I have the same question on this particular issue too.
How to setup email activation for new user on single WP + buddypress, exactly like registrating with http://testbp.org/?
You probably need to enable registration on your WordPress site.
Yes it is sitewide and I think it is good that they finally go to the register-slug. But maybe the sitewide/ Not-sitewide Option is an answer… I guess after all, it is not too important. Thx for your efforts!
do you have buddypress enabled as a sitewide plugin? the registration is a function of wpmu and the register slug is a function of buddypress. If you have blogs that don’t have buddypress installed as a plugin, they will not redirect the user to the BP_REGISTER_SLUG
Yes, but Why doesnt it Show everywhere just the Custom BP slug (As on rootblog)? Why the redirection?
To make it clear (excuse my english):
Why: Blog.org/Wp-signup.php
instead of: Blog.org/register
?
“As there were no sensible options for allowing users to signup but not take blog until a member “
There’s a plugin for that:
http://wpmututorials.com/plugins/socialpress-user-signup-plugin/
Because you can’t sign up directly to a member blog in MU, you must sign up on the main site first.
Yes – I did it once in a similar way by removing it with css…
Thanks – you are very helpful! 
Do you know WHY it is important, that in Subblogs the wp-signup.php instead of the register-slug is called?
.. and remember that anytime you ‘hack’ the core, you’ll eventually need to keep up with those edits for when it comes time to upgrade since many of those filenames are going to be changing in the upcoming 3.0 release.
I just noticed I failed to read you entire question there. Correct, they will target wp-signup.php and you can modify this file name too, if you wish. It is a bit involved though and may I suggest this article if you would like detailed information about how to do so ~ http://wpmu.tripawds.com/2009/12/12/the-ongoing-fight-against-spam-blogs/
keep in mind those instructions are for MU 2.8.6 and if you decide to edit wp-signup.php ~ don’t forget to change it in these places ~ wp-signup.php, wp-login.php,wpmu-settings.php and bp-core/bp-core-templatetags.php
Have to admit I had no idea there was another registration.php page and it would have never have occurred to me to look in the bbpress folder.
This kinda worries me really why is this required and also a password reset file, it feels as though it’s a bad hangover from earlier days and ought to be removed.
Is it not time that this bbpress thing be integrated fully or at least forum capabilities simply part of BP core .
I have deleted this registration file and will be interested to see if it clears up the remaining few spam signups still being received
@Michael
The options for account registration control are odd and do not do what they suggest (I mentioned that on another thread, but it’s a WPMU issue!)
As there were no sensible options for allowing users to signup but not take blog until a member I simply saw little choice but to remove the section of the form that dealt with the blog signup so I wrapped the fieldset in a conditional that just checked whether I had set a variable to disable or allow thus preventing that section from being returned from the server.
when you activate Buddypress, you enable this function
function bp_get_signup_page() {
global $bp; if ( bp_has_custom_signup_page() )
$page = $bp->root_domain . '/' . BP_REGISTER_SLUG;
else
$page = $bp->root_domain . '/wp-signup.php';</p>
return apply_filters( 'bp_get_signup_page', $page );
}
which redirects your wp-signup.php page to your BP_REGISTER_SLUG.
in order to change that url slug ~ modify your register slug in your wp-config.php by adding this line.
define( 'BP_REGISTER_SLUG', 'whatever_you_want_to_call_it_no_spaces_or_weird_characters' );
above the line. /* That’s all, stop editing! Happy blogging. */
I found this plugin and it seems to allow you to moderate new users I think this will help everyone a lot:
http://webdevstudios.com/support/wordpress-plugins/buddypress-registration-options/
is that a stupid question (I am not sure myself), but maybe someone could assure me of it
All in all, here’s my approach that I use on MU/BP sites ~
1) modify the register/register.php wp-signup.php hardcoded default text and url slugs.
2) enable xprofile and require additional fields upon registration.
