-check: https://buddypress.org/community/groups/buddypress-humanity/
– Blocked lists of bad bots in .htaccess as suggested in this post: https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/buddypress-spam/?topic_page=2&num=15#post-60177
– Added “deny from all” in .htaccess for wp-config.php
– If someone does manage to access the register page through a direct url (without visiting any other page first), they are bumped to a GOAWAY page with the following in .htaccess. .

# BEGIN ANTISPAMBLOG REGISTRATION
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-signup.php*
RewriteCond %{HTTP_REFERER} !.examplesite.com. [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://examplesite.com/goaway.html [R=301,L]

So far, so good. As I mentioned, not a single splogger has managed to get through in about 2 weeks. If they do, there are 2 ingredients in the above recipe that can be adjusted:
– the captcha image is fully customizable to render bot algorithms redundant (hopefully)
– the register slug can be changed as often as you change socks

On a final note, there are also some interesting tweaks to be found here: http://www.smashingmagazine.com/2010/07/01/10-useful-wordpress-security-tweaks/