Skip to:

How to control spam registration?

  • jittopjose



    I have installed and setup my site with Buddypress 1.2 RC3 and standard WordPress 2.9.1(

    Now the problem is i am getting lots of spam registrations. daily more than 20. I controlled comment spams using bad behavior and akismet plugins. But how can i blog spam registrations?.. Any known way to avoid BP spam registration?.

    Plz help.

    Jitto P.Jose

Viewing 25 replies - 1 through 25 (of 57 total)

  • m@rk


    I recommend the SI CAPTCHA Anti-Spam plugin:



    I tried captcha technique. but some how its not working with my installation. I dont know what the exact reason is. The image is not get displayed. when i clicked on the test link at the Si Captcha settings page, it is redirected to “not found page” ..

    But Buddypress test site ( does not hold a captcha.. but still it seems that there is not much spam registration. How they control spams without using captcha. Any idea about it?..



    Si-Captcha was ineffective in controlling spam registrations on my site. I have to delete 10-15 spammers daily.





    I read that article. At the end of it, there is a suggestion for using Invisible-defender plugin modified for buddypress. I tried that plugin, but it shows error when a registered user try to login. The plugin available at wordpress plugin site is not for buddypress i think.. Anyway i installed the latest from wordpress plugin site. Let me wait and check whether it block spam registration.

    Sam Steiner


    This is actually one of the greatest issues with WPMU/BuddyPress at the moment. Many people seem to have this problem and when I ask in Twitter nobody seems to have a solution to this. I noticed the problem on a community website I was (am) a member of and then again on a new installation for a community website I am building. Spammers just keep registering.

    Is this more of a problem with WPMU than of BuddyPress?

    Is somebody out there NOT having this problem?

    This is a problem with WPMU and spammers simply wanting to register spam blogs. I’ve not really seen the problem on standard WordPress, and with blog registration disabled.

    Sam Steiner


    @Andy – so you don’t know of a solution to this? How is it solved on



    @jittopjose : SI CAPTCHA works like charm with BP. It protects my site from spam registrations/ comments since about a year.



    Not only wpmu, wordpress Standard also has the spam registation problem.. especially with buddypress.

    @m@rk I know SI captcha work with buddypress. I created a test installation and tried, its works there.. but when i tried in another shared hosting package of same server, it doesn’t. I dont know the reason. The image is not get displayed….



    This is my phpInfo() page ( Any of you plz check whether anything missing that require SI Captcha to work?..

    There is nothing protecting spammers from registering on I get some occasionally, but I nuke them with “mark as spam” as soon as they pop up. I found since with the new default theme spam has reduced significantly.

    SI Captcha is a good spam prevention method. There really are a lot of options, but don’t search for “BuddyPress spam prevention”… this is not a BP issue, it’s a WordPress issue. You need to search for WordPress spam prevention instead.

    Another good option is to change your registration page slug.

    Andrea Rennick


    Change the register slug and add more required options on the BP signup page. The sploggers look for the defaults, so change ’em.

    With all of the web standards and accessibility built into WP and BP, it really makes me sad that a captcha plugin is the only known solution to this.

    Captchas are probably my biggest pet peeve on a site. Even the ones that aren’t horribly mangled pictures or have sound alienate those with vision and/or hearing loss. The BP site I run gets its share of spam registration — and like Andy I just mark them as spam as quick as I can. But a captcha isn’t going to help me in any way since 80% of my member base (including myself) are blind or visually handicapped.

    @Cyndy: The two posts above you give alternatives to using captcha. It’s not the “only known solution”. SPAMers use bots. Bots look for known text and urls… like “Powered by BuddyPress” or or whatever. Changing those things can help a lot. And invisible defender helps too. All without captcha. Which I think everyone will agree… sucks.

    Clearly, I can’t read. >_<

    I actually already have Invisible Defender running — and I don’t know if it’s really done anything, but certainly it’s better than nothing. And my form is slightly tweaked; don’t know why I never thought to change the slug, though.

