BuddyPress.org

A similar topic : https://buddypress.org/support/topic/removing-thousands-of-spam-users/

https://buddypress.org/support/topic/here-come-the-spammers/

10 Proven Ways To Stop BuddyPress Spam

Wide subject and several answered on this forum.

Askimet covers comment spam and doesn’t avoid clever spam bots to hit directly the DB.

Basic recommandation is to use table prefix different of the classic wp_. This calms down most bots.

A closed door is always a challenge for any spammer. WP is not fort Knox and depending your host, what YOU did and many other security details, this has no end in fact. If your site is Facebook, you’ll probably receive more spam than if it would be mykittycat homepage. Glory has a price ! 😉

Some htaccess rules against reputated spam server and one or to plugins aside what exist natively in WP should be enough to protect you a little from massive spam.

For example: buddypress honeypot + ban hammer for BP

or more simple and rought
http://mattts.net/development-stuff/web-development-stuff/wordpress/buddypress/anti-spam-techniques/registration-honeypot/

… + searching this forum, maybe you can find more tips. 😉

@shaquana_folks

allowing users to upload to your server some documents is a very bad idea while the registration process.

When a user register, you don’t know if he’s a human or a spam bot.
That’s why a newly register user is only pending and why he has to return an activation key before it is considered as a site member.
Or the site admin can ban him during the pending time, for some reason.
As long as you don’t be sure, a minima, of your new member, don’t allow him anything except viewing the site.

You’re talking about pdf, doc and docx, but on the register page nothing appears about what type of file they have to upload (as it is required) and for what !

Here you’ll be able to upload images. Try it out now! is a bit vague. And i don’t think that BuddyDrive is intended to be on the register page.

BuddyDrive is a per member based plugin and can be used on a profile or in a group. As long as a member is pending, meaning doesn’t really exist, it cannot work.

Seems to be spammers, but IMHO, there is another problem if you receive 2 mails for each new user.

Disallow user registration on live site and do some test on a local install before reoppening registry.

Change also your DB tables prefix. Don’t use wp_ ! This will calm down most spammers for a little while.

Any ideas on what may have caused this ?

That question was answered here.

It’s the user who did it wrong, so guess there is no technical solution.

The “from” wordpress@mysite.com is a default address which redirect to site admin address (the one you indicate when you setup WP).

This can (and should be) changed, as its a common trick used by spammers. Read here how to do this.

@danbp True indeed, but with my previous setup with BuddyPress 1.9.2 I was able to control the spam registrations since they were never activated (I used BuddyPress Pending Activations to manually activate new users) and therefore they could never log in. They were not seen in the activity stream either.

This is my setup: https://buddypress.org/support/topic/create-private-membership-site-with-buddypress/

I’ve now upgraded s2Member which had no effect, and also deactivated the BuddyPress Automatic Friends plugin which didn’t have any effect either. The new user shows up as pending in the Users screen for about 1 minute after registration, but is then automatically activated.

Spam is an endless plague… and there is no radical solution, but only a set of combination for minimizing it, or at least to slow down that phenomenon..

For example, changing the default wp_ table prefix is a good practice which i would recommand to any site owner touched (or not yet) by spammers.

Even if you already use another prefix, but spammers found your site, you have to modify it again. Sounds a bit stupid, but the gain will be effective for a while.

Other tips are avaible on WP Codex.

In some case, you would prefer to use a plugin. See BuddyPress Registration Option.

But in any case, you have to found your own combination.

Hi!

I recently upgraded my site with a new theme (BuddyBoss Boss. theme) and am running WP 4.1.1 and upgraded from BuddyPress 1.9.2 to 2.2.1.

I have a setup where I redirect the activation e-mail to the site admin to be able to manually control new members and verify their information before activating them and letting them log in. This is a cruical function for my site since it’s a private network.

After the upgrade I noticed that some spam users were automatically activated and able to log in without my manual activation. The users are automatically activated, the same issue as @RussAdams is experiencing. I’ve tried deactivating a few plugins (BuddyPress Pending Activations, BuddyPress Auto Group Join) but this issue persists. In BuddyPress 1.9.2, everything was working as expected.

Browser sessions doesn’t seem to be the issue since clearly people on other computers have been able to create accounts which were automatically activated as well.

This is a very serious issue for my site since I no longer have the control over new users and spam users can log in after activating. Did you get this sorted out?

I created a page for each component in this plug-in and I don’t know what to do next.

@dleit It depends. You could start adding Member Profile Fields and/or Create Groups and/or install Group and/or Sitewide Forums if you need forums.

btw, spammers have been removed 🙂

I found with one site on one server – any emails sending via php had a weird return header thing from my server that did not get through some of this big three email clients no spam lists..

a plugin similar to https://wordpress.org/plugins/postman-smtp/

may change your wp to send via an smtp account on your server instead of php using a weird default server header.. you may need to create an smtp account for that work.. and even so there are other factors that could limit your email getting through.. (some shared servers are on backlist, some web hosting companies are given minus points, even if your web site is on the up and up)

There are a lot of things that could cause it to fail the ‘real mail’ test at some of these services..

For me, the plugin “good question” fixed 95% of spam regs.. similar to “buddypress humanity”…

I am also seeing the @mentions not working on my site.

BuddyPress 2.2.1 running on the Engine theme from Industrial Themes. Theme and WP both at latest versions.

Plugins (but I can’t see where any would cause a conflict):

Anti-spam by CleanTalk
Custom Login
Custom Permalinks
Gravity Forms (and PayPal and User Registration add-ons)
MailChimp Lite
Updraft
Use Google Libraries (maybe it’s that one?)
Yoast

And some admin plugins.

wilson1987 ‘site is not powered by WordPress and of course has no BuddyPress istalled.
Out of topic, troll, and marked as spam.

@krisidious Sorry for the inconvenience. Your posts were caught in spam queue for some reason and I just released this one earlier. Thank you for your patience. cc @henrywright

@rosyteddy Nothing in spam. Found one for a different post you made — please do not “delete” any topics you have started just because it has been resolved by removing all the content and title in the original topic post, it went to the Pending posts folder. cc @henrywright

@rosyteddy @henrywright checking spam queue now.

These may help

wordpress.org/plugins/export-user-data/
wordpress.org/plugins/wp-users-exporter/
buddypress dot org/support/topic/exporting-xprofile-fields-to-csv-etc/

[ My previous reply here had many more links, and it just vanished on hitting submit without any alert message, probably was caught as spam]

Thanks

Not multiblog that I can see – I have installed twice and still missing “Register” and “Activate” pages. All help displays settings I can’t see. Irony is I have a constant spammers registering as WP users, but I can’t find a way. I have Woocommerce and “Canvas” theme active, but have deactivated both with no change in outcome.

@jessiewordpress
I would assume they are listed as pending because they did not get click an activation in email yes.

Now does that mean that your server sent an email correctly and they actually recieved the email? Who knows.. sometimes my bp emails get auto-blackholed for some email services and users will never get an email from my bp site if they have say “gmail” or yahoo or something… (there are different methods for sending email via wordpress, some are less “flagged-as-spam-automatically” than others.. sometimes users do get the emails but they end up in a junk folder..

sometimes it’s spammers trying to setup a fake account and they never will click on activate…

if you start to get a lot of these, you might want to look into how your wp install is sending emails, what the headers look like, and see if you can adjust with something like a “wp mail via smtp” plugin or something.. and if you need to manage a bunch of pending users you might want to see if https://wordpress.org/plugins/unconfirmed/ is working with current bp version..

random thoughts, hope they help.