BuddyPress.org

I don’t want to come over as all doom and gloom especially as this is my first post but I would think long and hard before adding such a feature. At first glance, many website owners (including some well known ones) think this is a great idea… but, think long and hard about this.

Many users will enter their “real name” when they register. If you add a postcode field (which would be required to add map pins), most users will have given sufficient information to pinpoint them to their front door.

There are many public records that can be data-mined by bots. One of the trends these days is for a bot to trawl the data provided by websites such as those hosted by WordPress (because it is open source, they know exactly what to look for) and then cross-reference that with public information (phone books, Facebook, electoral register, etc… Given a surname and a postcode, this would be enough to allow these bots to start collecting data for possible identity theft.

I have seen many sites (including a well known newspaper) do this without thinking of the consequences but after I pointed this out to them, the feature was removed within a few hours (which is extremely unusual at the best of times). I guess after they contacted their legal advisors, they were told that they faced extreme liability if it were found that this kind of data-mining of their site lead to mass identity theft (particularly after the “phonejacking” fiasco).

Just a thought and all the best for your sites.
-PiOfCube

I create a dummy install on same server. mytest.url.com Use a separate database.

You should block this from search bots and put it in a permanent maintainence mode so no one can see it. I then add all the plugins that are on the real site. This will allow you to test on same server before you go live. Some site admins may do local test on computer but I prefer real world tests on the actual server/host site is on.

In the past 6 months I was getting 50+ spam bot registrations a day. I used WangGuard, but it was not catching them.

The bots were looking for the default registration page at http://yoursite.com/register

I changed the permalink of my default registration page to something else and have not had any issue since then.

Knock on wood, I have not had to delete any bogus registrations for the past month.

I hope this helps.

I wouldn’t use WangGuard because it sounds like that could easily cause problems for non-bots.

I’ve been having good success with SweetCaptcha, I haven’t had any complaints from anyone & it seems to work for people from all cultures. One bot through since installing, but that is a lot less than lots of bots a day.

@elangley the thing is that whether you have BuddyPress or not, when you have open registration, expect spammers – bots and humans. There are human spammers who are paid by companies to post backlinks in as many websites as possible and those who spam just for the heck of it, and other than making your site by invitation only, you’d have to monitor membership in your site regular and be prepared to cull the spammers.

Deactivate BuddyPress by deleting the BuddyPress folder so you can get too site.

The correct steps to update a BuddyPress site are

1. place your site into a maintenance mode. How you do this is up to you. There are many WP plugins for this.

2. switch your theme to bp-default.

3. deactivate every plugin including BuddyPress.

4. upgrade the BuddyPress plugin.

5. If you need to re-activate bp-default do so.

6. Check your site now to see if the upgrade was successful by going to the front end. log out and in, post activity and forum posts, check avatar uploads. And any other things to check.

7. if you are using a custom theme then test your custom theme the same way you did with bp-default.

8. if custom theme checks out test plugins one by one using the same method. After checking a plugin and its ok deactivate it.

9. if you find an error with a certain plugin then deactivate it. move on to next plugin.

10. post in this forum the error you may have found with a certain plugin. the developer may have not updated a plugin and your findings can help them. It’s the least you can do to give back when using FREE open source software.

All of the above should be done on separate install just for testing. This is to avoid the horror of updating only to find your killer site feature (plugin) completely broken. I usually do a BuddyPress install on the same server so it has similar configurations to get realistic tests.

I usually do it on a sub domain: mytest.url.com

This test site is for you only so you can test away. Just make sure you block sign ups and block it from search bots etc. I run a maintenance mode full time on my test install.

Since you already updated just get to the backend and then deactivate all plugins. Reinstall BuddyPress and activate. Then do the one by one test stated above. It’s most likely a plugin conflict.

And a parting final comment or two on what does tend to become a wearisome topic:

Spam is pandemic across internet sites, all internet sites that have a member/registration system suffer from spammers – it is not! a problem that BP has more than any other app.

It’s annoying to have to go in every day and delete these users

And here is the rub so to speak; you DO! have to go in everyday and manage your site, how could you not think that wasn’t important or even vital? Any site of the type ‘Forum’ or ‘blog’ has to be managed and that really has to be realised why run a site if your not prepared to… run it – it’s why there are ‘admin’ roles!

I perform admin / moderator duties on a fairly large tech forum running Drupal we number six mods and each and every day we each deal with two or three spammers each this is over and above the measures put in place to deal with spam bots.

There are primarily two types of spam bots(automated) and humans(real people) There are a number of tricks and tips to dealing with bots and by and large there are actually pretty effective, these approaches and been linked to quite often so search those out and implement. As for humans this is the real issue, there isn’t a lot you can do about people registering on your site then posting garbage – not unless you close of membership or restrict membership – you have decided to run a open registration member site so really you need to get with the plot and understand that you WILL be spammed, if you find it too much trouble to visit your site once a day or to appoint further admins in your community that can deal with it then expect, when you do finally visit to have a lot more spam to deal with and for those spammers to have had the luxury of unfettered access to promote their links or harass your members – It really is your choice how you run your site but please please stop hunting round for this magic ‘thing’ that stops all spam dead it does not! exist.

This isn’t a BuddyPress question at all. Look for a robots.txt file in the root of your site in an FTP client (or similar).

It’s a fact of life take note again of what modemlooper said earlier > This only blocks bots, people are getting paid pennies to sign up to sites

If you want to run a WP site with open registration (it’s not just a BP problem!) then you have to learn to deal with this aspect and be re-active in administering your site and members and marking these users as spammers.

why you want to remove robot.txt file ?

You need to change the register slug. Pick something unique. Ex. http://www.mommychats.com/join-mommy-chats

This only blocks bots, people are getting paid pennies to sign up to sites so you can’t really block real people.

If you can, look at server logs to see a pattern for spam. Then block ip or emails. I would block yahoo emails, they are a spam haven. You could also limit to Facebook login only.

I don’t know of a better solution, hopefully someone else can suggest something…

@aces That way you would have to add each page 1 at a time, is there a way to do it automatically. (My Forum’s have thousands of pages so adding them individually is pretty much impossible.)

Yes with Google XML Sitemaps plugin v 3.2.6 on Wp 3.2.1 and Bp 1.5.1

The third panel down in the centre column ‘Additional Pages’ > Add new page

@aces

I tested out that plugin, I couldn’t see any options to add in my forums and stuff to the XML file in the settings page, does this still work?

it has nothing to do with privacy, it is about not getting duplicate content indexed.
It’s true, the default install of BP is SEO suicide.

You need to craft your robots.txt file as well as use seopress.

One feature that seems to be lacking is the display of page numbers in meta title and desc on paginated pages.

Still trying to sort that one.

You can do this via robots.txt file

User-agent: *
Disallow: /activity/

This isn’t really a BP-related question, but a robots.txt file is usually not necessary; it’s only needed if you want to block certain bots from your site.

More info here:
http://www.google.com/support/webmasters/bin/answer.py?answer=156449

Also make sure you’re not already using a robots.txt plugin like:
https://wordpress.org/extend/plugins/irobotstxt-seo/