    Anyway, thanks David! :-)



    Two of the suggestions above, changing the register slug and changing known text in the footer, are things I outline in my article Bowe links above (



    @cyndy: I totally agree with you, Capthca’s are ony good for creating jobs in Asian countries and a useless hurdle to users. I second (third?) stwc and Andrea though: once changing the defaults, splogger change from several times daily to once a month….

    Don’t forget to delete or rename (or empty if you want to avoid loads of entries in your error log) the wp-signup.php file, as that is what most sploggers come in on. Though I am pretty sure that now BP works on WP, some new methods need to be found soon on both sides of the fence :)

    Sorry to pick that up… I thought I won with the spammers for I did what stwc wrote in his article (by the way – the site there is down :-()

    But yesterday until now I got about 100 spam-registrations. I did not delete wp-signup.php anymore, because the “reigster” in the admin-bar anywhere else but on the root-blog needs that file… So I thought it’s not a good idea.

    BUT now, the spammers registered with just the name. Although I have alot of additional, required field… How is that possible? I guess, they didn’t come in through the bp-register. Maybe the wp-signup.php directly?

    I have forums disabled altogether and as far as I know this issue with registering through bb-press should not be an issue anymore.

    Would appreciate if someone could give me a further tipp what to do or where they could come from.

    PS: @andy (or the developers): Why is it, that on subblogs the admin-bar “register” doesn’t point to the register-slug but is somehow a redirect from wp-signup.php (which doesn’t work anymore, when I delete or empty the file…)

    Update: Even with an “empty” wp-signup.php they are still registering… really strange! Where could they come in, for they don’t need to fill out any required addition fields…?!?! Any ideas????



    I’ve no doubt they’ll return, but I haven’t had a spam signup for a fair while. The odd one creeps in, but you can’t stop a determined ‘real’ person. But I haven’t been subject to the continuous signups I used to get when I first started my site.

    The steps I’ve taken are:

    Rename (not remove) wp-signup.php

    Use custom bp-register slug

    Removed “powered by” type text in the footer and other obviously WP / BP phrases

    Installed NoSpamNX

    Installed WP-BAN

    Installed SI Captcha

    Employed the .htaccess rules explained here:

    Nothing’s perfect against spam, but certainly for me, these things have helped.

    thanks mlovelock – this sounds good. All of this has worked with me before.

    BUT now,

    even that I have blocked with WP-Ban *.info – the spammers with that email get through

    even that I have additional required field (lots of) – the spammers can register just with a name (nothing else)

    even that I have changed, deleted (whatever) wp-signup.php – spammers can register

    MY QUESTION IS: Where do they get in??? Did I overlook a loophole???

    Please – any further help would be much appreciated!!!



    The limitation of WP-Ban is that it’s not working at .htaccess level, so it only really does it’s thing if a spammer is polite enough to access your site normally. You might want to look at something like a plugin that’s going to ban IPs and referrers at the .htaccess level.

    Also, had a quick look at your site – I presume you’re talking about ? I notice your register page is still /register (albeit translated) – have you tried changing this to something else? There’s eevery chance that the mere translation of the standard ‘register’ slug won’t slow the spammers down.

    Thanks for another hint

    No, actually I was talking about – but same thing with the slug. I just guess it’s not that, because if they would come in normally, they would have to put something in the additional field, wouldn’t they? (at least, that’s what they always did before I stopped them the first time…

    I now added again the .htaccess rules you described (didn’t change there the changed registration-slug…)

    Does that look right (sorry – on that level I have no idea anymore :-)):


    RewriteCond %{REQUEST_METHOD} POST

    RewriteCond %{REQUEST_URI} .registrieren*

    RewriteCond %{HTTP_REFERER} !.** [OR]

    RewriteCond %{HTTP_USER_AGENT} ^$

    RewriteRule (.*) [R=301,L]


Viewing 25 replies - 1 through 25 (of 57 total)
  • The topic ‘How to control spam registration?’ is closed to new replies.
Skip to toolbar