BuddyPress.org

1) By default, an email isn’t sent to the user because the user password is sent via plain text (not a good thing security-wise).

You can re-enable this welcome email by adding the following code to /wp-content/plugins/bp-custom.php (create this file if you don’t have one – be sure to add PHP open and closing tags as well):

remove_filter( 'wpmu_welcome_user_notification', 'bp_core_disable_welcome_email' );

2) Please post the avatar bug on BuddyPress Trac:

https://trac.buddypress.org/newticket

Login with the same credentials you use on buddypress.org.

3) WP-reCAPTCHA is not compatible with BuddyPress.

BuddyPress uses a different registration mechanism.

You might want to try one of these solutions listed here:

http://www.bp-tricks.com/tips_and_tricks/stopping-the-sploggers/

Re #1:

Sorry I forget that you need to hook the filter to an action.

Try this:

function snark_reenable_welcome_email() {

remove_filter( 'wpmu_welcome_user_notification', 'bp_core_disable_welcome_email' );

}

add_action('init', 'snark_reenable_welcome_email');

The file is /wp-content/plugins/bp-custom.php

1) By default, an email isn’t sent to the user because the user password is sent via plain text (not a good thing security-wise).

That makes absolutely no sense. If you use the forgot password feature, the password is sent via plain text as well. Why is that OK and sending a password upon registration not?

Most big sites, Facebook, LinkedIn, newspapers, have no problem sending passwords via plain text. Online security is always a balance between security and convenience.

Buddypress is a social network. It’s not a banking website. If you start using credit card payments or paid membership, those scripts usually come with the own security.

Who is going to steal a password to someone’s account on a blog network? Has that ever happened? What would they do with it?

Just my 2 cents. Flame away…

@snark You forgot to mention the Activation email. Is your new user not receiving one? I just did a test registration and immediately received an email. While I agree with @Peter that plain text isn’t so bad but I also think it’s not so necessary to send the password the person literally just chose. The always have the Forgot Password link if they forgo it seconds after the fact. No real need as I see it to add a filter.

@snark didn’t realize you are single user WP so no activation email

keep in mind, it’s not “broken”. We are debating the merits of one way versus the other. There is not an email as you suggest in BP/WPMU just Activation. most sites that I join these days do not send their passowrds on signup, usually activation emails. You could always write a plugin that sends the password.

when users sign up on my bp 1.1 site (wpmu 2.9) and they enter a username with a space in it like “joe smith” then the register page doesn’t give them an error and yet it automatically removes that space. the user then gets an automated email with an authentication link but that email doesn’t tell the user what their username is.

If the user selects ‘forgot password’ then the reset email that arrives does have the username.

so my suggestion is to simply return an error if a space is selected.

i tried making a ‘custom.php’ as described above but it made my site disappear, i would love the option of email username and password to a user – i agree that in low security sites it’s better to keep it simple