BuddyPress.org

I suggest Wordfence. It eliminates spam accounts from even signing up. It works great.

Are you sure the emails aren’t being sent? Could the BP emails be going into a spam folder?

you can mark them spam to delete it.

@johanna75 – We do need some kind of universal “display public ok” field perhaps?

Some people have fields set to ‘friends only’ – so things in search should only display to them.

Bp has a thing in it when a user is marked as spam, then they are only visible to admins – so I think this kind of functioning is half in there already.

Would be nice for the buddyblock and rtmedia plugins to also consider this visibility thing, and for buddyblock to be able to conditionally affect that as well.

I could see the need for someone to hide certain things from the public and from specific people – what a nightmare it is when things that were assumed secret pop up in search results.. I had this happen with a wp install – pages published but password protected – well either the theme, or the post teaser plugin pulled data from those non public pages and put them smack in the public search results.

Luckily the bp profile search pluing (that I also use – it’s great!) – is under active development – (I see the author has responded to the support forum on wp repo saying it is an issue that is under consideration, but bp does the same thing – so it’s no different in the privacy regard) wonder if we could ping the other bp peeps and rtmedia and buddyblock peeps tp put some heads together on this..

I have a similar problem right now with rtmedia not meshing with buddyblock. When a user blocks and enemy on my site – that enemy can not message them or comment on their activity – but they can harass the sh*t out of them via comments on their media.

I use Wordfence and CleanTalk and my spam is practically nothing. Very rarely does it let them through.

@malaruban – did you search the forum for this? It’s answered like very month since the beginning I think..

everyone has different suggestions..

1 many suggest “wp spamshield”

2 I like “good question” plugin on one site, but use “buddypress humanity” on another..
one I’ve considered replacing those wit his “user registration aid”

3 I also use ip geo block – biggest help on most sites.

4 strongly suggest getting the “shield” firewall plugin and going into lockdown menu and disabling xmlrpc and rest api – but your situation may vary.

I use all four plus more on various sites (just one of them from step 2)

We used to have testbp.org which last a few years until spam and DOS attacks forced us to take it offline.

Your best best is probably looking through https://wordpress.tv/tag/buddypress/ for recent WordCamp videos, and see if you can find one.

@januzi_pl – how many members are there?

Are there strong anti-spam / anti-bot sign up measures in place? not a captcha – something like “good question” or other answer correct question to get through kind of thing.

using wp spmshield or some kind of akismet type thing?

I don’t have the kind of graph you show there – but I can say I saw a HUGE difference.. back in the day we had tons of bots signing up for new accounts, sending pms to other users, and all kinds of activity that was not obvious on the front end to the average visitor or site admin.. only after a few complaints and some digging did I realize that 90% of server resources were being sucked away by bot registrations / spammers, and bots that were crawling for the various “search engines” – once you get a hold on those things, then it’s good to know how many users you have and if they are active all day and night or just certain times of the day and such..

@rickaltman – I think buddypress can do most of what you describe here right out of the box. I would search for forum threads and maybe plugins to have your members auto join a group –
this would give you something like “your site dot com / groups / mainGroupName / members
for this kind of list – although it would be a list rather than grid system – you may find another way to do it, but it’s probably gonna take some hacking-up things to get the grid layout if you really want that – I’d try to find something less robust – like maybe just the wpmudev membership2 plugin in the wp repo – and hackup a page to list authors with a wp theme or something…

bp can do a profile pic.. but it needs plugins to really “upload photos” – and that’s a can of worms in which some is over-baked, some under baked, and future possibilities are endless.. some built in bp hooks have been made a while back but.. well not sure what meant exactly by “upload photos” –

its going to be much easier to get community support for regular wordpress themes and such.. buddypress is probably a lot more power than your use case is gonna need.. and with that is gonna be spam issues – virtually no support for customizing anything.. even if you knew php really well, you’d have learn wordpress well, and then try to digest all the BP docs and sort through tracs.. gits.. and other random stuff on the web that is not well documented, no well supported, and leaves you wondering if it’s secure… and the chances of all the various hackedup things working well together is blah… and future updates – hahaha.. who knows that is going to happen.

