BuddyPress.org

That’s an interesting idea. What about using the Akismet anti-spam service to check the content of the message?

I’ve also had bots send spam messages via private messaging, and it’s a pain once it gets started.

you should be able to use robots.txt to prevent indexing of specific pages too.

not sure about member profiles — but I think a /members/* wildcard (properly written) should work

Ah great! Glad that one is solved. It’s only half of the solution though. These bots will still plague your site with registration requests. To get rid of those try https://wordpress.org/plugins/simple-google-recaptcha/ thi sworked like a treat on my sites, totally eliminating spam bot registrations (for now…).

There’s a function to tell when you’re on a BP page is_buddypress() so this is a guess at how you could do it:

add_action( 'wp_head', function() {
  if ( is_buddypress() ) {
    echo '<meta name="robots" content="noindex">';
  }
});

with my default bp installs just about everything IS public.. it’s actually not easy to make the bp pages like activity and groups and such private.

I think most of those things are fine to be public – and people can choose to make groups members only, logged in only, or public viewable.. default is all public I think..

Most profile fields the user can choose similar privacy settings for certain fields if you allow..

Sometimes I make a group non-pulbic viewable as super admin..

I also choose a lot of things to be blocked by the robot search engine spiders – as there is no need for them to go pulling 100 pages of activity feed and such – so even though most of my BP site is publicly viewable, only about half of it is (supposed to be) crawled by the big engines – most follow the robots.txt directive – but not all..

@januzi_pl – how many members are there?

Are there strong anti-spam / anti-bot sign up measures in place? not a captcha – something like “good question” or other answer correct question to get through kind of thing.

using wp spmshield or some kind of akismet type thing?

I don’t have the kind of graph you show there – but I can say I saw a HUGE difference.. back in the day we had tons of bots signing up for new accounts, sending pms to other users, and all kinds of activity that was not obvious on the front end to the average visitor or site admin.. only after a few complaints and some digging did I realize that 90% of server resources were being sucked away by bot registrations / spammers, and bots that were crawling for the various “search engines” – once you get a hold on those things, then it’s good to know how many users you have and if they are active all day and night or just certain times of the day and such..

disclaimer, I am not a bp dev, just a long time user, and my knowledge is far from complete.

1 -each Profile / Member offered a separate gallery or media library?
This was a problem from the very beginning, and perhaps the biggest problem for bp aside from lousy filter options for the activity stream. Initially it was handled by the ‘bp-album’ plugin – which was later abandoned amidst some drama – rtmedia is kind of the standard for handling this now – but it’s bloated, important functions have gotten expensive, and it’s not well supported in core or themes – it’s terrible at keeping things separated like comments on media and galleries –
There is a new bp media like experimental thing that looks promising, and some attempts at making placeholders for bp media have been made in the past year, new hooks for bp attachment, etc. Some code has appeared on github showing a great start at possible core bp media handling – but not enough devs on that.

if you must have media with bp I suggest getting the premium “press permit core” and ask for support in limiting what other users can see in the media library. God forbid you have a problem with users trolling other users – and you have media – as you can purchase the buddyblock plugin which will prevent most abuse user to user, but it does not hook into the separate commenting system that rt-media creates. I strongly encourage you to try the other media plugin and hope that works for what you need before getting stuck with rtmedia and no way to export it’s data to something else.

2 a cap on how many Mb’s a user is allowed to upload for the total amount of media space
Wordpress has a setting for this when using multi-site setup – but I think it affects only what gets posted to the user blogs aka sites. I think rtmedia has an optional purchase-able plugin for this if you use their system to allow for the media uploads – not sure if the other competing system has such functionality.

This is a problem, and a solution should include a way for admins to look at users who have uploaded media, not just by user and space taken up, but also by date. There should be more control for deleting content with various parameters as well. I pity you if you find one day a user has uploaded 100s of photos that violate… terms.. and you have to delete each one at a time. If you find a way to handle this better with rtmedia I’d love for you to share it.

Currently I have tons of photos and videos that users have uploaded and no good way to look at or remove, aside from going profile to profile and manually checking what shows up there. A better way may exist, I have not found it yet.

3 – Why do all members have to be Authors in order to be able to Post because this was the only method that worked for me.
When you say post, that sounds like posting a post to a blog – either their own multi-site blog, or perhaps to a group blog. This is how worpdress is and is great for controlling things with blogs. If you mean a user needs to be an author in order to add to thier “activity stream” aka wall or profile or whatever, I do not think they need to be a blog author in order to do so… “What’s new” activity posts work fine without being a blog author.

4 – BuddyPress and BB Press how should I set up my .htaccess file – this should be documented somewhere around here. Wish I could tell you, I don’t have any bb press running with any buddypress installs any longer.

If you don’t want robots to crawl your site, search for forums for making buddypress private – you’ll want to lock down your site with a password required to view anything – if you really want to block bots.. if it’s just the nicer bots you are referring to, like googlebot, yahoo and bigbots – then you can setup a robots.txt with something like

robots *
disallow /
allow index.php

but I don’t think having the main engines index your index.php is really helpful with most WP themes.. you’d probably be better with “allow /about-us/” for example.. as most wp sites I’ve worked with dont have a good ol’ index.html

your experiences may vary..

With BP you eaither have lots of time to code, or you take everything as is for the most part. Auttomatic has not funded bp well since the first dev Andy left – it’s basically abandoned like unwanted bastard child that gets (almost) no support – and has been for years. Instead depending mainly on volunteer contributors that obviously have to do other things like earn a living and pay bills.

