BuddyPress.org

@mercime
@dandelionweb
For signups, please select the box which says user and blogs can be created.

To disable blog creation by non logged in user, put this code in your theme’s functions.php or bp-custom.php
Here is the code on pastebin(current forum has trouble posting code, so i posted it there).
http://bpdev.pastebin.com/1AyszwQ7

And the issue with bp-registration-options seems to be of PHP5.

There is a hack to core BP files which can be turned into a plugin (hint, hint) which works in BP 1.2.3 and WPMU 2.9.2 …

hi
For your first question, you may want to try this plugin
https://wordpress.org/extend/plugins/bp-registration-options/
checkout this thread too
https://buddypress.org/community/groups/how-to-and-troubleshooting/forum/topic/moderate-members/

For the second, yes, It is possible. Just go to SiteAdmin->Options and select the radio box which says only logged in users can create blog.
PHp5 may be an issue, better why not ask your server adminstrator to upgrade.

In all honestly, I wouldn’t recommend disabling email verification. In fact – you actually should not only use that, but use it with Gravatar to double verify members. My BP communities are brand new, in dev stages right now. I’ve already been subjected to spammers which is why I support use of Gravatars – because not only will your users be verified in your community, but globally and this is a big step in spam prevention.

If you want to customize the registration page, many of them can be through your theme framework. However, too much code will slice your page & overall framework right down the middle and break your site.

Can someone give solution that users that wish to sign up dont use buddypress signup page, instead they use regular wordpress signup which is much much safer.

Hmm, interesting. The generic BuddyPress register form does seem like a bit of a sieve (though it could just be my frustration talking).

I think you would just delete/disable /registration/activate.php and /registration/register.php. You would lose the ability for users to fill out extended profile fields at signup. However, quick signups are probably preferable, with seasoned users filling out extended profile fields as needed. I’ve read at least one article via delicious.com that suggests to me that signup forms need to be as simple as possible to help users focus on getting “behind the wall” fast and easy.

Login to the WPMU backend, navigate to “BuddyPress > Component Setup”, disable blog tracking.

Then disable blog registration.

Navigate to “Site Admin > Options”. Under “Allow new registrations”, select “Only user account can be created”.

True, I keep a test install running live with minimal plugins other than BP, I can perhaps disable BP and take it back to WPMU and open registrations again and see what gets through and report that back which might help, but won’t be able to set that up till later.

Paul.

I’m using WPMU 2.9 and the latest BP 1.2 release.. When I enable your plugin and sign up a new user the registration process goes fine, but no emails are sent out and thus registration is not possible. When I disable the plugin the registration emails do arrive, so something bad must happen somewhere.. I’ll try to pindown the problem

If you put the following code in a plugin then this will disable activation, although the users will still receive an activation email. In any case, they will be able to log straight in and the new account screen will tell them that.

If someone wants to add this to a plugin and release it please do, but I haven’t tested it, so do that first. In the next version I will add an option to disable activation emails too.

function disable_validation( $user_id ) {

global $wpdb;



$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_status = 0 WHERE ID = %d", $user_id ) );

}

add_action( 'bp_core_signup_user', 'disable_validation' );



function fix_signup_form_validation_text() {

return false;

}

add_filter( 'bp_registration_needs_activation', 'fix_signup_form_validation_text' );

Theoretically, if we’d like to disable it, is there a way we can define it in wp-config or bp-custom?

We’ve got a workaround, but it involves changing a core file, bp-core-signup.php. We changed this line:

$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_status = 2 WHERE ID = %d", $user_id ) );

to set the user_status as 0 (activated)

$wpdb->query( $wpdb->prepare( "UPDATE $wpdb->users SET user_status = 0 WHERE ID = %d", $user_id ) );

Next, we changed a line in register.php, in a child theme, where we changed the conditional

<?php if ( bp_registration_needs_activation() ) : ?>

to

<?php if ( !bp_registration_needs_activation() ) : ?>

This solves the problem, but it involves modifying a core file. Any workaround for that?

Okay… I am STILL getting SPAM registrations. I’ve done the following:

• Changed signup slug
• Installed hashcash (works with BP now)
• Disabled “Allow blog administrators to add new users…”
• Deleted BuddyPress credit in footer.php
• Deleted wp-signup.php
• Created a robots.txt file to disallow robots from my signup slug

Any more ideas? Short of Catcha? Altho’ I’m thinking even that won’t work.

