BuddyPress.org

Did you disable new user registration?

Log into the admin page, buddypress tab, click the “Profile Field Setup”. On the page that appears, you can set any field you want to display on the registration page.

Hopefully helpful.

@symm2112

I’m looking to do something similar in having login/register on the same page. That should be simple, but not sure about the profile fields piece. I’m need to implement different registrations for different “types” of users. I can do this with different pages with hidden input fields. Not sure how to work this with different profile questions yet though. Keep us abreast of your progress.

henrybaum, you might want to try using gettext filter instead of hacking core file. Went through this a week ago when I wanted to cut down big chunks of code and DJ Paul pointed me to the right and much easier direction,

@Michael

You can change this with a little .htaccess magic.

Say your Buddypress is setup in the following sub-blog – hxxp://example.com/community

Find where your wp-config.php file is located and in the same directory there should be a .htaccess file. Open it up in a text editor.

Above the line:

# add a trailing slash to /wp-admin

Add the following:

RedirectMatch 301 ^/members/(.*)$ http://example.com/community/members/$1

RedirectMatch 301 ^/groups/(.*)$ http://example.com/community/groups/$1

RedirectMatch 301 ^/blogs/(.*)$ http://example.com/community/blogs/$1

RedirectMatch 301 ^/forums/(.*)$ http://example.com/community/forums/$1

This should correctly redirect your old BP links to the new ones.

—

@JJJ

In the example above, is there anyway I can use:

hxxp://example.com/register

Instead of:

hxxp://example.com/community/register

I don’t mind hacking a few core files to accomplish this. If not, I can always theme the registration / activate pages to match the WPMU root blog.

I’ve only spent a few minutes looking into this so far and I haven’t found a way.

You can change your registration slug by adding this to your wp-config.php file (above the stop editing line):

define( "BP_REGISTER_SLUG", "create-an-account" );

You can then happily upgrade without worrying if it will break.

Reference:

https://codex.buddypress.org/how-to-guides/changing-internal-configuration-settings/

I wholeheartedly agre with @andy. It’s an age old debate between making it as simple as possible to register and become a member and requiring some unique information that not only serves your purpose well but adds an extra layer to the process that fights spam.

We have been running our prod site since BP was in alpha (Nov ’08 – crazy, I know) but have had only 2 spam registrations. Both were from Russia and both seemed pointless. But we banned the domain in the WP backend and have had none since. We have not even changed our signup slug.

That said, we require 5 fields on registration, 3 are drop downs and we don’t allow blog registration (we’re building a community not a blog network)

On a side note: We ran reCaptcha flawlessly for 6 months. We disabled it as an experiment to see if we could avoid that extra step (plus reCaptcha words are damn hard to read) and have not had spam since. fingers crossed.

A good idea is to change the signup slug to something else. This will help significantly. Also, if you don’t need to provide blog registrations, then turn this option off.

The problem with bundling a solution in the core is spammers will eventually get around this and it will become useless. The best way to fight spam is to have something unique on your site that stops them in their tracks. A completely unique signup slug is a good way of doing this.

I have adjusted the wp-hashcash plugin to work with buddypress signup. Here is what I did: I got the wp-hashcash plugin and I added the following code to the file:

global $bp;

// get our options
$options = wphc_option();
$spam = false;
//if( !strpos( $_SERVER[ ‘PHP_SELF’ ], ‘wp-signup.php’ ) )
//return $result;

// Check the wphc values against the last five keys
$spam = !in_array($_POST[“wphc_value”], $options[‘key’]);

if($spam){
$options[‘signups-spam’] = ((int) $options[‘signups-spam’]) + 1;
wphc_option($options);
$bp->signup->errors[‘spam’] = __(‘You did not pass a spam check. Please enable JavaScript in your browser.’);
} else {
$options[‘signups-ham’] = ((int) $options[‘signups-ham’]) + 1;
wphc_option($options);
}

}
add_action( ‘bp_signup_validate’, ‘wphc_check_signup_for_bp’);

function wphc_error_hook_register_page(){

do_action(‘bp_spam_errors’);

}
add_action(‘bp_before_register_page’, ‘wphc_error_hook_register_page’);

Then, under the line (line number about 507)

I put this line:

Then I activate the plugin. It should keep spam bots from being able to create accounts, but humans spammers can still do it. Anyway, if you can’t get it to work, let me know via PM and I will try to send you the file.

