Preventing Spammer Registration
Spammers and sploggers pose a serious risk to online communities. Without some protection in place, your fledgling community runs the risk of being overrun by spammers trying to sell fake Uggs and Oakleys. Since fake users can easily make up 98% of all new user account requests, it’s useful to have a game plan for stopping or slowing these fake registrations.
BuddyPress by default requires a user to activate his account via an e-mail sent to the address provided at signup. This simple check will weed out the sploggers and spammers who are using e-mail addresses harvested from the web that they do not have access to, but will not stop users who do have access to a working e-mail address.
WangGuard works by checking new users’ e-mail addresses against a database of e-mails that have been used by spammers on other sites. If the new request uses a known bad address, WangGuard will prevent the user from registering. In addition, it adds some tools that allow your users to flag spam users.
If you’d like to be a little more hands-on, BuddyPress Registration Options requires that a site administrator approve each new registration request. (This plugin will work with WangGuard.)
There are simple changes you can make to the registration form to help identify spambots, too.
Honeypots work by creating hidden fields on the registration form that spam bots can’t resist, then checking for input in those fields upon form submission. “Humanity tests” ask the user to respond to a question that should stump a spambot, for example, “What color is snow?”. Finally, CAPTCHAs are ubiquitous and challenge the user to figure out what letters are shown in a distorted image. Which of these options you choose (you could technically employ all three) is a matter of preference. Honeypots have the advantage of being the least intrusive; “real” users won’t even know they’re there. Humanity tests might surprise your users because they’re unusual, but stop spambots effectively. CAPTCHAs are everywhere, so, while they might be annoying, at least they annoy your users in a familiar way. These three strategies will only stop spambots, though; human spammers will be able to defeat any of them.