I use Login Ninja , time to time I ban them with “yearly ban” bad IP’s , I have about 30 banned IP’s till now , it is not too much work to ban them , because spammers use only one IP to create in 1 run 100’s accounts (maybe using XRUMER ecc. read it on http://www.blackhatworld.com , in Ninja login log you will see that spammer during the night tried to create another 100’s accounts with banned IP) . So my advice is to ban every new bad IP and you will avoid 90% of spam , your only work is to ban every first new account with new IP which is in my case 1 ban in 2 weeks. Spammers will notice (probably using scrapebox – hrefer) that their run didn’t work and scrapebox or another tool will automaticaly remove your address from their lists. If this works some of them share your address on SEO blackhat websites all over the world , then your chances to get a spam rapidly increases.
P.S – I am not a spammer 
, I like white-grey hat SEO but I read a lot about blackhat SEO techniques to avoid the spam on my websites
Disable User/Pass registrations and use a Facebook only registration system.
It may be actual humans signing up. People get paid pennies to sign up and spam forums. So, unless you verify every account before letting them in you can never remove all spammers.
Thanks everyone, I am going to test drive these suggestions over this week.
== hanging the name of the Register page in wp-config.php ==
@falcott that’s no longer needed with this version.
1. Delete the code to change register name in wp-config.php
2. Create a new page with the name/slug of the register page e.g. Join
3. Go to dashboard menu BuddyPress > Pages and look for the “Register” line and choose the Join page in select dropdown and save.
4. Go to yoursite.com/join to check.
== hanging the name of the Register page in wp-config.php ==
@falcott that’s no longer needed with this version.
1. Delete the code to change register name in wp-config.php
2. Create a new page with the name/slug of the register page e.g. Join
3. Go to dashboard menu BuddyPress > Pages and look for the “Register” line and choose the Join page in select dropdown and save.
4. Go to yoursite.com/join to check.
@ryanhellyer thanks for sharing your new plugin here. Changed title of your post so others won’t think it’s another request for help to combat spam but rather a solution to destroy spam
Thanks guys. I’ve found several plugins that help to manage the members from inside the admin area. Not only that, but I’ve stopped the sploggers cold in their tracks by removing the mention of BP and WP in the footer and installing a captcha. The only thing that I can’t work out is changing the name of the Register page in wp-config.php. I added the code that everyone suggests, but it didn’t change the name of the page. Do other files need to be edited too?
Thanks
The following steps helped me stop most spam.
install s2member and follow the security steps (verify that all keys are created)
Delete the Register folders in BP (make sure to save the files)
use WordPress register form, ( you can intergrate s2members to BP 
)
Have the passwords e-mailed to the user that is signing up.
in custom.php change the slug of the register and members.
These steps helped me lock down my BP site. It stopped activity spam and fake members.
Good luck.
Try:
Change the register slug to something else. Make sure BuddyPress or WordPress is not shown on any page of your site. Check footer and header via the browsers view source. Use a captcha. Only allow sign ups via Facebook connect. Don’t use multi site.
In my profile privacy plugin there is a button on user pages that lets admins mark user as spammer. This is for quickly blocking a user. It doesn’t delete account just puts account into a state that will not allow user to sign in.
I’m working my way through my plugins and adding updates. One update I may add to the profile privacy plugin is too block an account if they post without doing a certain thing first. Maybe they need to add a friend or join a group.
Search around, but no one should open a BP site without locking it down.
I have not yet launched my BP site, but I too am concerned about this happening. If I use things like CAPTCHA on the registration page or https://wordpress.org/extend/plugins/wangguard/, will it be sufficient enough to prevent spammers?
Hi Mode, apart from manually remove the offenders, I am not sure what I can do.
have you taken any steps to prevent spam?
I am a new Buddypress user but in a very short time, our site has had numerous spammers join. This is a significant problem limiting the potential of the system. I have just 21 users and have had to remove 4 of them as spammers. What happens with 2100 users? Removing spammers will be a fulltime role and that would seem to defeat the purpose of a self-maintained website and social media community.
Why have a separate install? Is it because you want it to look different? You can style BP pages differently. Multi site opens a spam can if not completely locked down.
My network is a bunch of baby boomers selling crafts. I teach them how to be a merchant more effectively. Their stores on Artfire.com has a widget per seller where they can add a rapid cart, shopping window or a collection. All the code is clean and safe, no other code will be allowed. I’m aware of the spammer risks..been there, done that.
The field should look similar to a blog post editor or text widget. Besides, the rapid cart code won’t work unless a shortcode is made by adding the script to the widget area and then shortcode for it in the field. This is why I’m wondering if the multisite is a better fit, harder, but better fit for what I want to offer.
The Ning sites had pages for members like such. They were drag and drop fields with the ability to accept code. Like a comment box might. This is what I need for members. I already have a member approval mechanism installed. They have to attend the basic instructions of how to blog, to be able to use the field I need made. A sign of who they are.
Yep, it seems as though BuddyPress does it alright
Thanks for making me look a bit deeper.
I do have another (related) question though. Is there an easy way to manage the accounts, so that I can moderate the newer accounts and preview their new posts? In the WP admin users page I can see their names and email addresses, but can’t access their BuddyPress account or posts from there.
The site is about 2 weeks old and I’m getting 4 or 5 registrations per day, and at least half are posting spam blogs. I can’t imagine what it will be like in a few months with hordes of spammers. I need a management system. Any help is appreciated!
Any help is appreciated, thanks!
I can obviously delete the user but I’m guessing that it won’t delete their blogs.
Give it a go, you’d be surprised
I have the same problem. The help in the FAQ seemed to work if the problem is the e-mail is ending up in Spam – but my problem is that the e-mail didn’t come at all. And eventually those users will want to re-register with the same e-mail but they can’t because the site says “that account already exists”. I need a fix for BOTH these issues.
In the past 6 months I was getting 50+ spam bot registrations a day. I used WangGuard, but it was not catching them.
The bots were looking for the default registration page at http://yoursite.com/register
I changed the permalink of my default registration page to something else and have not had any issue since then.
Knock on wood, I have not had to delete any bogus registrations for the past month.
I hope this helps.
@oceanwidedesigns
You wrote: I wouldn’t use WangGuard because it sounds like that could easily cause problems for non-bots.
I ask: What could cause problems for non-bots?
You wrote: I’ve been having good success with SweetCaptcha,
I ask: SweetCaptcha looks cool. Do you have to come up with your own designs or are they stock?
One possible problem with this model, like any captcha, is that once the bots create a database of these drag and drop actions, human figures it out and then put in the database, it may become ineffective. The more adoption a model gets in WP the more attacks it will undergo from spammers.
~eric
@elangley
