You don’t want to delete users if they pose threats to your community because they can re-register using the same creds if you do so and they will continue to be a nuisance to you and your community forever if such is the case. I’m new to using bp, but have already figured out that to get rid of these suckers, this is what you do the easy way.
Go to your user area in your dashboard – checkmark the user, change role to “blocked user”. Then, from the front end of your site, from your front end admin panel, go to the user and up top in admin options it will give you the options of what to do, mark them as a spammer. It doesn’t delete them, as I said – you don’t want to. But it disables them from everything and prevents them from being a neverending nightmare to your site.
In all honestly, I wouldn’t recommend disabling email verification. In fact – you actually should not only use that, but use it with Gravatar to double verify members. My BP communities are brand new, in dev stages right now. I’ve already been subjected to spammers which is why I support use of Gravatars – because not only will your users be verified in your community, but globally and this is a big step in spam prevention.
If you want to customize the registration page, many of them can be through your theme framework. However, too much code will slice your page & overall framework right down the middle and break your site.
@all
I’m using these 3 plugins together and have no bot signups at all on WPMU2.9.2/BP1.2.3.
Cookies for Comments
RPX
WPMU Super Captcha
The occasional stubborn human does drop by once in a blue moon, and these few only manage to get through using RPX and an existing account, or they really take the time to fill out the registration form. Email domain banning and persistent account termination seem to be the only solutions in these cases.
Can someone give solution that users that wish to sign up dont use buddypress signup page, instead they use regular wordpress signup which is much much safer.
Hmm, interesting. The generic BuddyPress register form does seem like a bit of a sieve (though it could just be my frustration talking).
I think you would just delete/disable /registration/activate.php and /registration/register.php. You would lose the ability for users to fill out extended profile fields at signup. However, quick signups are probably preferable, with seasoned users filling out extended profile fields as needed. I’ve read at least one article via delicious.com that suggests to me that signup forms need to be as simple as possible to help users focus on getting “behind the wall” fast and easy.
excuse my ignorance of htaccess but is this even possible? and if so, how is it done?
I noticed a issue with spammers using CURL to download /registration so blocked that in .htaccess (It’s been mentioned on a thread somewhere how to)
sometimes it depends on your host too. emails from my default bp install on dreamhost tend to make the junk/spam folder (yahoo, gmail, etc)
I have the same issue. Tried installing plugins, changing email to a “legit” one rather than the standard noreply@xxxx.xxx, tried sending through SMTP rather than mail()
Nothing works.
Most likely Hotmails spam filter reacts to the activation link, that would be my guess at least.
check your spam folder – that site is on a shared host (dreamhost) – so emails typically get junked easily.
yep, that is the ticket 
(i’m a fan of having a date_modified col in db – so hopefully that could happen here and then a site admin could have a choice on what to sort on)
but this hack (while you do not have to touch any core files) will mess with intention of the date_recorded value (but saves the original in the activity meta table)
If you click on any of your user’s avatar or username, you’ll see a new menu item in your admin bar called Admin options where you may edit the user’s profile, avatar, mark as spammer and delete the user.
I had the same problem a few seconds ago. A newly registered member didn’t recieved the activation email but was listed in WordPress>Backend>Users
I asked the user to check spam inbox twice but there was stil no activation mail 
It would be great if admins could manually acivate such users or resent the activation email.
I’m getting several spammers signing up, I have the Anti Splog plugin (here) and the reCAPTCHA is turned on.
Email Activation is turned on.
AND I’ve blocked all of the emails on this list (here)
HOW ARE THEY GETTING THROUGH!
Thanks for keeping on top of this everyone.
Have seen this before. Not sure how it’s done, revision history appears to be misleading. I’ve sent a message to Andy Peatling as a heads-up.
http://www.google.co.uk/search?sourceid=chrome&ie=UTF-8&q=%22twitter+apps%22+site:codex.buddypress.org
I also found a spam link in the codex and deleted it.
Spammers ruin everything.
Fixed but it would be good for an admin to go and see who made the change in the first place. Well, assuming whatever wiki the site is using actually maintains that information.
Along these lines…I haven’t seen much discussion about spammers lately.
