BuddyPress.org

> So don’t link it.

That would work.

My point was that whatever method you use needs to still provide the same level of protection from spammers or else you might as well leave the “powered by…” intact.

I’d say the noteworthy features for Anti-Splog are their API and limiting number of signups per IP per 24 hours.

I don’t really like the “changing signup page location every 24 hours” feature, although I understand the rationale, I’d prefer a permanent location for indexing reasons.

The rest of it is doable.

To make it seem like their plugin is uber-spectacular, they’ve created a flowchart :p

http://wpmu.org/wp-content/uploads/2010/01/Anti-Splog.gif

My experiences with the premium plugins/themes in the past hasn’t been good to be honest. I can understand them wanting to be reimbursed for their work though.

Plugin looks great and their blog is also great (WPMU.org).. I’m not so sure about their premium thingie though.. The plugin does look very good, so I’ll keep an eye on it

The WPMUDEV folks purport to be big players on the bP community but they have zero presence on these boards helping people out and they have plugins designed to suck you into their overpriced premium model. I treat everything on that site with a cautious eye. But that’s just me

There is no problem with people recommending certain plugins, either paid-for or “free.” If this was Gpo1’s own plugin, then that would count as advertising. But as it isn’t… good find! Will have to take a look sometime.

Arturo, there are other ways to stop sploggers. Check this out

http://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/

but is a premium plugin… not free like akismet… argh!

Contact a forum moderator On that one.

Read this article on bp-tricks.com:

http://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/

There’s a ton of methods listed there to stop spam.

I am not following what you are saying at all..

I always go into wp-admin and click on users and then go through there to mark as spammers – I guess there is another way to do this with buddypress?

I would like a way to mark as spammers from the front page. I would also like a way to add email domains to the spam list at the same time, so the same email domain the spammer used to sign up with can’t be used again.. perhaps also pull the ip addy that they used and add that to a list that could be inserted into an htaccess deny list…

A better way to find them by username or screen name would be nice. When spammers hit my BP site, it shows up as blog spam in the recent wire or whatever it’s called, listed as posted by “danielle jones” – but when I go into wp-admin backend / users and search for danielle, it comes up with nothing – that sucks – so I have to go back to my site’ home page, and hover over the spammers name to see what the url is, and then search for the member signup name that way – bleh

@alexmaxim unless they completely missed your question, I guess the answer is no.

I’d also like to know if it’s possible to customize the default settings for e-mail notifications. Not because of server issues, I just don’t want to spam my users by default. (using 1.2 beta)

Just to add something to this (upcoming)paranoïa tread

Since i use the signup trick, i have no more spam registering but receive personnal mails who ask for help for some minor wp troubles…

These mails are send from another part of my site where I have a contact form.

Pleasant for me is to see that this form is on a different CMS (absolutely not wp) but with a look alike BP template.

Difficult for me is to NOT answer these mails…

It seems that some spammers are desperatly searching for IP’s…

The short answer is Yes. The long one is they are made for filling out forms and submitting them. A drop-down is just a field that they might encounter, so expect the functionality. On the other hand we are talking here about bots that look for WP/MU installations to exploit the default sign up or comment forms. As a rule of thumb, anything that you can do to change the default behavior, do it. It’s like Andy said: if you make it the default, the spammers will figure out a way to get around it.

Also: try very hard to stay away from the following in your URLs: wp-signup.php, wp-register, register, wpmu, wp, and anything that hints at a wordpress installation.

@guristu Right… but can bots submit drop down values? For instance, I have a drop down for “Training Level” which is a required field. If it’s left at “please select”… the form will return a required field error.

After changing the register slug, what can you use to get the right redirect?

Tried this:

bp_core_redirect( bp_signup_page() );

But it just prints the URL on a blank page.

This works of course:

bp_core_redirect( $bp->root_domain.'/mycustomslug' );

But I shouldn’t hardcode. Already got email complaints caused by links I’d missed…

@David that’s what wp-hashcash does. it adds a hidden form field whose value is set only via JavaScript when the page loads in the browser. if the browser is a bot, the value of the field will not be set because bots usually do not have JavaScript capabilities. It isn’t the field itself that makes the difference, it’s what it contains that enables you to tell a human from a bot.

@andy I have been meaning to ask you: how do I get a BP module to register as a site wide plugin so that it shows up in the site wide plugins list? BuddyPress and the example module register as site wide plugins but my own module doesn’t — it activates as a regular plugin that has to be activated for each blog within wpmu. I have followed the example model step by step. Is there some magic line of code that I’m missing?

Thanks.

Would adding a required custom field help too? Something that a ‘bot would not know about?