BuddyPress.org

One plugin that looks good for preventing registration spam is WangGuard. (Search for it in the WordPress repository.) I’ve just installed it, so can’t tell you if it’s as good as it sounds. (I run a very busy blog and allow commenting by unregistered users. Akismet catches spam and Conditional Captcha deletes it without my seeing it. The latter reduced spam from hundreds of comments a day [marked by Akismet] to near-zero. Only the occasional human spammer gets in.)

Allowing unmoderated registrations is spammer nirvana. 😉 I allowed posting by unregistered users so I could turn off user registration. Now that I’m wanting to use Buddypress, I had to enable registration but installed WanGuard. Within a few hours, I had one registration attempt — even though Buddypress can’t be seen anywhere on the site yet — but no successful registration, thanks to WangGuard. Tomorrow will tell me more.

@wpbp 1. Disable registration in Settings > General.

2. Disable group creation in Settings > BuddyPress > Settings > Groups.

3. Disable album creation/uploading of images in the plugin’s settings or are you referring to native WP image galleries?

You can enable group creation and registration after you’ve done some general housekeeping and adding some spam/spammer prevention.

@wpbp, The problem is that many spam nowadays are not bots but real human spam. I have same problem on one of my installation. all you can do is to ban the domain which has been a source of spam to your site. e.g: spam1@me-now.com. spam22@me-now.com

when you put “me-now.com” in the following code, it will ban any email from me-now.com, Put it in your functions.php

http://pastebin.com/a2mTNVZX

Note: I have 3 sets of this code, I have the one which can ban specific email from gmail, yahooo, hotmail etc without banning other users using gmail, yahooo, hotmail. if you want that aswell i can post it or all the 3 if someone can release it as a free plugin , no problem.

Naijaping

You did of course add a robots.txt text file? Use webmaster tools to give more granular control on the site with Google? Disabled feeds in case they are an issue?

@hnla
Well said Hugo! It also seems to me that if it was checked by default it would make it even easier for spam bots to compromise a site.

The reason for that is so many installs are not customized enough and that makes it easy for bots.

No system is safe from spam.

@somdefabrica double-check the privacy settings of your blog in subsite. It must allow indexing by robots/google.

there is no perfect solution for this problem and these “bots” are actually humans a good deal of the time i have had good experience with WangGuard though.

There is no perfect solution other then to disable registration entirely but i have had a good experience with WangGuard. FYI a good chunk of these “bots” are actually humans (at least at some point) believe it or not.

You can’t just install and not take action to limit server requests. You need to cache as much as possible and use a CDN. Also check logs you can have bots hitting site and you can block those.

Find out what is hitting ajax file and block it.

FYI a lot of those “bots” are humans no perfect solution exists some amount of human intervention will always be required to deal with spamming and splogging but…

i have been having a pretty good experience with WangGuard they are currently blocking about 90 to 95% of our spam registrations.

I’ve raised this issue off site and consider it frankly bizarre, that setting was and is for adding a entry to the robots.txt file and as the descriptive text explicitly suggests is for discouraging search engines from indexing so what on earth has that to do with the ability of ones site to display data across the site(s) to members/users –  this also affects other activity on site iirc such as forum post activity stream display.

imho this behaviour is badly wrong and a trac ticket needs opening to discuss this.

Nothing good yet but they do seem to be taking the matter seriously (as one should expect) supposed to speak with them again today in fact. They have provided a few suggestions but none of them has done the trick (CDN, custom robots file) The last suggestion was a bit wanting IMO they suggested using a third party service to filter our traffic. If this truly is a system wide issue i’d think that they need to revise either their stated billing policy or their method of counting visitors. Just curious are you also experiencing this issue?

You can use BuddyPress Humanity to stop bots:
https://wordpress.org/extend/plugins/buddypress-humanity/

or the honey pot method: https://github.com/pixeljar/BuddyPress-Honeypot

If necessary, you can manually approve users:
https://wordpress.org/extend/plugins/bp-registration-options/

@Gregykos believe it or not a lot of those “robots” are actually people.

@themightymo I have tried that plugin with out any results. I helps for human but not for spambots that register everyday ..

@aaclayton – It sounds like you have/had a plugin or theme conflict of some sort, as SI Captcha should work out of the box. Good to hear you found a plugin that works.

Which CAPTCHA plugins have you tried that have not worked?

Have you tried the following: https://wordpress.org/extend/plugins/si-captcha-for-wordpress/

@ A Swede in Greece

You could try this plugin:

https://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
But you’ll want the beta version as it fixes an issue with BuddyPress
http://www.blogseye.com/beta-test-plugins/

Also, you should look into installing ZBBlock.
http://www.spambotsecurity.com/zbblock.php

I’ve found that BP Humanity helps with spam robots but not human spammers.
https://wordpress.org/extend/plugins/buddypress-humanity/

For human spammers, you may need to approve each user.
https://wordpress.org/extend/plugins/bp-registration-options/