Am I still the only one getting 100+ per day?
Please please please someone figure out how to make buddypress’s registration page reference the banned domain list!
Re #3 – if that record is deleted, they can sign up again using the exact same info. That record tho, is never displayed anywhere else.
Really, the mass deletion of spammers shoudl be handled on the WordPress end, as ultimately that’s the menu your’re using.
Without going and checking, I *think* you can sort the blogs/users so the spammers are all on one page, select all and delete all in one go.
For more than a screenful, I do it with a SQL command right in the database.
Actually, if you “Mark as Spammer”, I believe BP suspends the spammer’s blog too. The problem is with Delete. To expand on what I wrote earlier today,
When you “Delete User”:
1. The user is deleted from the Members list, but the URL to the Member profile is still reachable (I filed this as a bug at trac.buddypress.org)
2. The spam blog is NOT deleted.
3. The entry in wp_signups is NOT deleted.
4. The entry in wpmu-users.php page is NOT deleted.
@3sixty – I’m also interested in something similar. I’ve added a member as a spammer and as you say it doesn’t add the blog as spam so the blog entries that member (spammer) made is still visible on the activity stream. need something that delete’s everything that spammer is related to.
DOH!
There is a BuddyPress admin option called “Disable Account Deletion”, and it’s either set to “Yes” by default or my finger slipped and I changed it…
DOH! DOH!
I’m going to file a trac ticket for this because I want my hour back and I can’t have it… the error message needs to be more descriptive:
“There was an error deleting (spam-username) from the system. Please try again, or check your BuddyPress settings to ensure that Account Deletion is enabled.”
Can someone give solution that users that wish to sign up dont use buddypress signup page, instead they use regular wordpress signup which is much much safer.
Then all you need to do is install SABRE and spammers are gone. This is urgent request because i dont wish to have spoammers on my sites, same goes for everyone else, i m getting hit by 20 spammers per hour.
BTW nothing mentioned in this topic works!!!!
@Boone,
….Not sure about your email problem – has your friend checked the spam folder?…….
I am very sure this issue is related to bug within your Plugin:
During the Step “Send Invites”, I clicked on the link “Send invitations by e-mail”. Then I entered the e-mail of my friend into the first e-mail-field. Then clicked send. Then I received the message “Invitation successfully sent”.
Then I hit the back-button of my browser to go back to the Tab “Send Invites” as there is the button which says “Finish” (for finishing the Group-Set-up).
The e-mail never reached my friend.
@kriski – If you want to add users directly to groups (skipping invitations), try https://wordpress.org/extend/plugins/bp-group-management/. It’s not great for adding in bulk yet, but I plan to add checkboxes in the next version that’ll make it easier.
@Erich73 – Good call on the group creation issue. I think the answer is just to turn off the message for the group creation process. I’m about to check in version 0.5.2, which makes this correction. Email invitation can only be done from the normal Send Invites screen, so the confusion shouldn’t happen. Not sure about your email problem – has your friend checked the spam folder? I’m using the same wp_mail function that the rest of the BP functions use.
@roydeanjr – Very strange about the first errors – almost makes it seem like the plugin was loading before Buddypress was. If it starts happening again, please let me know, and give me as much info about your system setup as you can so I can try to reproduce it. And thanks for the kind compliments
@kriski – If you want to add users directly to groups (skipping invitations), try https://wordpress.org/extend/plugins/bp-group-management/. It’s not great for adding in bulk yet, but I plan to add checkboxes in the next version that’ll make it easier.
@Erich73 – Good call on the group creation issue. I think the answer is just to turn off the message for the group creation process. I’m about to check in version 0.5.2, which makes this correction. Email invitation can only be done from the normal Send Invites screen, so the confusion shouldn’t happen. Not sure about your email problem – has your friend checked the spam folder? I’m using the same wp_mail function that the rest of the BP functions use.
@roydeanjr – Very strange about the first errors – almost makes it seem like the plugin was loading before Buddypress was. If it starts happening again, please let me know, and give me as much info about your system setup as you can so I can try to reproduce it. And thanks for the kind compliments
That code worked without WHERE spam=0 but it outputs the user ID number, anyway to get the username?
