Skip to:
Content
Pages
Categories
Search
Top
Bottom

Users are Automatically Activated

  • @russadams

    Participant

    I am experiencing a weird problem with new registrations on my BuddyPress site. When a user creates an account their account is already authorized. They receive an email saying they need to authorize their account, and when they click the link it displays “Invalid activation key.”.

    Course of events as follows…
    1) user registers
    2) user info immediately shows in the user control panel as a subscriber (this is before the email is even opened)
    3) user is able to login to site with user name and password (this is also before the email is even opened)
    4) When the activation link is clicked it takes the user to the Activate page and displays “Invalid activation key.”
    5) User is unable to activate the account with link or activation key because the account has already been activated.

    In researching this problem, I’ve found plugins and workarounds to allow immediate activation. I haven’t installed any plugin or put any work around in place. How can I make this work the way it was designed.

    I am running a new install of WordPress (version 4.1.1) and BuddyPress (version 2.2.1). All plugins except BuddyPress are turned off.

    Thank you for your help!

Viewing 5 replies - 1 through 5 (of 5 total)
  • @danbp

    Participant

    Hi @russadams,

    on any WordPress site, once a new user registers, the user is created in
    the database. That’s why site admin can see him in the control panel. This is normal.

    Here default WordPress registration process:

    1. User registers.
    2. User is shown message to check email.
    3. Login credentials are sent to new user in an email.
    4. User logs in to site using login credentials.
    5. Admin is notified of new user sign up via email.

    This doesn’t change when BP is installed, as BP doesn’t handle registration.

    Guess your issue is due to browser session. Make the following test.

    Create a new user from frontend.
    Close the browser or clear cookie and nav history.
    Don’t use activation key yet.
    Reopen the browser, and see if the user can login. Normaly he can’t as he hasn’t use the activation key.

    @angslycke

    Participant

    Hi!

    I recently upgraded my site with a new theme (BuddyBoss Boss. theme) and am running WP 4.1.1 and upgraded from BuddyPress 1.9.2 to 2.2.1.

    I have a setup where I redirect the activation e-mail to the site admin to be able to manually control new members and verify their information before activating them and letting them log in. This is a cruical function for my site since it’s a private network.

    After the upgrade I noticed that some spam users were automatically activated and able to log in without my manual activation. The users are automatically activated, the same issue as @RussAdams is experiencing. I’ve tried deactivating a few plugins (BuddyPress Pending Activations, BuddyPress Auto Group Join) but this issue persists. In BuddyPress 1.9.2, everything was working as expected.

    Browser sessions doesn’t seem to be the issue since clearly people on other computers have been able to create accounts which were automatically activated as well.

    This is a very serious issue for my site since I no longer have the control over new users and spam users can log in after activating. Did you get this sorted out?

    @danbp

    Participant

    Spam is an endless plague… and there is no radical solution, but only a set of combination for minimizing it, or at least to slow down that phenomenon..

    For example, changing the default wp_ table prefix is a good practice which i would recommand to any site owner touched (or not yet) by spammers.

    Even if you already use another prefix, but spammers found your site, you have to modify it again. Sounds a bit stupid, but the gain will be effective for a while.

    Other tips are avaible on WP Codex.

    In some case, you would prefer to use a plugin. See BuddyPress Registration Option.

    But in any case, you have to found your own combination.

    @angslycke

    Participant

    @danbp True indeed, but with my previous setup with BuddyPress 1.9.2 I was able to control the spam registrations since they were never activated (I used BuddyPress Pending Activations to manually activate new users) and therefore they could never log in. They were not seen in the activity stream either.

    This is my setup: https://buddypress.org/support/topic/create-private-membership-site-with-buddypress/

    I’ve now upgraded s2Member which had no effect, and also deactivated the BuddyPress Automatic Friends plugin which didn’t have any effect either. The new user shows up as pending in the Users screen for about 1 minute after registration, but is then automatically activated.

    @angslycke

    Participant

    @RussAdams What theme are you using? I haven’t figured out a solution to this problem yet so I had to turn off new member registration and created a Gravity Forms form for new users instead. Will have to manually register each user but my community is rather small so that shouldn’t be a huge problem. Will continue to search for a solution though.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Users are Automatically Activated’ is closed to new replies.
Skip to toolbar