Preventing Spammer Registration
Spammers and sploggers pose a serious risk to online communities. Without some protection in place, your fledgling community runs the risk of being overrun by spammers trying to sell fake Uggs and Oakleys. Since fake users can easily make up 98% of all new user account requests, it’s useful to have a game plan for stopping or slowing these fake registrations.
BuddyPress by default requires a user to activate his account via an e-mail sent to the address provided at signup. This simple check will weed out the sploggers and spammers who are using e-mail addresses harvested from the web that they do not have access to, but will not stop users who do have access to working e-mail addresses.
One of the most powerful ways to combat spam is to restrict public site registration. BuddyPress offers a couple of ways to add users without offering a public registration form. With site invitations, you can grow your membership via referrals from your current members. With site membership requests, you can moderate each registration request, manually approving the requests that look legitimate and deleting spam users before they join the site. Read more about alternatives to public site registration.
There are simple changes you can make to the registration form to help identify spambots, too.
Honeypots work by creating hidden fields on the registration form that spam bots can’t resist, then checking for input in those fields upon form submission. “Humanity tests” ask the user to respond to a question that should stump a spambot, for example, “What color is snow?”. Finally, CAPTCHAs are ubiquitous and challenge the user to figure out what letters are shown in a distorted image. Which of these options you choose (you could technically employ all three) is a matter of preference. Honeypots have the advantage of being the least intrusive; “real” users won’t even know they’re there. Humanity tests might surprise your users because they’re unusual, but stop spambots effectively. CAPTCHAs are everywhere, so, while they might be annoying, at least they annoy your users in a familiar way. These three strategies will only stop spambots, though; human spammers will be able to defeat any of them.