Skip to:
Content
Pages
Categories
Search
Top
Bottom

Dealing with Spam

Codex HomeGetting StartedForum Moderation → Dealing with Spam

There is many areas on your site where spam could wreak havoc that you will need to focus on, and while spam can increase the workload of forum Moderators and Keymasters, this guide will hopefully lead you in the right direction to add a wall of defense against spam and help keep spam on your website to a minimum. 

Identifying Spam

What is Spam?

It is most common for spam posts to consist of links and more often with an advertisement that leads to external sites with the goal of increasing search engine visibility and generating more traffic to their websites.

There are usually two types of spammers.

Automated Spambot

Below is an example of a spambot that leaves posts similar to this.

spamuser1

The automated spam bot will most likely do all of the actions listed below.

These usually fill out most input fields automatically and are very easy to spot and identify. These spammers could be easily handled by some plugins listed in this guide.

Human Spammer

Below is an example of a human spammer that leaves posts similar to this. Some won’t be as obvious as this though so it is the moderator’s decision to make any further.

spam user with Gravatar

The human spammer will most likely do all of what is listed below as well as possibly do some actions a normal spambot would do.

Human spammers could be incredibly difficult to distinguish from other users in your forums, but you can identify a spammer by their actions on your website by checking their activity on their forum profile.

It is best to have moderators in your forums to decide on which users are in fact spammers based on their observations of the user, and see if they do any of the actions listed above.

Inbuilt Tools to Handle Spam

inbuilt spam control

All these settings should be in the WordPress backend in Settings > Forums.

Editing time
bbPress allows users to edit their own topics and replies. This is great to fix minor typos, unfortunately it also gives some spammers a chance to write a friendly reply first then edit it later to link back to the spammers website.

The default setting of 5 minutes should be fine. Going lower on this setting would be better but make sure this doesn’t annoy your users. This setting does not affect Keymasters and Moderators as they have the capability to edit posts indefinitely.

Throttle time
Throttle time or flood control, is the required amount of time a single author is able to post. This is to avoid users posting multiple times in a short time span and to help avoid abuse from programs delivering spam.

The default setting of 10 seconds is fine. Going higher on this setting would be better but make sure that it would not annoy your users.

Akismet integration
akismet integration

bbPress is fully integrated with Akismet. Akismet scans a bbPress topic or reply before it is posted to see if it is spam or ham (not spam) with it’s scanning service which runs hundreds of tests and either marks a post as spam or not. If it does catch a topic that is spam, you will see it in the WordPress backend in the topics section under spam, and the same process for replies.

Using WordPress Comment Moderation Settings

Not much people know this but you can use WordPress’s comment moderation and blacklisting settings for bbPress. You can find more information about that in the Moderation and Blacklisting Guide.

If you need a curated list of words to add into the comment blacklist,  you can find a list on Github and from there you can copy the text from whatever file you need. On the page you can read below how to use it manually or installing plugins like Comment Blacklist Manager that will automatically update the curated list to your comment blacklist section.

Topic and Reply Form Protection

Anonymous post form with reCAPTCHA

One great way to stop spam posts from being present on your forums is to have some kind of protection on the topic and reply creation forms in your forums. There are tons of plugins like Akismet that are integrated with bbPress to help stop spammers from posting any of their mess. Having some kind of protection against spammers on the topic and reply forms is especially helpful if you have enabled anonymous posting on your site. Having this enabled will allow anyone to post to your bbPress forum without even being registered to your site, enabling anonymous posting lets spam wreak havoc because of this. If you do want to use anonymous posting, it is recommended that you protect the topic and reply forms from spam.

Check out any plugin’s listed below homepage on WordPress.org for more information about setting it up.

Use a captcha

Use a honeypot

Moderation notifications
Using bbPress Notify you can optionally pick the roles that would receive notifications of any new topic/reply post.

Manual approval
Installing bbPress Moderation will give you the ability to manually approve pending topics and replies awaiting moderation.

Registration Spam

wordpress registration form

Make sure you have some kind of spam protection on the registration form of your site since this is the access point to your site for bbPress. Let it be either registration honeypots, captchas, questions,  and IP blacklist databases to block the spammers from accessing your site.

If you have BuddyPress installed it may be helpful to also check out their guide for some plugins that work with BuddyPress’s registration process and form.

Check out any plugin’s listed below homepage on WordPress.org for more information about setting it up.

Required email confirmation
A way to avoid spam registrants is to require new registrants to confirm their email for activation. There are tons of plugins in the WordPress repository that allow this kind of functionality and some also allow custom login/registration forms like Theme My Login.

Manually Approve New Registrants
Manually approving users might be useful for a small niche community or a site that has been through a large spam attack and now wants to allow the Admins to manually approve each new user. Luckily there are a couple of WordPress plugins that can do this, here is one of the few WP Approve User.

Invitation Only
For a very private site you can allow to send invites to certain members with WP-Invites.

Registration captcha

Registration Honeypot

IP blacklist databases
To check if the current user trying to register is a spammer based on their IP using IP blacklist databases you can use any of the following plugins listed below.

Plugin Name

Blacklist Databases

Stop Spammers Spam Prevention StopForumSpam, Project Honeypot, BotScout, Spamhaus
Bad Behavior Project Honeypot
AP HoneyPot WordPress Plugin Project Honeypot
WP Stop Forum Spam StopForumSpam

IP Blacklist Database sites*

StopForumSpam

Project Honeypot

Spamhaus

BotScout

All In One Anti-Spam Solutions

WangGuard
WangGuard is a freemium solution that requires registration and an API key from their site. It handles registration spam quite well and also includes security questions on the registration forms, registration honeypot, duplicated account verification, blocking users by their email domain, cleaning unwanted registered spam users and much more in additional separate plugins.

Stop Spammers Spam Prevention
The plugin Stop Spammers Spam Prevention is really useful for handling registration spam and also includes tools to handle comment and contact form spam. This has features like scanning an IP address with 4 different IP blacklist databases, denying disposable email addresses, block invalid HTTP-REFERRER, block users with over 64 character usernames and emails, block bbcode posts, block specific countries from registering to your site, and much more to stop registration spam.

Additional Steps to Stop Spam

Allow your community to report posts
You can let the users on your site report users as spam on your site using two very similar plugins

They both add a “Report” link to the admin links on each post near the reply link. When each post is reported in either plugin, the Moderators and Keymasters will see a notification/message that the particular post reported needs their attention. The Moderators and Keymasters will then take action and either spam the post or un report the post if it is accepted as safe.

Using rel=nofollow on links
The nofollow attribute is a method to stop spammers. bbPress automatically adds rel=nofollow to all hyperlinks in a reply or a topic post. SEO Spammers will deprive no benefit from posting on your forums.

Create community guidelines
You can make the text widget pretty handy in your sidebar and create a list of guidelines for your users to follow, make a super sticky topic with forum rules to show on all forums on your site, and you can just link to a separate page that lists all your forum rules.

Allow login from social networks
Installing a social login or registration plugin will limit the amount of spam registrants on your site. There are tons of plugins free or paid that can accomplish this, so take a look and compare each and choose the best plugin that peaks your interest.

Additional Resources

These are mostly about comment spam in WordPress, but some of the information in each of the guides are useful to learn.

Skip to toolbar