2) use a captcha ~ i’m fond of ReCatcha
3) make sure you and check the NO setting under “Allow blog administrators to add new users to their blog via the Users->Add New page. ” in wp-admin/wpmu-options.php “Admin > Site Options”
4) I ban or limit the registration domains (also in Admin > Site Options) so that the commonly used spammer domains are blocked from registration and then I add an email contact for owners of these addresses to manually request registration. I hide the email address from bots with HiveLogic EnKoder
5) I then firewall off entire blocks of IP’s from my servers from commonly used spammer IP ranges you can find at sources like spamhaus.org .. and considering that these are one language sites, the need for access for the IP blocks on the pan asia network or eastern europe are unlikely. If you have a multilingual site, this might cause issues to very few users. Cpanel, Plesk, BSD, etc have tools to do this.. if you’re on a shared server, ask your hosting provider if they can do it for you, and they may be likely doing it already.
6) I also recommend using Askimet.
@windhamdavid – thanks for the hint about bbpress… didn’t know, that the register-file was still there… Now I deleted it (just in case) – although forums are not even activated in my install. By now, still no spammers registering… could be that activating hashcash again did the trick (although I really don’t get it why, for as far as I know it just protects the register-form, right? and it seems, that wasn’t even used…
@chouf1 On the install I am havong troubles with there is NOT ONE spammer for sure. I know all of them personally! In my other install (I have 0 troubles until now, I will check back on that. thanks for the hint)
PS: Chouf1 – wow, do you speak swissgerman
für ä’biräbitzeli drischnure…
Did you show into the comments or posts on the different blogs ? There are sometimes strange links that can appeal to spammers. Some long post with many links inside or many Viagra words. You see what i mean…
I recently did such a search and find some on my “trusted members” blogs.
let’s continue this thread over here ~ https://buddypress.org/forums/topic/how-to-control-spam-registration/page/2
and did you try that recommendation regarding bbpress?
I don’t quite understand these spam posts since I’ve run ten to twelve mu sites for several (4+) years with no splog/smap exploits (knock on wood) and some of them are outdated installs with very little protection. If buddypress is in fact, the culprit, perhaps it’s related to the registration in bbpress if you have forums installed? @micheal ~ perhaps you should try removing register.php from the buddypress/forums/bbpress/ ~ and/or buddypress/forums/bbpress/templates/kakumei/register.php to see what happens…
I just tested on a local install with no conflicts and thanks for investigating.
Just another little update: To me it seems that there are two different spam-signups (at least )
The ones, that come in through the registration-form
I could handle those with all the tipps (for me this worked best):
– change the slug
– additional-fields
– change some text on the registration-page
– change footer-text
– SI-Captcha didn’t really work, so I used the modified invitation-code-plugin mentioned before
– wp-ban did help, too (often wasn’t really needed – just left it there in case…)
– changing/deleting wp-signup.php (which led me to this connected issue/question: https://buddypress.org/forums/topic/wp-signupphp-redirects-to-registration-slug-why)
The ones, that don’t seem to use the registration-form or wp-signup.php at all
– never had this problem before, so it hit me… Further described here with a open question for me: https://buddypress.org/forums/topic/is-there-a-backdoor-in-wpmubuddypress
– This morning I found out, that I had deactivated the hashcash-plugin because I had comment-issues (didn’t come through anymore). I think the spam-flood came after deactivating it. Right now I have activated it again (just for signups) and no spam came in for a couple hours now (even with deactivated wp-ban, without captcha or invitation-plugin, wp-signup.php still there)
So far my forther journey with this issue
@hnla how did you deactivate blog-signup? If I use that option in the backend, registration does not accur at all. If I choose “only Useraccounts” they cannot create a blog in a second step (no new blogs at all)
Definitely remove the footer link if you haven’t already.
I noticed a issue with spammers using CURL to download /registration so blocked that in .htaccess (It’s been mentioned on a thread somewhere how to)
renaming the slug ‘registration’ is supposed to help.
For me deactivating blog signup improved things significantly. Didn’t need users to be able to register for a blog at initial sign up they can take a blog once they are members.
Despite all efforts and much study and approaches instigated one after the other to gauge effectiveness before adding next one I still am not sure how a few of the automated bots get through, human signups there isn’t much you can do about them apart from delete manually.
All my efforts still result in around 10 signups daily that require dealing with manually.
