BuddyPress.org

@ghera74
That is default behavior if you do not have an private community type plugins activated. You can make activity your landing page in dashboard/settings/reading or create a custom menu and add the activity page as a menu item if you don’t want it as a landing page:
https://codex.buddypress.org/user/setting-up-a-new-installation/how-to-set-up-your-main-site-navigation-using-the-built-in-wordpress-menus/
Either way the activity stream is visible to logged-out-users, they just can’t post or comment.

@henrywright-1
Have you succeeded in your pages list? I think it would be a helpful contribution to the codex. I did my best at covering buddypress and bbpress pages with the plugin Private Community For BP Right now the only thing that makes me hesitate releasing it to the repo is the uncertainty of if I covered all BP specific pages and the fact it has no dashboard page settings so users can specify which pages are off limits to logged out users. Anyway, just checking in on this thread because it has a lot of relevance.

You maybe right, and i’m unsure too. The best way to know, is to give a try. But do you absolutely need to ask twice for the user email ?
Or you could simply name the email fields differently.
Private mail
Work mail

Members page is not visible in the top menu bar

@waterfiend check out http://wpmu.org/how-to-build-a-facebook-style-members-only-wordpress-buddypress-site/ or have a look at different solutions posted for a private BP site at https://buddypress.org/support/topic/protecting-buddypress-pages-from-non-logged-in-users/

@dice2dice
Do you know how to go to dashboard/pages/all pages/register? At the top of that page the title says Register just change that to Sign Up. At the top right corner of that same page click screen options and click the box beside of Slug. Now scroll down below the page body and you will see a text field labelled Slug. Change that from register to sign-up and click the blue Update button. Done!

Spam Killer is not in the WP Repo you need to download it from the github link I provided then go to dashboard/plugins/add new, and where it says Install Plugins you will see upload below that. Select upload and browse to where you saved the Spam Killer plugin on your hard drive. Click Install Now then activate it. There is no settings just activate it and forget it. If you search the HTML source after you activate the plugin you will see the hidden field the plugin created just like below:
<div style="display: none;"><input type="text" name="are_you_a_spammer" id="rejected" /></div>

Private Community For BP basically makes all BP related pages private and redirects the user to the page you want. Read the instructions in the readme.txt You will have to follow the same procedure listed for Spam Killer for getting, installing, and activating the plugin.

I have tried to make these instructions as clear as possible. Make sure to read the readme.txt in the plugins because the instructions are for fairly novice users. Let me know if you need more assistance.

@dice2dice
You can change the register page name and slug to sign-up.
You can also try using Private Community For BP:
You will also need to change line 27 in private-community-for-bp.php from /register to /sign-up to reflect the change of the register slug.
If your not using it you can get it here:
https://github.com/bphelp/private_community_for_bp
Another thing you can try is this small plugin “Spam Killer” which creates a hidden field humans can’t see, spam-bots will see it and fill it out and get a message indicating spammy behavior and it rejects their registration. Get it here:
https://github.com/bphelp/bp-spam-killer
Please read the readme.txt for complete instructions for usage for both plugins.

You can try this in bp-custom.php or your themes functions.php:

function bphelp_redirect_to_profile_on_login() {
global $bp;
if(!is_user_logged_in()) { 
wp_redirect( get_option('siteurl') . '/profile' );
}
}
add_filter('get_header','bphelp_redirect_to_profile_on_login',1);

Let me know if it works for you!
If you dont want to try this then use the plugin:
https://github.com/bphelp/private_community_for_bp
And change line 27 accordingly in private-community-for-bp.php to the page you want folks redirected too upon login before you activate the plugin.

When non-members are browsing through member profiles, the default behaviour is for them to be able to see each member’s avatar. The bp_displayed_user_avatar() function takes care of that.

If this isn’t happening then I suggest you check there isn’t a is_user_logged_in() check which is used to display content to only logged-in (registered members) users.

