Your account has been marked as a spammer

After login, if you click on "My Enclave" button, you will be redirect to another subsite, but when I try do this, I got:

ERROR: Your account has been marked as a spammer

I am using a Join My Multisite plugin which allows for login across the sites, also, the subsite uses BuddyPress that should be the culprit of this issue. What can I do to avoid this?

  • Philip

    So I have diagnosed the issue;

    ISSUE 1:
    When linking from the MAIN site to the SUB-SITE; a user is created in the sub-site with the matching account login details from the main site, however, it appears to flag the account as "Spammer" on the sub-site once linked over, this obviously prevents the user from logging into this sub-site. (See here for screenshot)

    ISSUE 2:
    I must then manually log into the admin panel for the SUB-SITE and mark the user as"Not Spam", which upon doing so will automatically then change the status of the original user in the MAIN-SITE from "Approved" to "Pending", which then prevents the user from being able to log in to the main site. (See here for screenshot 1, See here for screenshot 2)

    Obviously, this is a big problem for the user to be switched back and forth from pending to approved to spam and such. My goal is to have a single sign-on across all the sites in the network; so a user can link from one to another while remaining logged in a seamless experience.

    If anyone can help me with the following:
    1. How to stop the sub-site from automatically marking this user as spam.
    2. How to stop the main-site from automatically switching to "pending".
    OR
    Any other easier ways or plugins to achieve a single sign-on across multiple sites in the network.

    Any and all help is much appreciated.

  • viobru

    Hi, Philip,

    Hope you’re doing well today :slight_smile:

    As mentioned in the first chat, seems that this issue could be related to the BuddyPress plugin. I’ve checked it and I found a couple of threads on their site in which members reported the same issue, but all of them are really old and they don’t provide a fix to prevent this to happen. Please note that this is a really rare issue and is not easy to find information about it.

    I’ve also checked that this error message is set up in the user.php file (located under the wp-includes folder) and is meant to be shown only if the user is considered a spammer, so I guess it has to be either BuddyPress or another plugin on your site who’s marking the user as a spammer:

    BuddyPress by default requires a user to activate his account via an email sent to the address provided at signup, as you can see in BP page, so I guess that BP is considering that user as spam, because his/her account wasn’t activated through any email, sent to him/her, but I’m afraid that I can’t confirm that.

    I’ve also checked the debug.log file of your site and it’s over 120 MB, which is really large, and I could find thousands of references to BuddyPress and also several database errors, but I’m not sure if these are related to this issue, so I’ll need to escalate this ticket to our Second Line Support so they can have a closer look at this. Please note that SLS response can take more time than usual staff response, so we appreciate your patience on this :slight_smile:

    Kind regards,

    Violeta

  • Philip

    Thank you so much viobru for the detailed response.

    So to confirm a few things:

    1. Before linking to the BuddyPress powered sub-site of my network I created the account on the primary site using a Facebook-enabled login (retrieves name and email from facebook). So when I link to the BuddyPress site it creates the account and then marks as spam.
    2. If I attempt to log in using the email and password it then blocks it but then if used with facebook login button it works.

  • James Morris

    Hello Philip,

    I hope you are well today. I'll be following up with you regarding your chat.

    When I accessed your site, the configuration I found for BuddyPress, Join My Multisite, and WordPress Social Login would not have worked for use as single sign-on for the network. Reason being that Join My Multisite and WordPress Social Login were only active and configured on 1 subsite. For those to act as SSO tools, they must be activated at the Network Level and configured on each subsite.

    I walked through the setup on a fresh Multisite install with my own Facebook, Google and Twitter API keys. I was able to get this working quite well. However, the setup takes a bit of work.

    First, and this is very important...

    Whenever configuring your API keys, you must include every possible callback URL for OAuth. For example, in my setup, there are multiple possibilities. See screenshot:

    So, please be sure to define every possible domain on your network that will be using this functionality.

    Next, Join My Multisite and WordPress Social Login must be setup as Network Activated. Once Network Activated, you have to go into the settings for these plugins on each site and configure their settings. There's no network-wide settings for these plugins.

    For Join My Multisite, choosing Automatic is the easiest choice as it does not require action on the end-user's part. Screenshot:

    For WordPress Social Login you also have to configure the settings for each site in the network as well. This includes copying over the API credentials, enabling login, enabling any addons and configuring any settings you want to change.

    I believe the reason you were having the issues with BuddyPress integration and members getting marked as spammers is because the BuddyPress addon for WordPress Social Login was not enabled. I enabled this on my test site and everything worked flawlessly. Screenshot:

    The following screenshots show that the users I created using social login were correctly added to the network and subsites with the proper Subscriber user_role.

    [image pos="5"]

    Unfortunately, since I cannot access your Facebook, Google and Twitter API dashboards, I was not able to set this up for you. Also, since this is a production site, I did not want to make any changes without further discussing it with you.

    Would you please try setting up these plugins as outlined above and updating your API dashboards to include all sites OAuth callback URLs and see if this works more reliably for you?

    Best regards,

    James Morris

  • Philip

    Wow, thank you for such a detailed reply. I am going to read over this and look into every aspect today as you instructed. The only issue I can think of is that my primary site, myenclave.com, uses a theme which has a specific social login already built into their log-in/registration system and I am not sure if that will allow me to use the Social Login plugin actually? If it matters, you have permission to make any chages on my site but I will attempt all this today myself.

  • James Morris

    Hello Philip,

    The only issue I can think of is that my primary site, myenclave.com, uses a theme which has a specific social login already built into their log-in/registration system and I am not sure if that will allow me to use the Social Login plugin actually?

    Most likely the theme will have the option to disable this functionality. If it does not, you may be able to remove it at the code level in favor of the above method.

    Were you able to follow along with my guide and get this working today?

    Best regards,

    James Morris

  • Philip

    Unfortunately I was unable to make any changes because it does take me some time to comprehend the tasks.

    Regarding your previous instruction: “So, please be sure to define every possible domain on your network that will be using this functionality.”

    What do you mean by every possible domain, I see you provided a screenshot with a list of a few links but I can only think of the actual domain and sub domain links. (MyEnclave.com, academy.myenclave.com, etc). Is there some other links I would need to add? Sorry I have a bit confused here.

  • Adam Czajczyk

    Hello Philip!

    What do you mean by every possible domain, I see you provided a screenshot with a list of a few links but I can only think of the actual domain and sub domain links. (MyEnclave.com, academy.myenclave.com, etc). Is there some other links I would need to add? Sorry I have a bit confused here.

    Yes, that means your main domain and each and every sub-domain and also all mapped domains (if you're using any). Basically all the "domains and sub-domains" that this is supposed to work on.

    Best regards,
    Adam

  • Adam Czajczyk

    Hi Philip

    I hope you're doing fine today!

    Regarding the issue that re-appeared (your posts above: https://premium.wpmudev.org/forums/topic/your-account-has-been-marked-as-a-spammer#post-1322101) - would you mind enabling support access to the site so we could take another look at the setup again?

    Since you went through James'es guide and that seemed to work "short term", I got a feeling that we might still be missing something here, something that "adds up to this equation", I'm just not sure yet what that is :slight_smile:

    Let me know, please, once the access is enabled.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.