BuddyPress.org

or try “All In One WP Security & Firewall”
There are several options that will protect you from bots

That’s an interesting idea. What about using the Akismet anti-spam service to check the content of the message?

I’ve also had bots send spam messages via private messaging, and it’s a pain once it gets started.

you should be able to use robots.txt to prevent indexing of specific pages too.

not sure about member profiles — but I think a /members/* wildcard (properly written) should work

Ah great! Glad that one is solved. It’s only half of the solution though. These bots will still plague your site with registration requests. To get rid of those try https://wordpress.org/plugins/simple-google-recaptcha/ thi sworked like a treat on my sites, totally eliminating spam bot registrations (for now…).

There’s a function to tell when you’re on a BP page is_buddypress() so this is a guess at how you could do it:

add_action( 'wp_head', function() {
  if ( is_buddypress() ) {
    echo '<meta name="robots" content="noindex">';
  }
});

with my default bp installs just about everything IS public.. it’s actually not easy to make the bp pages like activity and groups and such private.

I think most of those things are fine to be public – and people can choose to make groups members only, logged in only, or public viewable.. default is all public I think..

Most profile fields the user can choose similar privacy settings for certain fields if you allow..

Sometimes I make a group non-pulbic viewable as super admin..

I also choose a lot of things to be blocked by the robot search engine spiders – as there is no need for them to go pulling 100 pages of activity feed and such – so even though most of my BP site is publicly viewable, only about half of it is (supposed to be) crawled by the big engines – most follow the robots.txt directive – but not all..

@januzi_pl – how many members are there?

Are there strong anti-spam / anti-bot sign up measures in place? not a captcha – something like “good question” or other answer correct question to get through kind of thing.

using wp spmshield or some kind of akismet type thing?

I don’t have the kind of graph you show there – but I can say I saw a HUGE difference.. back in the day we had tons of bots signing up for new accounts, sending pms to other users, and all kinds of activity that was not obvious on the front end to the average visitor or site admin.. only after a few complaints and some digging did I realize that 90% of server resources were being sucked away by bot registrations / spammers, and bots that were crawling for the various “search engines” – once you get a hold on those things, then it’s good to know how many users you have and if they are active all day and night or just certain times of the day and such..

disclaimer, I am not a bp dev, just a long time user, and my knowledge is far from complete.

1 -each Profile / Member offered a separate gallery or media library?
This was a problem from the very beginning, and perhaps the biggest problem for bp aside from lousy filter options for the activity stream. Initially it was handled by the ‘bp-album’ plugin – which was later abandoned amidst some drama – rtmedia is kind of the standard for handling this now – but it’s bloated, important functions have gotten expensive, and it’s not well supported in core or themes – it’s terrible at keeping things separated like comments on media and galleries –
There is a new bp media like experimental thing that looks promising, and some attempts at making placeholders for bp media have been made in the past year, new hooks for bp attachment, etc. Some code has appeared on github showing a great start at possible core bp media handling – but not enough devs on that.

if you must have media with bp I suggest getting the premium “press permit core” and ask for support in limiting what other users can see in the media library. God forbid you have a problem with users trolling other users – and you have media – as you can purchase the buddyblock plugin which will prevent most abuse user to user, but it does not hook into the separate commenting system that rt-media creates. I strongly encourage you to try the other media plugin and hope that works for what you need before getting stuck with rtmedia and no way to export it’s data to something else.

2 a cap on how many Mb’s a user is allowed to upload for the total amount of media space
Wordpress has a setting for this when using multi-site setup – but I think it affects only what gets posted to the user blogs aka sites. I think rtmedia has an optional purchase-able plugin for this if you use their system to allow for the media uploads – not sure if the other competing system has such functionality.

This is a problem, and a solution should include a way for admins to look at users who have uploaded media, not just by user and space taken up, but also by date. There should be more control for deleting content with various parameters as well. I pity you if you find one day a user has uploaded 100s of photos that violate… terms.. and you have to delete each one at a time. If you find a way to handle this better with rtmedia I’d love for you to share it.

Currently I have tons of photos and videos that users have uploaded and no good way to look at or remove, aside from going profile to profile and manually checking what shows up there. A better way may exist, I have not found it yet.

3 – Why do all members have to be Authors in order to be able to Post because this was the only method that worked for me.
When you say post, that sounds like posting a post to a blog – either their own multi-site blog, or perhaps to a group blog. This is how worpdress is and is great for controlling things with blogs. If you mean a user needs to be an author in order to add to thier “activity stream” aka wall or profile or whatever, I do not think they need to be a blog author in order to do so… “What’s new” activity posts work fine without being a blog author.

4 – BuddyPress and BB Press how should I set up my .htaccess file – this should be documented somewhere around here. Wish I could tell you, I don’t have any bb press running with any buddypress installs any longer.

If you don’t want robots to crawl your site, search for forums for making buddypress private – you’ll want to lock down your site with a password required to view anything – if you really want to block bots.. if it’s just the nicer bots you are referring to, like googlebot, yahoo and bigbots – then you can setup a robots.txt with something like

robots *
disallow /
allow index.php

but I don’t think having the main engines index your index.php is really helpful with most WP themes.. you’d probably be better with “allow /about-us/” for example.. as most wp sites I’ve worked with dont have a good ol’ index.html

your experiences may vary..

With BP you eaither have lots of time to code, or you take everything as is for the most part. Auttomatic has not funded bp well since the first dev Andy left – it’s basically abandoned like unwanted bastard child that gets (almost) no support – and has been for years. Instead depending mainly on volunteer contributors that obviously have to do other things like earn a living and pay bills.

Some great people do amazing things making bp better – I appreciate those that are making the documentation better and fighting the good fight of dealing with all the wp core changes and how they affect bp when it updates – and other work to make it better. However what is seemingly most important to many webmasters and end users may not be on the roadmap for future releases – and finding developers to mod up BP is not as easy as one may hope either.

custom fixes today may well be broken with future updates, and no one has thought about the laws in Europe for privacy and users being able to export data you have them.. all kinds of things..

consider bp a huge mix of free code that is very experimental, and in my humble opinion should be removed from the wp plugin repo if automattic is not going to fund it properly – it certainly should not be on the first page view of plugins – anyone installing it likely has no idea what can of worms they are getting into.

If you are thinking of the future and how you may need to moderate user’s uploads and such, I strongly encourage you to test out the mediapress alternative – but realize in order to get core functionality with bp right now you will have to add on a walled garden from one place or another.. without any import / export options – before you invest too much of your time and your user’s pictures and videos into silos you may never escape, you right as well look into and test out peepso (https://www.peepso.com )- as they seem to have more skin in the game and have made at least some import / export things if I remember correctly.

again, I am not a bp dev. also I have not used mediapress yet – although I would with a fresh install – rtmedia has not met my expectations, although not a total fail, it is only 60% of what it should be. I have not used peepso yet either. Just a guy that’s been running a few bp installs for a few years, and my knowledge is fuzzy at best. surely @ma.tt, others thoughts, and your mileage may vary.