Later

http://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/

i guess this is one of the best trick against spam blogs and “wild” registrations.

Step 1 and 2 are a bit obvious, but 3 and 4 are really efficient.

Keep in mind that on a wpmu site each blog created by a member has his first post and comment appearing on the default template – the good ol’ kakumei… on which is also written “powered by…” ( Step 2 is only for main blog i think) Spam bots eat this with delectation i suppose.

Spam programs are written to bypass signup. Well. I presume other narrow words like join, fall in, get together are also activ in such programms. But what do these programms if you choose “groink” or “methabolic” ? So follow the explanation and choose a really original word for your signup redirection. This works well for the moment. And don’t forget to put the functions.php file the in mu-plugins folder (to be theme independant).

To use in addition with some other solutions (wp-ban, invisible defender, …) of course.

This is not the answer but a trick…

In BP you have a folder named bp-languages. In it there is a .pot file. Open it with a texteditor and search the expression. You will find file name and line #

This is avaible for ALL phrase, alerts, message or other expression found in BP.

Crap, the spammers have now found my site.

These are not the spammers with name+year usernames, like ‘johndoe1973’, that I used to get on test sites. Those seemed to bypass the registration and activation process, because they didn’t show up on my mailing list.

The spammers I get now have realistic sounding full names and apparently usernames generated from those fullnames (my regular custom registration). I recognize them from the long random strings they add in my custom Company field.

Haven’t seen them registering blogs yet. What are they even trying to achieve?!

Sploggers is a serious problem that WPMU/BPAutomattic needs to address!

I’m thinking about doing this.

Let’s say I have a root blog with a custom WP theme and I want to create a sub-blog with the slug “community”.

So can I assume I can activate another theme, like the BP default theme, on sub-blog “community”, and that the URLs to profiles / groups / etc would be:

– hxxp://example.com/community/members/profile/admin

– hxxp://example.com/community/groups

If I move some BP functions into the root blog, would the registration slug still be:

– hxxp://example.com/register

Or would it be hxxp://example.com/community/register ?

I guess there’s only one way to find out! Going to test it right now.

Newer versions of BP along with newer templates and MU have solved this by moving those hooks and actions into the template, and BP hijacks the registration before it happens.

It’s happening because of an outdated theme arrangement. I’m going through something similar also at the moment and will be tracking this down shortly.

@wekko, the reason those fields aren’t entered right away is because a registered user isn’t an actual activated user yet. They need to click the link or be activated by the site admin in order to actually get entered into the user tables. In either case, that xprofile data is moved into the xprofile tables when the activation occurs, not when they register.

Which registration emails do you mean? The WPMU welcome email is disabled in BP; see function bp_core_disable_welcome_email() in bp_core_activation.php. It’s a feature…

BuddyPress uses regular WP Mail functions. Perhaps they’re getting caught as spam.

Do follow is also a great way to encourage users to create and fill out a profile, specifically if you create custom fields for their “websites” in their profile. Spam registrations are already a major issue ( at least for us ) so that isn’t much of a deterrent for us at least.

I’m in the same boat. Have used a bunch of different captchas including the recaptcha that has been reworked for BuddyPress to no avail. Even took down our registration page for a day to make sure spammers weren’t bypassing via bbpress or somewhere else…. it was nice not having to delete spam accounts for a day. We may end up taking buddypress out at some point here until there are better spam tools in place.

I know on the MU side, you can ban registrations from specified email domains. (Site Admin -> Options)

Can’t remember if this translates over to the BP side.

https://trac.buddypress.org/browser/tags/1.2-beta/bp-themes/bp-default/registration/register.php