There is no backdoor, but yes there is a lot of spam which will enter. The groups are indexed by google and users use it to spam.
You can add the Google captcha easily, I am unable to locate a plugin at the moment.
You can check this link : https://buddypress.org/support/topic/simple-recaptcha-for-buddypress-register-page/
p.s : Seems like a missed opportunity. I can upload on wp.org and share with you later this week. Let me know if you need it.
Hi @wackao I already have a captcha on my register page, which is why its confusing why I have so many bots, I just deleted 1000 groups!
This is my register page
register
Im wondering if there is another way these bots are signing up, like an API or somehow the default wordperss signup.php? I am not sure
Make sure the captcha is verified on both browser and server levels. If this captcha is working only at browser level, then yes a simple CURL request can bypass it and register bots in your site.
There are other ways as well, but the Google captcha should do the trick. We have not had any issues with signups at all.
I dont see why it shouldn’t be server side, Ive tried both V3 and V2 Captcha using the plugin “Advanced noCaptcha & invisible Captcha Settings” as I can actually see the Captcha be added to the buddypress register page, but Im still getting 10-20 fake registrations a day!
what one do you recommend?
The only other possibility is “human” spam which can not be caught by any software ( unless it s AI Powered ). What you can do is strip all HTML and links, so the spammers would lose all interest in your site.
add_filter('bp_before_groups_edit_base_group_details_parse_args',function($args){
$args['description'] = wp_strip_all_tags($args['description']);
return $args;
});
p.s : In our theme we already added the restriction on “Who can create groups”.
I am surprised BuddyPress has not developed a recaptcha add-on or plugin so that our registration can be more secured. Is there a plugin/addon that is now available?