Some great people do amazing things making bp better – I appreciate those that are making the documentation better and fighting the good fight of dealing with all the wp core changes and how they affect bp when it updates – and other work to make it better. However what is seemingly most important to many webmasters and end users may not be on the roadmap for future releases – and finding developers to mod up BP is not as easy as one may hope either.

custom fixes today may well be broken with future updates, and no one has thought about the laws in Europe for privacy and users being able to export data you have them.. all kinds of things..

consider bp a huge mix of free code that is very experimental, and in my humble opinion should be removed from the wp plugin repo if automattic is not going to fund it properly – it certainly should not be on the first page view of plugins – anyone installing it likely has no idea what can of worms they are getting into.

If you are thinking of the future and how you may need to moderate user’s uploads and such, I strongly encourage you to test out the mediapress alternative – but realize in order to get core functionality with bp right now you will have to add on a walled garden from one place or another.. without any import / export options – before you invest too much of your time and your user’s pictures and videos into silos you may never escape, you right as well look into and test out peepso (https://www.peepso.com )- as they seem to have more skin in the game and have made at least some import / export things if I remember correctly.

again, I am not a bp dev. also I have not used mediapress yet – although I would with a fresh install – rtmedia has not met my expectations, although not a total fail, it is only 60% of what it should be. I have not used peepso yet either. Just a guy that’s been running a few bp installs for a few years, and my knowledge is fuzzy at best. surely @ma.tt, others thoughts, and your mileage may vary.

Yes, my BP brothers, there’s a plugin called BP Simple Private and I think it will solve your problems, without having to work with robots.txt

Prior to using BP Simple Private, my site’s member pages were way too accessible.. You could type http://mysite.com/members <- and you’d see the whole members directory.

Prior to using BP Simple Private, you could type http://mysite.com/members/aaronthomas1979, and you’d jump straight to my profile.

With this plugin, people (or search engine bots,) will be redirected to a page of your choosing, and the member pages will not be displayed.

If you already have the issue of member pages being displayed in search results, there’s nothing you can do to immediately fix that, but make the change (get the plugin) and wait for those bots to crawl your site again, but next time, they won’t find those pages.

It works for me..

Hi @Tranny,

Trust me, I completely hear you. You’re right. Ideally anti-spam controls like that should be built-in.

Those are great suggestions. We’ll take a hard look at possibly including those features in future versions of WP-SpamShield as well. One thing you’ll find by using a plugin like WP-SpamShield is that it will block 100% of bots, and it will prevent most human spammers from even registering (which keeps them from even getting to a place where they can spam other users), and it will make it difficult for them to post their spammy messages.

Let us know if we can help in any way.

– Scott

@tranny,

dealing with spammers is a long run work, to not say a never ending work. There is no miraculous plugin or trick to stop them.
And even if you would be a genius coder creator of an extra super original spam shield, you could be sure to became target #1 of all spammers, because in this case, you would represent the absolute challenger of all code breakers !

Back to real life.

Most of updates spam comes directly into the DB. Bots are clever and don’t need to login to do that.
Some spammers are real people, and once they are logged, they do their stuff manually. These people can be isolated, but to do this, you have to find them in the user list. Which is absolutely not easy and time comsumting. And of course, this is not prevention but intervention, after you where spammed.

You could also track IP‘s, but again, this can be helpfull only AFTER you where spammed. But getting ip’s on admin user list is a great way to gain time. Once you have the IP, you can consult many anti spam sites who store any bot and user known to be attackers. And eventually ban them with this plugin.

For now, first thing to do is to clean your user list. Whatever suspect username, like a589xdf or special to BP, Bill UNERHOOD, can be eliminated. The first example use alpha-numeric digits, the second a very well formed first and last name. It’s extremely rare that normal users enter such credentials. In addition to this, you can check their email. Why would you, for example, have members with a polish email (@blogmedykamenty.pl) if you’re in New Zeeland and your site relates about pets ? In this case, you can raisonably doubt about an interest between medicaments and pets ! You can fire such user.

All this may be good and well, but you have also to hardening WP. This means using another table prefix as wp_ at very first. And second, to not use “admin” as user name. Never !
Read also @venutius tutorial

You have to clean out the existing spammers, unfortunately manually. And to avoid upcoming spam.

To calm down the bots – in case you receive dozen of spam daily, close all comments and deactivate notices and messages component in bp settings for 2 or 3 weeks.

Also, in case you’re on a dedicated server, you really need to enforce his security. But this is out of the scope of this forum.

Spam is an endless discussion on the web over years. Search this forum, you’ll find many topics.

Half of my users registrations are reported by buddypress like a spam.
The question is why ? Aside, note that it is WP who controls the registration, not BuddyPress.

Do you use Askimet or some other plugin who controls your registry ?

So I think it’s sufficient? no?

Simply ? NO !

Captchas are helping to determine a human activity, but generally don’t spam users.

Many spam bots go through captcha and many other goes directly to your db. And many many, if not all, can send emails !
Spammers are even cleverer as most door keepers, it’s a sad fact and a great part of that “sport” to prove it continuously.

Here some common tasks explained to avoid spam and other unwanted content on your site. Note that one of the first thing to do is to use another table prefix as the universal knowed wp_ !

@mingjie0409
there has been some discussion of this here: https://buddypress.org/support/topic/bussdypress-title-and-seo-yoast-problem/#post-253510

and here:

https://premium.wpmudev.org/forums/topic/bp-meta-tite-description-for-groups-and-members-pages

and several other places including the suggestions / feedback area amongst others.

I’ve had it fixed a time or two but updates to either bp or themes have broken my fixes.
This is something that google’s webmaster tools screams at you as being bad, and hurts your site the more members you get.

so I added a noindex no follow to the robots.txt file to remove most of the bp pages from being indexed.

To block those files you would use robots.txt, not .htaccess.