BuddyPress.org

I’ve raised this issue off site and consider it frankly bizarre, that setting was and is for adding a entry to the robots.txt file and as the descriptive text explicitly suggests is for discouraging search engines from indexing so what on earth has that to do with the ability of ones site to display data across the site(s) to members/users –  this also affects other activity on site iirc such as forum post activity stream display.

imho this behaviour is badly wrong and a trac ticket needs opening to discuss this.

Nothing good yet but they do seem to be taking the matter seriously (as one should expect) supposed to speak with them again today in fact. They have provided a few suggestions but none of them has done the trick (CDN, custom robots file) The last suggestion was a bit wanting IMO they suggested using a third party service to filter our traffic. If this truly is a system wide issue i’d think that they need to revise either their stated billing policy or their method of counting visitors. Just curious are you also experiencing this issue?

You can use BuddyPress Humanity to stop bots:
https://wordpress.org/extend/plugins/buddypress-humanity/

or the honey pot method: https://github.com/pixeljar/BuddyPress-Honeypot

If necessary, you can manually approve users:
https://wordpress.org/extend/plugins/bp-registration-options/

@Gregykos believe it or not a lot of those “robots” are actually people.

@themightymo I have tried that plugin with out any results. I helps for human but not for spambots that register everyday ..

@aaclayton – It sounds like you have/had a plugin or theme conflict of some sort, as SI Captcha should work out of the box. Good to hear you found a plugin that works.

Which CAPTCHA plugins have you tried that have not worked?

Have you tried the following: https://wordpress.org/extend/plugins/si-captcha-for-wordpress/

@ A Swede in Greece

You could try this plugin:

https://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
But you’ll want the beta version as it fixes an issue with BuddyPress
http://www.blogseye.com/beta-test-plugins/

Also, you should look into installing ZBBlock.
http://www.spambotsecurity.com/zbblock.php

I’ve found that BP Humanity helps with spam robots but not human spammers.
https://wordpress.org/extend/plugins/buddypress-humanity/

For human spammers, you may need to approve each user.
https://wordpress.org/extend/plugins/bp-registration-options/

I don’t want to come over as all doom and gloom especially as this is my first post but I would think long and hard before adding such a feature. At first glance, many website owners (including some well known ones) think this is a great idea… but, think long and hard about this.

Many users will enter their “real name” when they register. If you add a postcode field (which would be required to add map pins), most users will have given sufficient information to pinpoint them to their front door.

There are many public records that can be data-mined by bots. One of the trends these days is for a bot to trawl the data provided by websites such as those hosted by WordPress (because it is open source, they know exactly what to look for) and then cross-reference that with public information (phone books, Facebook, electoral register, etc… Given a surname and a postcode, this would be enough to allow these bots to start collecting data for possible identity theft.

I have seen many sites (including a well known newspaper) do this without thinking of the consequences but after I pointed this out to them, the feature was removed within a few hours (which is extremely unusual at the best of times). I guess after they contacted their legal advisors, they were told that they faced extreme liability if it were found that this kind of data-mining of their site lead to mass identity theft (particularly after the “phonejacking” fiasco).

Just a thought and all the best for your sites.
-PiOfCube

I create a dummy install on same server. mytest.url.com Use a separate database.

You should block this from search bots and put it in a permanent maintainence mode so no one can see it. I then add all the plugins that are on the real site. This will allow you to test on same server before you go live. Some site admins may do local test on computer but I prefer real world tests on the actual server/host site is on.

In the past 6 months I was getting 50+ spam bot registrations a day. I used WangGuard, but it was not catching them.

The bots were looking for the default registration page at http://yoursite.com/register

I changed the permalink of my default registration page to something else and have not had any issue since then.

Knock on wood, I have not had to delete any bogus registrations for the past month.

I hope this helps.

I wouldn’t use WangGuard because it sounds like that could easily cause problems for non-bots.

I’ve been having good success with SweetCaptcha, I haven’t had any complaints from anyone & it seems to work for people from all cultures. One bot through since installing, but that is a lot less than lots of bots a day.

@elangley the thing is that whether you have BuddyPress or not, when you have open registration, expect spammers – bots and humans. There are human spammers who are paid by companies to post backlinks in as many websites as possible and those who spam just for the heck of it, and other than making your site by invitation only, you’d have to monitor membership in your site regular and be prepared to cull the spammers.

Deactivate BuddyPress by deleting the BuddyPress folder so you can get too site.

The correct steps to update a BuddyPress site are

1. place your site into a maintenance mode. How you do this is up to you. There are many WP plugins for this.

2. switch your theme to bp-default.

3. deactivate every plugin including BuddyPress.

4. upgrade the BuddyPress plugin.

5. If you need to re-activate bp-default do so.

6. Check your site now to see if the upgrade was successful by going to the front end. log out and in, post activity and forum posts, check avatar uploads. And any other things to check.

7. if you are using a custom theme then test your custom theme the same way you did with bp-default.

8. if custom theme checks out test plugins one by one using the same method. After checking a plugin and its ok deactivate it.

9. if you find an error with a certain plugin then deactivate it. move on to next plugin.

10. post in this forum the error you may have found with a certain plugin. the developer may have not updated a plugin and your findings can help them. It’s the least you can do to give back when using FREE open source software.

All of the above should be done on separate install just for testing. This is to avoid the horror of updating only to find your killer site feature (plugin) completely broken. I usually do a BuddyPress install on the same server so it has similar configurations to get realistic tests.

I usually do it on a sub domain: mytest.url.com

This test site is for you only so you can test away. Just make sure you block sign ups and block it from search bots etc. I run a maintenance mode full time on my test install.

Since you already updated just get to the backend and then deactivate all plugins. Reinstall BuddyPress and activate. Then do the one by one test stated above. It’s most likely a plugin conflict.

And a parting final comment or two on what does tend to become a wearisome topic:

Spam is pandemic across internet sites, all internet sites that have a member/registration system suffer from spammers – it is not! a problem that BP has more than any other app.

It’s annoying to have to go in every day and delete these users

And here is the rub so to speak; you DO! have to go in everyday and manage your site, how could you not think that wasn’t important or even vital? Any site of the type ‘Forum’ or ‘blog’ has to be managed and that really has to be realised why run a site if your not prepared to… run it – it’s why there are ‘admin’ roles!

I perform admin / moderator duties on a fairly large tech forum running Drupal we number six mods and each and every day we each deal with two or three spammers each this is over and above the measures put in place to deal with spam bots.

There are primarily two types of spam bots(automated) and humans(real people) There are a number of tricks and tips to dealing with bots and by and large there are actually pretty effective, these approaches and been linked to quite often so search those out and implement. As for humans this is the real issue, there isn’t a lot you can do about people registering on your site then posting garbage – not unless you close of membership or restrict membership – you have decided to run a open registration member site so really you need to get with the plot and understand that you WILL be spammed, if you find it too much trouble to visit your site once a day or to appoint further admins in your community that can deal with it then expect, when you do finally visit to have a lot more spam to deal with and for those spammers to have had the luxury of unfettered access to promote their links or harass your members – It really is your choice how you run your site but please please stop hunting round for this magic ‘thing’ that stops all spam dead it does not! exist.

This isn’t a BuddyPress question at all. Look for a robots.txt file in the root of your site in an FTP client (or similar).

It’s a fact of life take note again of what modemlooper said earlier > This only blocks bots, people are getting paid pennies to sign up to sites

If you want to run a WP site with open registration (it’s not just a BP problem!) then you have to learn to deal with this aspect and be re-active in administering your site and members and marking these users as spammers.