WordPress sites are tasty morsels for spammers. BuddyPress seems to be even more popular, because not only can users comment on blogs but they can also run wild in the activity streams, forums and private messaging inboxes with offers for pharmaceuticals and fashion handbags. Unfortunately, spam is an irritating problem for virtually 100% of BuddyPress sites.
If you’ve launched a new BuddyPress site and you haven’t put any spam prevention measure in place, then very soon you’ll start to notice how popular your site has become. One morning you’ll visit your site and see dozens of monster faces among your members with usernames like “76230tffjum” and “2z5carlk“.
Before you throw your keyboard and delete your whole BuddyPress site, you should know that there are proven ways to reduce, if not eliminate, BuddyPress spam.
How Spam Usually Shows Up On BuddyPress Sites
There are three places where you’ll notice BuddyPress spammers:
- BuddyPress Members Directory or Dashboard Users Page
- Activity Stream
- Private Messages
The first place you’re likely to notice BuddyPress spam is in the activity stream. If spambots get past your registration form, they will usually post paragraph-length activity updates for embarrassing products that you probably don’t want advertised to your members.
Besides spamming the activity feed, the bots also like to get into your forums and private messaging inboxes. A spam message from a bot gives your members a bad impression of your community and can even cause members to delete their accounts.
10 Spam Killing Solutions for BuddyPress
Take heart! You’re not helpless against the spam bots. There are a number of ways that you can stop these spammers in their tracks. BuddyPress spam solutions can be divided into two main categories:
- Registration Plugins – Solutions that help keep spammers from registering
- Spam Management – Plugins for helping after spammers have already registered
By far, the best way to keep spam at bay is to stop the spammers at the door. That’s why many plugin developers have focused their efforts on creating plugins that stop spam at registration. We’re going to examine the pros and cons of each.
One of the most common ways to stop spam is to lock the door of registration by providing a question that only humans can answer. The BuddyPress Security Check plugin is based on the BuddyPress Humanity plugin, which I have previously used to stop spam with great success. It requires users to answer a simple math question in order to process the registration form. The math question is automatically randomized by the plugin.
A math question is quick and easy. It’s also not nearly as annoying and frustrating as a CAPTCHA. Installation is easy and there are no options to configure. The plugin also does not store any values in the database.
It slows down the registration process, though only by a few seconds.
Spam Destroyer is an experimental plugin by Ryan Hellyer for blocking spammers from bbPress, BuddyPress and multisite registrations. The unique thing about this plugin is that it’s totally unobtrusive. It doesn’t add anything to your signup form. It checks for registration evilness in the background so as not to disturb your visitors.
Pros: No settings to mess with – install, activate and you’ll be blocking spam. No extra fields are added to the registration form. It has added protection against comment spam.
Cons: This plugin is not compatible with Jetpack, so if you’re using Jetpack for comments you’ll need to find a different spam plugin.
This plugin adds the Google reCAPTCHA Service to the BuddyPress registration form.
Pros: CAPTCHAs are fairly difficult for bots to hijack and are effective at preventing spam.
Cons: A CAPTCHA is a cumbersome addition to the registration form and can be frustrating to some users. Setup and configuration requires editing the ‘bp-recaptcha.php’ file. It’s not user-friendly for those who are not familiar with FTP.
Despite its unfortunate name, WangGuard is a powerful and highly-rated plugin for stopping registration spam. It has a number of built-in measures to combat BuddyPress spam. This plugin is associated with a web service that helps to protect your site from sploggers, spam users, unwanted users and Black Hat SEO.
Here’s an example of WangGuard blocking blots on attempting to register:
It also includes the ability for users to report one another’s posts in the activity stream. This helps admins stay on top of spam and objectionable content in the activity stream in case a spammer has managed to get past registration.
Pros: WangGuard provides extra features for managing spammers if they’ve already gotten through. It provides statistics for tracking how many spammers have been blocked. You can easily customize the plugin’s settings from the control panel.
Cons: It requires API Keys to set up and configure. The service is only free if you have 500 or fewer registrations per day. WangGuard may provide more features than many small BuddyPress sites require.
Anti-Splog is a plugin that provides powerful splog protection for multisite networks. You’ll have to have an API key in order to make use of the Anti-Splog API service, but a number of the other anti-splog features are available for free, including:
- Limiting the number of signups per IP per 24 hours
- Human tests – answering random user defined questions, picking the cat pics, or reCAPTCHA.
- Pattern Matching – Checking site domains, titles, or usernames against your defined set of regular expressions.
Pros: Provides multiple options to choose from for signup form protection.
Cons: Anti-Splog does not work unless you’re running multisite. It also does not yet protect against spam entries in status updates, forums, activity streams.
The BuddyPress Honeypot plugin is a plugin that adds a honeypot to the BuddyPress registration form to prevent spam registrations. Essentially, it creates an extra text field that is hidden via CSS. The visitor never sees the field but but spambots will usually fill it out so they don’t miss any required fields. The hidden field is a honeypot that traps the bots.
Pros: BuddyPress Honeypot is completely unobtrusive and doesn’t add anything extra to the registration form.
Cons: It’s not available in the WordPress repository so it may be difficult to get plugin updates.
7. Ban Hammer
The Ban Hammer plugin makes use of WordPress’ native comment blacklist feature to ban user from registering to your site. When a blacklisted user attempts to register, he gets a customizable message that he is banned.
Pros: Ban Hammer doesn’t add anything new to the registration form and doesn’t inconvenience your visitors.
Cons: The customizable error message doesn’t always work with BuddyPress, but the basic ban hammer functionality works just fine.
BP Invitation is a plugin from @imath that he released on github. It restricts registration to those who have an invitation code. Though it wasn’t created to be an anti-spammer plugin, the requirement of an invitation code is an excellent deterrent for spam.
Pros: No spammer bots can possibly get through unless they have a way of guessing the registration code.
Cons: This solution does not work for every BuddyPress community. Potential registrants must already have the code in order to get in, so it essentially closes off your registration to those who have just discovered your site.
Akismet? A BuddyPress plugin? Yes, indeed. Akismet can be used to help keep BuddyPress activity spam under control. BuddyPress 1.6 introduced activity management with Akismet integration. When posts are marked as spam by Akismet, you’ll be able to see them when you filter for spam under the Activity menu in the dashboard.
Pros: If you’re already using Akismet to combat comment spam, you’ll get the same high level of protection in the activity stream.
Cons: It requires an API key and connection to WordPress.com. Usually this is free but there is a fee for commercial use.
10. Spam Link Plugin
The Spam Link Plugin helps you to quickly combat spam if a spammer has gotten through the registration form. It makes it easy to zip through your site and deal with spam:
- Adds the “Mark as spammer” link back to the admin bar
- Adds a “Spammer” button to the activity stream entry meta row
Pros: Saves you time from having to search for the user in the dashboard in order to mark as spam and delete.
Cons: The plugin isn’t in the repository, so it might be difficult to get updates.
The only sure-fire way to make sure you don’t get any BuddyPress spam is to close off your site’s registration completely, but that would be completely counterproductive for most BuddyPress social networks where the idea is to grow membership.
The important thing to remember is that there is no one catch-all solution for BuddyPress spam. You may even need to do a combination of these measures in order to achieve full control over the spambots. Every BuddyPress site attracts different kinds of spammers and what works on one site may not work on another. Give a few of these proven plugins a try and you’ll discover what works for you.
Know any other ways to stop BuddyPress spam? We’d love to hear them in the comments.