In your situation I’d say it wouldn’t hurt to play around with BP – as it’s free.. but if it doesn’t do what you want out of the box.. then I would delete it all – and try a basic wordpress with members plugin.. maybe even just a ‘multi-author blog” – you’ll get less spam, and much less work.

Others may think / feel differently about all this, my experience comes from my issues – your mileage may vary..

something like the https://buddydev.com/plugins/bp-private-message-rate-limiter/ may be helpful if you really want to stop 99.9% of it.. that one is premium / costs $19.. but it’s more of a hindrance to the spammers than just the spamshield.. which I use and think it stops 90% of them.. so is the other 9.9% worth the premium.. situations vary..

Try https://wordpress.org/plugins/wp-spamshield/

Hi @djsteveb:

Thanks for the awesome feedback! We always want to improve the plugin. If you could contact us via our support form, it would allow us to look into that. With a little modification on our end we should be able to auto-detect, and make it so no one has to tweak any settings.

– Scott

ip geo block plugin best dam thing ever.

shield firewall plugin just to disable xmlrpc or a disable xmlrpc plugin

“good question” (https://wordpress.org/plugins/good-question/) or similar – adds a question that must be answered to finish registering

wp spmashield

limit login attempts

sucuri hardening

audit log and multisite register ips (for the manual dedicated spammers)

this mix seems to make like tough for them – especially the ip geo block stopping several countries from abusing the site..

ymmv
dj Steve

ps

@redsand – good to see you active in bp threads! your plugin is a miracle, especially since akismet changed – one on bp site I did have to fiddle with the settings for forms or something recently – vaguely remember users having trouble sending pms were getting the you cant do that permissions thing until I messed with it a bet.. just like 2 weeks ago.

WP-SpamShield will take care of all of that for you. 🙂

Full disclosure: I’m the developer.

There are some plugins, do a google search.

you can also use this code but you will get spam if they can get in without email conformation.

add_filter( 'bp_registration_needs_activation', '__return_false' );

I’m a bit uncertain about allowing users to change their Usernames, it means they lose connections with the past in so much as the activity table is static so the name does not change on past activity items and this throws some errors, also I think it may make the admin anti spam task harder, users posting stuff then changing their login name.

I suggest an anti spam plugin, the one im using is cleantalk

Hi @Tranny,

Trust me, I completely hear you. You’re right. Ideally anti-spam controls like that should be built-in.

Those are great suggestions. We’ll take a hard look at possibly including those features in future versions of WP-SpamShield as well. One thing you’ll find by using a plugin like WP-SpamShield is that it will block 100% of bots, and it will prevent most human spammers from even registering (which keeps them from even getting to a place where they can spam other users), and it will make it difficult for them to post their spammy messages.

Let us know if we can help in any way.

– Scott

Hey @danbp

I just thought I’d jump in here real quick, as I think this will be beneficial to everyone in the thread including @Tranny.

And even if you would be a genius coder creator of an extra super original spam shield, you could be sure to became target #1 of all spammers, because in this case, you would represent the absolute challenger of all code breakers !

We are that “genius coder creator of an extra super original spam shield” that you speak of. 🙂

There is no miraculous plugin or trick to stop them.

Ahh, but there is.

It’s real, and it’s even called WP-SpamShield. LOL…you can’t make this stuff up. 🙂

Check it out on WPorg. It’s been out for about two and a half years, and is forked from another plugin we developed almost a decade ago. It works perfectly and automatically on BuddyPress, bbPress, and pretty much everything else. You can also feel free to check out the plugin documentation here.

…And for the record, we definitely are a huge target of spammers. 🙂

dealing with spammers is a long run work, to not say a never ending work.

True story!

– Scott