Prevent BuddyPress registration spam

Sybre Waaijer on August 15, 2015

BuddyPress Registration Spam

Well, as you might have noticed, BuddyPress attracts spammers. That’s why you’re here.

To prevent this, we’ll simply add a plugin and activate it. This can be used network wide, as a mu-plugin or on a single site. Choose whatever you like!

The plugin adds a honeypot to the registration page.
It’s essentially a rewrite from https://wordpress.org/plugins/registration-honeypot/ but then made for BuddyPress.

The plugin which adds a honeypot!

A honeypot is what it says it is: it attracts bears, or bots.
Bots usually don’t read CSS to improve their botting speed, so they’ll try to fill in every form detail just to get an account.
From there, the accounts are collected on a spamming e-mail account and used for other spamming purposes.

Why? Backlinks, that’s why. Backlinks mean money.

So here’s the plugin:

<?php
/**
 * Plugin Name: BuddyPress Registration Honeypot
 * Plugin URI: https://hostmijnpagina.nl/
 * Description: Adds honeypot to BuddyPress registration pages, preventing spam.
 * Version: 1.0.0
 * Author: Sybre Waaijer
 * Author URI: https://cyberwire.nl/
 */

/**
 * Sets up and initializes the Registration Honeypot plugin.
 *
 * @since  1.0.0
 * @access public
 * @return void
 */
class BuddyPress_Registration_Honeypot {

    /**
     * Sets up needed actions
     *
     * @since  1.0.0
     * @access public
     * @return void
     */
    public function __construct() {
        add_action( 'get_header', array( $this, 'init') );
    }

    /**
     * Initialize plugin
     * 
     * Only works on BuddyPress registration pages
     */
    public function init() {        
    
        $bp_is_register_page = false;
        
        if ( function_exists( 'bp_get_signup_slug' ) ) {
            $signup_slug = bp_get_signup_slug();
            $bp_is_register_page = is_page( $signup_slug ) ? true : false;
        }
        
        if ( $bp_is_register_page ) {
            add_action( 'get_header', array( $this, 'check_honeypot' ), 0  );
            add_action( 'wp_head', array( $this, 'print_styles' ) );
            add_action( 'bp_account_details_fields', array( $this, 'register_form' ), 99 );
        }
        
    }
    
    /**
     * Checks if a spambot stuck his hand in the honeypot.  If so, we'll cut off the user registration 
     * process so that the spam user account never gets registered.
     *
     * @since  1.0.0
     * @access public
     * @return void
     */
    public function check_honeypot() {

        if ( ! empty( $_POST['bbp-hp-site-name'] ) ) {
            wp_die( __( "Cheatin', uh?" ) );
        }

    }

    /**
     * Outputs custom CSS to the login head to hide the honeypot field on the user registration form.
     *
     * @since  1.0.0
     * @access public
     * @return void
     */
    public function print_styles() {
        ?><style type="text/css">.bbp-hp-site-name-field{display:none;position:absolute;width:0;height:0;left:-9001px}</style><?php
    }

    /**
     * Outputs custom jQuery to make sure the honeypot field is empty by default.
     *
     * @since  1.0.0
     * @access public
     * @return void
     */
    public function print_scripts() { 
        ?><script type="text/javascript">jQuery('#bbp-hp-site-name').val('');</script><?php
     }

    /**
     * Adds a hidden field that spambots will fill out but normal humans won't see.  In the off-chance 
     * that a real human has CSS disabled on their browser, the label should let them know not to fill 
     * out this form field.  This field will be checked to see if the visitor/spambot entered text into 
     * it.  This will let us know that they're a spambot.
     *
     * @since  1.0.0
     * @access public
     * @return void
     */
    public function register_form() {

        /* Load scripts for register form. */
        wp_enqueue_script( 'jquery' );
        add_action( 'login_footer', array( $this, 'print_scripts' ), 25 );

        ?><p class="bbp-hp-site-name-field">
            <label for="bbp-hp-site-name"><?php _e( 'Site Name', 'your-text-domain' ); ?></label><br />
            <input type="text" name="bbp-hp-site-name" id="bbp-hp-site-name" class="input" value="" size="25" autocomplete="off" /></label>
        </p><?php 
    }
}

new BuddyPress_Registration_Honeypot();

Enjoy!

Leave a Reply

Your email address will not be published.