Eliminate BuddyPress Spam Registrations

If you’ve ever managed a BuddyPress site, you know that SPAM registrations quickly became the bane of your existence. When we built NetDivvy, we were cleaning out thousands of spammy user records every single day. It didn’t take long for me to start brainstorming ways to get rid of the problem.

To solve this problem, I’ve seen people add image verification (captcha) or other user entry field to the registration process to verify that the user was human. Personally, I’ve always hated captchas, so I wasn’t about to subject our users to that torture. They’re so frustrating sometimes that I’ve made the decision to not sign up for a web site because they employed them.

So if we’re not going to burden our users with extra fields to fill out, how are we going to stop these spam bots?

We treat them like thieves. They’re stealing our most valuable asset, time. Just like in the movies, we have to outsmart them – we have to set a trap. In the computer world, we call this a honeypot. But in order for it to work, we have to get into their virtual heads and think like they do. Much like you do with a mouse trap, you have to tempt the spam bot with something they want. So, what are spam bots are looking for? Inputs to fill out.

Here’s the plan.

  1. Create an extra text field hidden via CSS
    1. Since it’s hidden from view, users won’t see it or fill it out
    2. Spambots will usually fill out all form elements so they don’t miss any required fields
  2. Upon submission, check the hidden text input to see if it has a value. If it does, it’s a spammer.

Sounds straight forward, right? After implementing this on NetDivvy, we have gone from thousands of SPAM registrations per day to one or two per week. Since it’s been so helpful to us, we’ve decided to release the functionality to the public. We’ve created a plugin that you can install and it will just work.

You can download the plugin here.

If you’re interested in seeing the code, continue reading.

First, we utilize the ‘bp_after_signup_profile_fields’ BuddyPress action to add our hidden text field.

We then check to see if the input is empty via the ‘bp_core_validate_user_signup’ filter and return an error if it is filled in. BuddyPress and WordPress take care of the rest.

If you find any errors, or have any additions, please submit an issue on the github repo.

Written by the Team at Pixel Jar

We hope you got something useful out of that post. If you'd like to read more we have an active blog with topics across the spectrum of website development. If you're researching information for a project we'd love to talk to you about it.

Salt Lake City LoopConf 2017

LoopConf 2017

For those of you who don’t know, LoopConf is a WordCamp-like conference aimed at WordPress developers. I was invited to speak at the inaugural LoopConf in 2015 in Las Vegas where I spoke about reusing small chunks of code to make your code easier to maintain. Though I didn’t speak this year, I found so…
Read More
WordPress development glossary

A WordPress Development Glossary

It seems like there’s a new term or technology influencing our work every week. Keeping our definitions straight is critical to providing the best service possible. This WordPress development glossary presents a list of some key terms you should know. Accessibility – A design process that focuses on making sure website content is available and…
Read More

How Can We Help You?

We want to build your next project.

Connect with Pixel Jar

Our Community

Subscribe to learn more about the goings on at Pixel Jar.
  • Note: Your email will be added to our CRM and be used to receive emails from Pixel Jar. You can unsubscribe at any time.

  • This field is for validation purposes and should be left unchanged.