10 Proven Ways To Stop BuddyPress Spam

WordPress sites are tasty morsels for spammers. BuddyPress seems to be even more popular, because not only can users comment on blogs but they can also run wild in the activity streams, forums and private messaging inboxes with offers for pharmaceuticals and fashion handbags. Unfortunately, spam is an irritating problem for virtually 100% of BuddyPress sites.

Floods of spam? Seriously?! Ain’t nobody got time for that.

If you’ve launched a new BuddyPress site and you haven’t put any spam prevention measure in place, then very soon you’ll start to notice how popular your site has become. One morning you’ll visit your site and see dozens of monster faces among your members with usernames like “76230tffjum” and “2z5carlk“.

Before you throw your keyboard and delete your whole BuddyPress site, you should know that there are proven ways to reduce, if not eliminate, BuddyPress spam.

How Spam Usually Shows Up On BuddyPress Sites

There are three places where you’ll notice BuddyPress spammers:

  • BuddyPress Members Directory or Dashboard Users Page
  • Activity Stream
  • Private Messages

The first place you’re likely to notice BuddyPress spam is in the activity stream. If spambots get past your registration form, they will usually post paragraph-length activity updates for embarrassing products that you probably don’t want advertised to your members.

Besides spamming the activity feed, the bots also like to get into your forums and private messaging inboxes. A spam message from a bot gives your members a bad impression of your community and can even cause members to delete their accounts.

10 Spam Killing Solutions for BuddyPress

Take heart! You’re not helpless against the spam bots. There are a number of ways that you can stop these spammers in their tracks. BuddyPress spam solutions can be divided into two main categories:

  • Registration Plugins – Solutions that help keep spammers from registering
  • Spam Management – Plugins for helping after spammers have already registered

By far, the best way to keep spam at bay is to stop the spammers at the door. That’s why many plugin developers have focused their efforts on creating plugins that stop spam at registration. We’re going to examine the pros and cons of each.

Stop the spammers at the door

1. BuddyPress Security Check

Math security question
Math security question

One of the most common ways to stop spam is to lock the door of registration by providing a question that only humans can answer. The BuddyPress Security Check plugin is based on the BuddyPress Humanity plugin, which I have previously used to stop spam with great success. It requires users to answer a simple math question in order to process the registration form. The math question is automatically randomized by the plugin.

Pros:
A math question is quick and easy. It’s also not nearly as annoying and frustrating as a CAPTCHA. Installation is easy and there are no options to configure. The plugin also does not store any values in the database.

Cons:
It slows down the registration process, though only by a few seconds.

2. Spam Destroyer

Spam Destroyer is an experimental plugin by Ryan Hellyer for blocking spammers from bbPress, BuddyPress and multisite registrations. The unique thing about this plugin is that it’s totally unobtrusive. It doesn’t add anything to your signup form. It checks for registration evilness in the background so as not to disturb your visitors.

Pros: No settings to mess with – install, activate and you’ll be blocking spam. No extra fields are added to the registration form. It has added protection against comment spam.

Cons: This plugin is not compatible with Jetpack, so if you’re using Jetpack for comments you’ll need to find a different spam plugin.

3. BuddyPress reCAPTCHA

BuddyPress reCAPTCHA

This plugin adds the Google reCAPTCHA Service to the BuddyPress registration form.

Pros: CAPTCHAs are fairly difficult for bots to hijack and are effective at preventing spam.

Cons: A CAPTCHA is a cumbersome addition to the registration form and can be frustrating to some users. Setup and configuration requires editing the ‘bp-recaptcha.php’ file. It’s not user-friendly for those who are not familiar with FTP.

4. WangGuard

Despite its unfortunate name, WangGuard is a powerful and highly-rated plugin for stopping registration spam. It has a number of built-in measures to combat BuddyPress spam. This plugin is associated with a web service that helps to protect your site from sploggers, spam users, unwanted users and Black Hat SEO.

Here’s an example of WangGuard blocking blots on attempting to register:

WangGuard banning an unwanted user on the BuddyPress registration page.

It also includes the ability for users to report one another’s posts in the activity stream. This helps admins stay on top of spam and objectionable content in the activity stream in case a spammer has managed to get past registration.

Report user button on BuddyPress activities

Pros: WangGuard provides extra features for managing spammers if they’ve already gotten through. It provides statistics for tracking how many spammers have been blocked. You can easily customize the plugin’s settings from the control panel.

