Skip to:

Registrations and Spam.

  • deadlyhifi


    Due to the number of human spammers on my site, and to stop people banned (using Ban Plus) from re-registering with a new email address, I have been asked to create a plugin that does the following:

    Delay sending of password email for 24 hours

    Display a list of ‘waiting’ registrations in admin area with an approve override option.

    My thoughts to do this are to get the plugin working for 1.6a (which many people would appreciate)

    Then run a cron every 24 hours.

    Has anyone got any suggestions about how to go about this? and point me anywhere to get ideas? Thanks.

Viewing 6 replies - 1 through 6 (of 6 total)

  • _ck_


    You really get that many humans registering to spam on a smaller site?

    One solution I use on a large site is to prevent any post with more than 2 urls.

    Spammers typically cannot help but be morons and post several urls at once, normal humans rarely post more then two per post, and then not every post.

    Not sending a password would be fairly easy by hacking the core, I’d have to look at it more carefully to see if it can be done via plugin without hacks. I believe it’s done in pluggable.php which means it’s replaceable, so that’s good.

    Another method would be to use my Instant Password but NOT do the final step of logging them in and activating the account, but instead store a scrambled password and log the request, then manually authorizing it which would drop their chosen password hash into place. The important/hard part is not letting them request a new password to activate the account.

    This might also be worth a shot but not sure if it’s useful against humans unless they work from the same IP pool:



    Thanks for the reply _ck_.

    I’m actually using it on a larger site than recommended ;) and we have pretty strict forum policies so ban people for 24 hours when they slip up using the Ban-Plus plugin. The problem is people just set up another account and instantly start posting again.

    We recently had a spammer, a human one who would deliver actual advice to a discussion, but then follow it with links to escort agencies and the like. We banned him but he just signed up again – 5 times in a row!

    The 24 hours approval rate would solve all these problems. Just need to find some time!



    There isn’t any site “larger than recommended” for bbPress ;-)

    There is a bbPress site with nearly 2 million posts and another with 8 million users, so there aren’t any limits.

    I’ll look at the approve plugin and see how hard it is to make work with 1.6



    I have now fixed the Approve Registration plugin for bbPress 1.0a

    as well as another bug it had with resetting passwords upon approval.

    (it might also now work again with bbPress, untested)



    Wonderful. Thank you very much. I’m sure many will appreciate this.

    “site larger than recommended” in that 1.6 isn’t recommended for anything live…



    The updated plugin has been working ok except it has major flaws :)

    1 – The user displayname is not being put into the database – therefore all new users appear as a blank when they post.

    2 – registration error messages aren’t displayed. (e.g. Invalid email)

    The fix was straightforward. The bb_new_user function needed updating as so:

    if (!function_exists('bb_new_user')) :
    function bb_new_user( $user_login, $user_email, $user_url, $user_status = 0 ) {
    global $wp_users_object, $bbdb;

    // is_email check + dns
    if ( !$user_email = bb_verify_email( $user_email ) )
    return new WP_Error( 'user_email', __( 'Invalid email address' ), $user_email );

    if ( !$user_login = sanitize_user( $user_login, true ) )
    return new WP_Error( 'user_login', __( 'Invalid username' ), $user_login );

    // user_status = 1 means the user has not yet been verified
    $user_status = is_numeric($user_status) ? (int) $user_status : 0;

    $user_nicename = $_user_nicename = bb_user_nicename_sanitize( $user_login );
    if ( strlen( $_user_nicename ) < 1 )
    return new WP_Error( 'user_login', __( 'Invalid username' ), $user_login );

    while ( is_numeric($user_nicename) || $existing_user = bb_get_user_by_nicename( $user_nicename ) )
    $user_nicename = bb_slug_increment($_user_nicename, $existing_user->user_nicename, 50);

    $user_url = bb_fix_link( $user_url );
    $user_registered = bb_current_time('mysql');
    $password = wp_generate_password();
    $user_pass = wp_hash_password( $password );

    $user = $wp_users_object->new_user( compact( 'user_login', 'user_email', 'user_url', 'user_nicename', 'user_status', 'user_pass' ) );

    if ( is_wp_error($user) ) {
    if ( 'user_nicename' == $user->get_error_code() )
    return new WP_Error( 'user_login', $user->get_error_message() );
    return $user;

    $user_id = $bbdb->insert_id;
    $options = bb_get_option('approve_user_registration_options');
    bb_update_usermeta( $user_id, $bbdb->prefix . 'capabilities', array('waitingapproval' => true, 'member' => true) );
    approve_user_registration_send_pass( $user_id, $password );

    do_action('bb_new_user', $user['ID'], $user['plain_pass']);
    return $user['ID'];

    although I am using a fairly hacked together install with some bleeding edge stuff in there so you may need to experiment a little.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.
Skip to toolbar