Either they;re getting in via the bbpress signup, or they are using exisitng logins.
Have you got “allow users to add exisiting users” checked in the super Admin -> Options menu? If so, UNcheck it. that’s one way we know they were getting in.
Also – you did nothing to the default multsite signup page, whcih is yoursite.com/wp-signup.php. Change that to a .txt file, then NOBODY can sign up for a blog on the front end.
I didn’t notice the wp-signup.php, I am hopeful this will solve the problem, thanks!
WOW, I did the above mentioned items and I am still getting hammered with spam blogs. I have no idea what to do now, I am already making a sacrifice by taking away blog creation during signup.
Any ideas of what I can do?
@jwack
hi, I had similar issues… even after removing the blog signup at registration, spammers would sign up, activate their accounts, and then create a new splog. to help cut down, I tried these steps:
– changed my registration slug in bp-custom.php:
define ( ‘BP_REGISTER_SLUG’, ‘join’ );
– also added a redirect of wp-signup.php inside bp-custom.php:
function register_redirect() {
if (strpos($_SERVER, ‘wp-signup.php’) !== false ) {
$url = ‘http://www.mysite.com/join’;
wp_redirect($url);
exit;
}
}
add_action(‘init’, ‘register’);
those two helped but didn’t completely remove the issue, this plugin really nailed it for us though:
– installed this plugin: https://wordpress.org/extend/plugins/invitation-code-checker/ (since we have a local comm site, we just used a zip code as the invite code)
Not sure how your site is set up but perhaps you can find a way to use it too, may even allow you to re-enable blog sign up at registration. It says Tested up to: WordPress MU 2.8.4 but I have WP 3.0.3 with network enabled and BP 1.2.6 and still seems to be working just fine.
Most of these suggestions were pulled from helpful posts on BP, hopefully they help you out a bit
@lilyo
Thanks for the response.
– I already changed the reg. slug in wp-config.php (this would do the same thing correct?
-That plugin would be awesome if it only allows blog creation with a special password, I want anyone to be able to register. You actually limit people to register on your site if they have a password?
@jwack
– Yep
– Yes, it’s not the most accessible-friendly way to prevent splogging but we do require people use the code in order to register at all, instead of a captcha. And we haven’t had a single spammer since. But for the few who don’t know it, we also provide the link where they can easily find out what it is, especially if they feel too lazy to look it up (I would be, heh).
Since our targets are mostly local people or former residents, they tend to know what the zip code is. If you have a genre-specific site, perhaps a similar technique could be applied? Or maybe a developer here could help you to modify the code so it applies only to the blog registration? I’m more of a front-end user/designer so altering other dev’s code is way out of my league >_<;
I really like the idea of editing the plugin to make blog registrations require a password. I will take a look at the code but I already know its out of my league as well. Perhaps I will contact him on the main WP site and see what he thinks. That seems like it would be a useful plugin on its own.
@lilyo Thanks for your help
“WOW, I did the above mentioned items and I am still getting hammered with spam blogs. I have no idea what to do now, I am already making a sacrifice by taking away blog creation during signup. “
Start looking at access logs. If you have no way to check how they are getting in, then you have very little luck in stopping them.
have you DELETED the exisiting spam users? Because if you;re just deleting the blogs they create and leaving the spam users…. they just create more.
Every morning I wake up, delete about 30 blogs and then delete the users. I will just learned how to check the access logs (I have my own server and just figured out how to check them lol) so I will pay attention to them and see what I can find out.