I’m having the same issue, David. I just came into the support forum to put the question. I hope you get a response. I subscribed to this stream, which hopefully means I’ll be notified if there’s a response.
@dggerhart you can try https://wordpress.org/plugins/ban-hammer/ it will allow you to block list domain TTL.
Thanks for the suggestion, Varun. I’ll read about it.
For the record, here’s a link for anyone reading this in the future:
Preventing Spammer Registration
Discusses the options, and ‘wares to deploy … but seems really dated.
WordPress.com suggests:
https://github.com/pixeljar/BuddyPress-Honeypot
But I can’t verify it’s compatible with the newer systems (6 years old.)
My problem persists, but seems to run in spurts…
I still use Wanguard, it still works for checking the validity of email addresses. I notice recently however that I’m getting a large number of spam registrations from domains ending with .xyz or .top so I ended up forking r-a-y’s plugin BP Restrct Signup by Email Domain, turning it into a blacklist intead of a whitelist. My new plugin is called BP Blacklist Signup by Email Domain, I’ll be uploading it to the repository later. This seems to be working well on my systems so far – not had any spam registrations get through for the last few days whereas without it I was getting about 8-12 per day.
Hi David,
This is very common problem that we all are facing with the Buddypress websites. The combination of registration process that I am using to stop it
1. I have enabled social login as it is very easy for users to login with almost no spam users. Every users is having a google or facebook account. It increases the engagement of users also.
2. Restrict sign up with only a few legit and popular email domains like GMAIL, YAHOO, MSN aor anything u want. You can use BP Restrict Signup By Email Domain plugin.
@dggerhart I was able to register for your site without a confirmation email and post “test” comment to your general group. Enabling email confirmation to register will help. Using a checkbox for your Privacy Policy GDPR compliance, is needed and will help too. I would give the Honeypot plugin a try on your staging site (disclaimer, I don’t use, and it’s old) but what it does is pretty simple so it could be ok. Admin notification of new users will help. Manually checking email addresses and questionable profiles (if you have more profile fields) will eliminate the obvious spammers and most are obvious. You can manually approve new users if that won’t be overwhelming. On a different note, you might want to block your dashboard access and you have some html tags displaying. Also a registration menu item (it was hard to figure out how to register) are some things I noticed too. I hope you find this helpful
Using ‘good question’ or similar plugin,
‘graphic captcha’
‘ip geo block’
unfortunately spamshield had some meltdown with the wp.org people so it’s out, but similar functionality for logins and such is in ‘shield’
you’ll never stop the manual spammers, if you could stop them, you would be stopping legit users..
on my multi-site I use a plugin that makes all new blogs/aka sites that are created automatically set as ‘search engines do not index’ in settings.. this helps too..
the bp plugin that limits the amount of private messages that can be sent is nice (BuddyPress Private Message Rate Limiter),
one one install I disallow user’s group creation ability – and ask them to send me a note about any new groups that should be made.
also enjoy “register ips” – so I can ban really bad cidrs..
@dggerhart did you solve your problem with spam users ? I have the same