In chatting with a few people at WordCamp Phoenix about our various BuddyPress sites, the issue of spam user accounts came up several times. I’d just run into this problem myself on the VP Alumni site, and after cleaning out about 400 bogus users (all with usernames like maryjane913), I went searching for a way to stop them without subjecting real people to a CAPTCHA (or something equally irritating).
The method described by stwc in the forum is working well for me, even though I did only the last two steps s/he described.
First, I changed the slug of the BuddyPress registration page, which usually lives at example.com/register. You do this using a definition in wp-config.php:
define ( 'BP_REGISTER_SLUG', 'newbpuser' );
I chose a new slug that did not involve the word “signup” at all, which might have helped.
Second, I used stwc’s function to redirect visitors from the built-in WordPress signup page, wp-signup.php, to the BuddyPress registration page instead.
function bp_splog_signup_redirect() {
if (strpos($_SERVER['REQUEST_URI'], 'wp-signup.php') !== false ) {
$url = 'http://example.com/newbpuser';
wp_redirect($url);
exit;
}
}
add_action('init', 'bp_splog_signup_redirect');
You could just add a redirect above the WordPress rewrite rules in .htaccess instead, I suppose, which would continue to work if you change themes:
Redirect /wp-signup.php http://example.com/newbpuser [R=301,NC]
So far, I haven’t had any new spam accounts at all since I implemented the changes. Maybe someday BuddyPress (or WordPress itself) will integrate with Akismet or something for signups, but in the meantime this seems to be the least painful solution.
Any new discoveries on Spam?
Thanks in advance
John