BuddyPress.org

Hi,

You must be using Anti-Splog plugin.

Please check this thread: https://premium.wpmudev.org/forums/topic/why-have-our-super-admin-accounts-been-marked-as-spam-when-we-marked-a-blog-as-spam

Thanks

I just tried disabling BuddyPress PM’s but any member can still send public messages to any other member which still results in an email notification sent out, so a spammer could still use that.

@prashantvatsh Thanks, I didn’t realize that every user could see the /members page and then if they click to a members profile they see the public and private messaging buttons too.

It seems that every new registration on the site automatically becomes a Buddypress member. So then they can see the membership list and message any other user without being a member of any group.

This isn’t good, easy for manual spammers to register and send PM spam to members.

Using ‘good question’ or similar plugin,
‘graphic captcha’
‘ip geo block’
unfortunately spamshield had some meltdown with the wp.org people so it’s out, but similar functionality for logins and such is in ‘shield’

you’ll never stop the manual spammers, if you could stop them, you would be stopping legit users..

on my multi-site I use a plugin that makes all new blogs/aka sites that are created automatically set as ‘search engines do not index’ in settings.. this helps too..

the bp plugin that limits the amount of private messages that can be sent is nice (BuddyPress Private Message Rate Limiter),

one one install I disallow user’s group creation ability – and ask them to send me a note about any new groups that should be made.

also enjoy “register ips” – so I can ban really bad cidrs..

@dggerhart I was able to register for your site without a confirmation email and post “test” comment to your general group. Enabling email confirmation to register will help. Using a checkbox for your Privacy Policy GDPR compliance, is needed and will help too. I would give the Honeypot plugin a try on your staging site (disclaimer, I don’t use, and it’s old) but what it does is pretty simple so it could be ok. Admin notification of new users will help. Manually checking email addresses and questionable profiles (if you have more profile fields) will eliminate the obvious spammers and most are obvious. You can manually approve new users if that won’t be overwhelming. On a different note, you might want to block your dashboard access and you have some html tags displaying. Also a registration menu item (it was hard to figure out how to register) are some things I noticed too. I hope you find this helpful

Hi David,
This is very common problem that we all are facing with the Buddypress websites. The combination of registration process that I am using to stop it
1. I have enabled social login as it is very easy for users to login with almost no spam users. Every users is having a google or facebook account. It increases the engagement of users also.
2. Restrict sign up with only a few legit and popular email domains like GMAIL, YAHOO, MSN aor anything u want. You can use BP Restrict Signup By Email Domain plugin.

I still use Wanguard, it still works for checking the validity of email addresses. I notice recently however that I’m getting a large number of spam registrations from domains ending with .xyz or .top so I ended up forking r-a-y’s plugin BP Restrct Signup by Email Domain, turning it into a blacklist intead of a whitelist. My new plugin is called BP Blacklist Signup by Email Domain, I’ll be uploading it to the repository later. This seems to be working well on my systems so far – not had any spam registrations get through for the last few days whereas without it I was getting about 8-12 per day.

Would that be Wanguard? That certainly used to flag users as spammers. Not sure how it could do that if it is no longer running.

Leave BuddyPress Active, deactivate all other plugins, see that these will not be there, then re-active the plugins one by one till you find the one that is marking the users as spammers.

BuddyPress does not mark users as spammers, it must be some other plugin that’s doing that

@shanebp – I saw that a couple of your forum posts in this thread were in the spam filter. I just approved your latest post.

If you’ve already tried the solutions in this thread:

BuddyPress 3.1.0 is now available!

Then, here are a couple of other possible solutions:

1) Remove the “Reply-To” email address from BuddyPress emails.

By default, BuddyPress adds a “Reply-To” email header to each BuddyPress email containing the admin user’s email address.

I’m guessing email senders might have problems with this because the “From” email address and the “Reply-To” email address could use different domains. Email senders might think this is spammy and would reject the email. Just a guess. You’d have to look in your email logs to confirm.

Anyway, here’s a code snippet you can try in your theme’s functions.php or in wp-content/bp-custom.php:

add_filter( 'bp_email_set_reply_to', function( $retval, $email_address ) {
	// Wipe out Reply-to email header if it matches the admin email address.
	if ( bp_get_option( 'admin_email' ) === $email_address ) {
		$retval = new BP_Email_Recipient( '' );
	}

	return $retval;
}, 10, 2 );

2) Try setting a different “From” email address

If you are having problems sending any email on your WordPress install, you might have to set the “From” email address to one that contains your website domain.

There are a few plugins that can do this. Here are a couple:

Change From Email

WP Change Default From Email

3) Try using a WordPress email SMTP plugin

If all the above fail, try a SMTP email plugin:
https://wordpress.org/plugins/tags/smtp/

—-

Please let me know if either of the solutions work.