Cons: It requires API Keys to set up and configure. The service is only free if you have 500 or fewer registrations per day. WangGuard may provide more features than many small BuddyPress sites require.

5. Anti-Splog

The Anti-Splog Machine

Anti-Splog is a plugin that provides powerful splog protection for multisite networks. You’ll have to have an API key in order to make use of the Anti-Splog API service, but a number of the other anti-splog features are available for free, including:

  • Limiting the number of signups per IP per 24 hours
  • Human tests – answering random user defined questions, picking the cat pics, or reCAPTCHA.
  • Pattern Matching – Checking site domains, titles, or usernames against your defined set of regular expressions.

Pros: Provides multiple options to choose from for signup form protection.

Cons: Anti-Splog does not work unless you’re running multisite. It also does not yet protect against spam entries in status updates, forums, activity streams.

6. BuddyPress Honeypot

BuddyPress Honeypot: A trap for the bots

The BuddyPress Honeypot plugin is a plugin that adds a honeypot to the BuddyPress registration form to prevent spam registrations. Essentially, it creates an extra text field that is hidden via CSS. The visitor never sees the field but but spambots will usually fill it out so they don’t miss any required fields. The hidden field is a honeypot that traps the bots.

Pros: BuddyPress Honeypot is completely unobtrusive and doesn’t add anything extra to the registration form.

Cons: It’s not available in the WordPress repository so it may be difficult to get plugin updates.

7. Ban Hammer

Ban Hammer on the BuddyPress registration form

The Ban Hammer plugin makes use of WordPress’ native comment blacklist feature to ban user from registering to your site. When a blacklisted user attempts to register, he gets a customizable message that he is banned.

Pros: Ban Hammer doesn’t add anything new to the registration form and doesn’t inconvenience your visitors.

Cons: The customizable error message doesn’t always work with BuddyPress, but the basic ban hammer functionality works just fine.

8. BP Invitation

Invitation required

BP Invitation is a plugin from @imath that he released on github. It restricts registration to those who have an invitation code. Though it wasn’t created to be an anti-spammer plugin, the requirement of an invitation code is an excellent deterrent for spam.

Pros: No spammer bots can possibly get through unless they have a way of guessing the registration code.

Cons: This solution does not work for every BuddyPress community. Potential registrants must already have the code in order to get in, so it essentially closes off your registration to those who have just discovered your site.

9. Akismet

Akismet? A BuddyPress plugin? Yes, indeed. Akismet can be used to help keep BuddyPress activity spam under control. BuddyPress 1.6 introduced activity management with Akismet integration. When posts are marked as spam by Akismet, you’ll be able to see them when you filter for spam under the Activity menu in the dashboard.

Activity Stream Spam

Pros: If you’re already using Akismet to combat comment spam, you’ll get the same high level of protection in the activity stream.

Cons: It requires an API key and connection to WordPress.com. Usually this is free but there is a fee for commercial use.

10. Spam Link Plugin

Spam Link Plugin

The Spam Link Plugin helps you to quickly combat spam if a spammer has gotten through the registration form. It makes it easy to zip through your site and deal with spam:

  • Adds the “Mark as spammer” link back to the admin bar
  • Adds a “Spammer” button to the activity stream entry meta row

Pros: Saves you time from having to search for the user in the dashboard in order to mark as spam and delete.

Cons: The plugin isn’t in the repository, so it might be difficult to get updates.

The only sure-fire way to make sure you don’t get any BuddyPress spam is to close off your site’s registration completely, but that would be completely counterproductive for most BuddyPress social networks where the idea is to grow membership.

The important thing to remember is that there is no one catch-all solution for BuddyPress spam. You may even need to do a combination of these measures in order to achieve full control over the spambots. Every BuddyPress site attracts different kinds of spammers and what works on one site may not work on another. Give a few of these proven plugins a try and you’ll discover what works for you.

Know any other ways to stop BuddyPress spam? We’d love to hear them in the comments.

photo credit: Yet another bedroom B-side by coba, on Flickr
photo credit: Henghwee! :D cc
photo credit: Josh Kenzer cc

Tags

Comments (8)

  1. One thing to point out is that a site owner who is new to BP and wants to use it out of the box should really figure out how to create a custom register.php file with custom text.

    One of the biggest issues we had was that spammers where searching the web for the default text that comes with BuddyPress on the registration page. We discovered this through Google Analytics. Changing the text on the registration page alone reduced our spam registrations within a few days by about 50% since once Google indexed the new text, it made it harder for spammers to find the site.

Participate