With reference to the non-member messaging, this would be far more complex to achieve and would require lots of custom code.

Not out-of-the-box. In order to send a private message the sender will need to be registered and logged in.

If you think you’ve found a security issue it really should be reported privately to a core dev.

I don’t think this is an issue, looking at upload avatar functions, but perhaps could use some hardening. Open a ticket.

When I requested membership, it asked me to add a comment, rather than just returning the button disabled with “request sent”. … I also tried bp-default but that made no difference either.

@becskr per link I posted above, that’s the default behavior when membership request is done at the group’s page. And commenting is optional. Could it be that you’re missing the “Send Request” button. Glad you found another solution but it could very well be a JS conflict with another plugin or script.

Well activity is already protected by akismet integration. Regarding the friend requests, one thing you can do now (and i have been forced to) to fight spam is only allow private messages to friends in that case the spammer gains the ability to send spam messages to these friends.

@ubernaut and others, re spam, I would appreciate hearing from the more experienced dev and web masters about the pros and cons of a private membership site.

By not allowing just anyone to become a member you automatically arrest spam. Of course, you also impede your growth because legitimate users can’t join.

One way to get around this is to use the great invite anyone plugin and have the original number of ‘seed’ members invite their friends and their friends invite their friends and so on.

Limited but organic growth in members and a total elimination of spam!

What do you guys think?

Hi @mercime, I tried your suggestion last night – I switched to twentytwelve, turned off all the plugins and it didn’t work as I expected. When I requested membership, it asked me to add a comment, rather than just returning the button disabled with “request sent”.

I also tried bp-default but that made no difference either.

I happened to have a copy of the old which referenced this instead of what I mentioned above

	jq(".group-button a").live('click', function() {
var gid = jq(this).parent().attr('id');
gid = gid.split('-');
gid = gid[1];
var nonce = jq(this).attr('href');
nonce = nonce.split('?_wpnonce=');
nonce = nonce[1].split('&');
nonce = nonce[0];
var thelink = jq(this);
jq.post( ajaxurl, {
action: 'joinleave_group',
'cookie': encodeURIComponent(document.cookie),
'gid': gid,
'_wpnonce': nonce
},
function(response)
{
var parentdiv = thelink.parent();
if ( !jq('body.directory').length )
location.href = location.href;
else {
jq(parentdiv).fadeOut(200,
function() {
parentdiv.fadeIn(200).html(response);
}
);
}
});
return false;
} ); 

I replaced the jq with jquery and added it into my custom scripts and it worked fine.

I can’t understand why it wouldn’t work even when I changed to the default or twenty twelve themes though if you said there wasn’t an issue.

@nomad-one The feeds for all your public groups are working. There are no feeds for private groups which is how it’s supposed to be for logged out users.

So, Can I get some clarification from a friendly user.

I want to have multiple BP networks, all exclusive to each other and private.
I want to allow for members to be able to ask to ‘join’ any network and if permission is receive.. he or she is in, without the need to fill out a form..

Is this possible?

I do not find any issue in joining a private group via the private group’s home page or joining private groups via Groups Directory page or the Private Group’s home page on default installs. https://codex.buddypress.org/user/buddypress-components-and-features/groups/how-to-join-a-private-group/ on Twenty Twelve theme.

@janogu
BuddyPress now has profile privacy built in for individual field visibility. BuddyPress Activity Privacy plugin is great at controlling who see’s individual activity posts. https://github.com/bphelp/private_community_for_bp does a decent job of locking down BP pages for logged out visitors. BuddyMobile is great for providing users of mobile devices an app like version of BP. So in conclusion I would say BP privacy has come along way since 2010. It would be nice if more of those features were built into the core in future versions but I am not sure that it would be something the core team would undertake at this point in development. The plugins I mentioned are in the repository with the exception of Private Community For BP in which I provided the GitHub link. Hope this answers your questions. Cheers!