So to sum up:

• Change your signup slug
• Add some required custom profile fields (or use the hashcash trick posted at the start of this thread)
• Disable “Allow blog administrators to add new users to their blog via the Users->Add New page”
• Delete BuddyPress credit in footer.php
• Delete wp-signup.php
• Create a robots.txt file with User-agent: * Disallow: /register/ (or whatever your slug is)
• If all else fails, use CAPTHCA or preferably a simple random question (what colour is snow)

Am I wrong or missing anything?

Also… all of my SPAM registrations were coming from .info domains. I added this to my .htaccess file but I’m not sure it’s correct. I found a million examples via Google search for how to ban full domains or subdomains… but nothing about blocking an entire extension (i.e… whatever.info). Anyway, this is what I wrote:

RewriteCond %{REMOTE_HOST} \\.info$

RewriteRule .* - [F]

Help! There’s no register button on my BuddyPress site!

If you’re using standard WP, login to the WP admin area, navigate to “Settings > General”, and make sure “Anyone can register” is checked.

If you’re using WPMU, login to the WPMU admin area, navigate to “Site Admin > Options”, and under “Allow new registrations”, select any option but “Disabled”.

If you’re using standard WP, login to the WP admin area, navigate to ”Settings > General”, and make sure ”Anyone can register” is checked.

If you’re using WPMU, login to the WPMU admin area, navigate to “Site Admin > Options”, and under “Allow new registrations”, select any option but “Disabled”.

Use captcha, have one profile field be required and change the slug.

define( 'BP_REGISTER_SLUG', 'name-this-something-unique' );

oh and if you are on WPMU then you need to disable the ability for blog owners to add users via their admin section. This is an easy way for spammers to get entry.

Thanks everyone for the tips and tricks, I’ll be checking this page again!

It’s strange but the moment I upgraded to WP2.9.2 and BP 1.2 spam started again.

Previously, I just added SI Captcha and I went from getting 10-20+ spam registrations to none. I added WP-hashcash now and I’ve only had one registration since.

I’ve just disabled the blog registration on the signup page, hopefully that’ll help too.

By the way, there’s also a meta tag in the header of many templates :

<meta name="generator" content="WordPress 2.9.2" />

Removing that may help too….

Enable registration on your WPMU install.

Login to the WPMU dashboard, navigate to “Site Admin > Options” and under “Allow new registrations” select anything but “Disabled”.

He means either a) install Buddypress with regular, non WPU version of WordPress, possible since BP1.2 or b) go into your Site Admin–>Admin–>Allow new registrations and disable it in the WPMU dashboard.

@Michael

The options for account registration control are odd and do not do what they suggest (I mentioned that on another thread, but it’s a WPMU issue!)

As there were no sensible options for allowing users to signup but not take blog until a member I simply saw little choice but to remove the section of the form that dealt with the blog signup so I wrapped the fieldset in a conditional that just checked whether I had set a variable to disable or allow thus preventing that section from being returned from the server.

It really is Crazy!!! Where and how do they get in, that they can Register like that? Every couple of minutes One signup…. HELP! Nothing seems to stop them… I Even disabled any registration and they keep on signing up – really Strange to me!

Sorry to pick that up… I thought I won with the spammers for I did what stwc wrote in his article (by the way – the site there is down )

But yesterday until now I got about 100 spam-registrations. I did not delete wp-signup.php anymore, because the “reigster” in the admin-bar anywhere else but on the root-blog needs that file… So I thought it’s not a good idea.

BUT now, the spammers registered with just the name. Although I have alot of additional, required field… How is that possible? I guess, they didn’t come in through the bp-register. Maybe the wp-signup.php directly?

I have forums disabled altogether and as far as I know this issue with registering through bb-press should not be an issue anymore.

Would appreciate if someone could give me a further tipp what to do or where they could come from.

PS: @andy (or the developers): Why is it, that on subblogs the admin-bar “register” doesn’t point to the register-slug but is somehow a redirect from wp-signup.php (which doesn’t work anymore, when I delete or empty the file…)