BuddyPress.org

That would resolve your problem. The issue then would be how can you fight the spammers that sign up. The Google captcha would help. There’s also Akismet which is free for personal use and is unobtrusive too.

Up to now – Yes – NinjaFirewall combine with Stop Spammers, Akismet, Captcha and other plugins of your choice as long they work together and do not slowing down your website.

The draw back of NinjaFirewall is that you have to know how to set it properly otherwise Editor/Author will have problem updating.

Other things you can do:

If under attack — You still need to scan and look for continuous IP/username and manually add them to the Stop Spammers AND Report them to Stop Forum Spam/Project Honey Pot

If you do not have time to read/check your Themes line by line install Theme Authenticity Checker
https://wordpress.org/plugins/tac/

@brealtv

Would you mind sharing what you did or what plugins you use to “almost completely stop spam signups”?

you’re more than likely slamming into mail server spam filtering and that’s not the user spam filtering but the actual email server with strict RDNS & SPF checks in place. Generally it’s not understood that you can’t just relay emails from a server from any old domain name, that’s a possible open relay and email servers will block emails that are authorised to be sent via a given server IP, look up RDNS and get it set if it’s not already and then SPF and get that set in your MX records.

btw i just registered on your website without a problem to test it for you and it is indeed going to my spam folder as i mentioned.

also after logging in i also noticed you have wordpress set up as a multisite installation, is there any reason you have done this? are you planning having a multisite setup?

@matthewhout lol matthew dont worry man we was all noobs at some point :), regarding the emails have you checked the spam folder? sometimes wordpress mails go to the spam folders, best thing to do is configure your mail to go through smpt (i guess you also wont be familiar with this either?)

if you want help i may have a little time spare to help you set it up initially, are you on skype? you can add me if you want.

if not set a free skype account up and post me your username and i will add you, i can help you out a little if you want seeing as your struggling setting up the basics.

@robg48 something else you could do is use a honeypot. An example is

http://www.pixeljar.net/2012/09/19/eliminate-buddypress-spam-registrations/

It works by adding a hidden field to your registration form. Users can’t see the field so will never complete it (it will always be blank). Spam bots, however, don’t view the page in the same way as users. They ‘see’ the page source so will always ‘see’ the hidden field and try to complete it.

On registration form submission, if the hidden field is blank then we know it’s a genuine user trying to sign up. If the field is completed then we know it’s a spam bot and we can halt the registration. Hence, the name honeypot.

@robg48 just a thought – try changing the name of your registration page. Spam bots automatically look for pages such as /register/ so maybe use /sign-me-up/

@xxxtristamxxx
They would have to have activated and logged into the account for them to see BP content using my plugin so no, just registering would not unblock the BP content. There is really no way of differentiating who is a spammer and who is not once they are logged in so it would be up to you to moderate. Good luck!

@iameverywhere

I have thought about this a lot as well. BuddyPress spam is SO obvious for a human to figure out. You can detect spammers with almost perfect accuracy in just a few seconds. They all do the same thing. They create an account, then post garbage links. If you have Groups enabled, they create groups full of links in the description. I don’t know of a plugin that will do this, but the best way to block BP spam I think would be to put users in moderation if they post links to groups or activity, just like the setting we have for blog post comments.

https://buddypress.org/support/search/spam/
https://codex.wordpress.org/Hardening_WordPress

Awesome, I didn’t know about NinjaFirewall until now.

Change your “Admin” username to something dificult

Yes, this is very important. Not to stop spammers as much as to stop your site from getting hacked. Brute force hacking is infinitely harder if they have to guess the username AND password correctly at the SAME time. Just about impossible. If they know the username is “admin” they only have to guess the password, which is actually possible if they hammer your site all day.

Not sure why it’s not working.

For alternative spam plugins/solutions, there’s another more active thread going on here:
https://buddypress.org/support/topic/stop-buddypress-spam/

Two more methods that help. I recently had a crazy spam attack – probably 300 fake signups per day. I implemented these two methods and it dropped to near 0.

1. Change the /register/ slug to something unique. An example would be /create-your-account/, or something of that nature. It just needs to be unique and also make sense in a URL for your user. Spammers targeting BuddyPress look for /register/ as the signup page. It’s all automated so you want to filter them out at the first step.

2. Add this to your functions.php file in your theme or child theme.

It presents a dummy field that humans don’t see. Spambots will fill it out, and if the field captures a value it will reject the signup.

// BuddyPress Honeypot
function add_honeypot() {
    echo '';
}
add_action('bp_after_signup_profile_fields','add_honeypot');
function check_honeypot() {
    if (!empty($_POST['system55'])) {
        global $bp;
        wp_redirect(home_url());
        exit;
    }
}
add_filter('bp_core_validate_user_signup','check_honeypot');

Credits for #2 go to:
http://mattts.net/development-stuff/web-development-stuff/wordpress/buddypress/anti-spam-techniques/registration-honeypot/

I edited it slightly to remove the required redirect. Add that back from his tutorial if you want to. It requires that you make an extra page to send the spammer to, and I personally think that’s not necessary. I actually want them to have no indication their signup failed.

Currently the plugin “good question” is helping me with reducing spam signups more than any other.

I used to rely on si-captcha to help with this, but it started having some issues a few months ago (on my multi-site / BP sites), so that is not in use on my sites any longer.

as buddyboss mentioned above, “bp-registration options” was a good choice for a while, it worked pretty well for me around v 1.5 or 1.6 I think.. but then issues started occurring and it was left without updates for a long time (while the plugin dev was running for an election or something if my memory is serving me today), so axed that one…

Nothing is going to stop the manual spammers, but they are easy to eradicate once you have stopped all the bot signups with one of the QnA type plugins in my humble experience anyhow.

5-10 is OK — When I was handling a job application site every month we received 4000-5000 applicants and and had about 75-200 “bad users” we did have people entering bad email for their job application but it was also sometime the applicant mistype their email AND ending up shooting registration confirmation to the wrong/closed/nonexistent email at Gmail/Yahoo/Hotmail etc (I had to deal with those email providers 1-2 times a year to make sure that my Mail Server is not on the blacklist).

Btw on the Stop Spammers setting add the StopSpamForum API that way it easier for you to check or submit bad user (add Honeypot & Botscout if possible). Also “Check Spam Words” on the setting and add to them if you see a bad username keep popping up with different IPs.

pls remove spam comment above and delete spam account @saeed-mahmoood

thanks

I have used Bad Behavior. It’s ok.

I found the best solution so far has been BuddyPress Security Check.
https://wordpress.org/plugins/bp-security-check/

It knocked out the majority of spam for me, and I’ve tested many spam plugins. You’ll still get some spammers, but hopefully less.

Most spammers leave links in forums. BuddyPress could really use a method to block new users who post links pending approval.

This plugin puts users in moderation on signup:
https://wordpress.org/plugins/bp-registration-options/

But that still requires you to manually activate everyone…

What anti-spam plugins are you running and how many spam registration do you average per day?

I’m currently running akismet, pixel jar honeypot, si captcha, and stop spammer by keith graham and I get 3-5 spam registration per day.

Has anyone tried Bad Behavior? How does that work for spam registration?

Akismet is a good plugin to have enabled. It’s free for personal websites and is completely unobtrusive:

https://wordpress.org/plugins/akismet/

But think of your fight against spam as a ‘strategy’. No single plugin will do the job. You’ll probably need to deploy a combo of plugin(s), manual moderation etc. Spammers are always changing their tactics so your strategy will need to change from time to time also.