bbPress Codex

Dealing with Spam

There is many areas on your site where spam could wreak havoc that you will need to focus on, and while spam can increase the workload of forum Moderators and Keymasters, this guide will hopefully lead you in the right direction to add a wall of defense against spam and help keep spam on your website to a minimum. 

Identifying Spam

What is Spam?

It is most common for spam posts to consist of links and more often with an advertisement that leads to external sites with the goal of increasing search engine visibility and generating more traffic to their websites.

There are usually two types of spammers.

• Automated – Mainly a script that is able to register an account to websites and post.
• Human – An actual human being spamming websites.

Automated Spambot

Below is an example of a spambot that leaves posts similar to this.

The automated spam bot will most likely do all of the actions listed below.

• Place a single link or multiple links to a site/s for a business or service. The links could be hidden in a large amount of text for it to not be easily seen.
• Leave a description of their website in posts and also their forum profile.
• Bump and reply to old topics.
• Reply to topics and leave a minimal reply like “good” or copy an existing reply in a topic but slip in a link at the end.
• Titles of some topics may seem not to be relevant to the information in the posts content.
• Post off-topic replies.
• Have their display name and username be the website they are linking to.
• Post in an entirely different language then what is in the topic.

These usually fill out most input fields automatically and are very easy to spot and identify. These spammers could be easily handled by some plugins listed in this guide.

Human Spammer

Below is an example of a human spammer that leaves posts similar to this. Some won’t be as obvious as this though so it is the moderator’s decision to make any further.

The human spammer will most likely do all of what is listed below as well as possibly do some actions a normal spambot would do.

• Get past most spam checks.
• Could have a Gravatar.
• Post on-topic replies.
• Bump and reply to random topics.
• Post infrequently.

Human spammers could be incredibly difficult to distinguish from other users in your forums, but you can identify a spammer by their actions on your website by checking their activity on their forum profile.

It is best to have moderators in your forums to decide on which users are in fact spammers based on their observations of the user, and see if they do any of the actions listed above.

Inbuilt Tools to Handle Spam

All these settings should be in the WordPress backend in Settings > Forums.

Editing time
bbPress allows users to edit their own topics and replies. This is great to fix minor typos, unfortunately it also gives some spammers a chance to write a friendly reply first then edit it later to link back to the spammers website.

The default setting of 5 minutes should be fine. Going lower on this setting would be better but make sure this doesn’t annoy your users. This setting does not affect Keymasters and Moderators as they have the capability to edit posts indefinitely.

Throttle time
Throttle time or flood control, is the required amount of time a single author is able to post. This is to avoid users posting multiple times in a short time span and to help avoid abuse from programs delivering spam.

The default setting of 10 seconds is fine. Going higher on this setting would be better but make sure that it would not annoy your users.

Akismet integration

bbPress is fully integrated with Akismet. Akismet scans a bbPress topic or reply before it is posted to see if it is spam or ham (not spam) with it’s scanning service which runs hundreds of tests and either marks a post as spam or not. If it does catch a topic that is spam, you will see it in the WordPress backend in the topics section under spam, and the same process for replies.

Using WordPress Comment Moderation Settings

Not much people know this but you can use WordPress’s comment moderation and blacklisting settings for bbPress. You can find more information about that in the Moderation and Blacklisting Guide.

If you need a curated list of words to add into the comment blacklist,  you can find a list on Github and from there you can copy the text from whatever file you need. On the page you can read below how to use it manually or installing plugins like Comment Blacklist Manager that will automatically update the curated list to your comment blacklist section.

Topic and Reply Form Protection

One great way to stop spam posts from being present on your forums is to have some kind of protection on the topic and reply creation forms in your forums. There are tons of plugins like Akismet that are integrated with bbPress to help stop spammers from posting any of their mess. Having some kind of protection against spammers on the topic and reply forms is especially helpful if you have enabled anonymous posting on your site. Having this enabled will allow anyone to post to your bbPress forum without even being registered to your site, enabling anonymous posting lets spam wreak havoc because of this. If you do want to use anonymous posting, it is recommended that you protect the topic and reply forms from spam.

Check out any plugin’s listed below homepage on WordPress.org for more information about setting it up.

Use a captcha

• Advanced noCaptcha reCaptcha – Uses Google’s reCAPTCHA service to display a captcha on topic and reply forms.
• Math Captcha – This is just a simple math captcha.

Use a honeypot

• Spam Destroyer –  Inserts a hidden field on topic and reply forms that spambots will automatically fill out in most cases and be caught as a spammer.

Moderation notifications
Using bbPress Notify you can optionally pick the roles that would receive notifications of any new topic/reply post.

Manual approval
Installing bbPress Moderation will give you the ability to manually approve pending topics and replies awaiting moderation.

Registration Spam

Make sure you have some kind of spam protection on the registration form of your site since this is the access point to your site for bbPress. Let it be either registration honeypots, captchas, questions,  and IP blacklist databases to block the spammers from accessing your site.

If you have BuddyPress installed it may be helpful to also check out their guide for some plugins that work with BuddyPress’s registration process and form.

Check out any plugin’s listed below homepage on WordPress.org for more information about setting it up.

Required email confirmation
A way to avoid spam registrants is to require new registrants to confirm their email for activation. There are tons of plugins in the WordPress repository that allow this kind of functionality and some also allow custom login/registration forms like Theme My Login.

Manually Approve New Registrants
Manually approving users might be useful for a small niche community or a site that has been through a large spam attack and now wants to allow the Admins to manually approve each new user. Luckily there are a couple of WordPress plugins that can do this, here is one of the few WP Approve User.

Invitation Only
For a very private site you can allow to send invites to certain members with WP-Invites.

Registration captcha

• WangGuard – Allows the user to input an answer to a custom question during registration. You can input multiple custom questions for the registrant to try to answer in the plugin settings.
• Advanced noCaptcha reCaptcha – Uses Google’s reCAPTCHA service to display a captcha on the registration form.
• Math Captcha – This is just a simple math captcha.

Registration Honeypot

• Spam Destroyer – Inserts a hidden field on the bbPress registration page, the default WordPress registration page, multisite compatible.
• WangGuard – Includes an option to insert a honeypot in the registration form.

IP blacklist databases
To check if the current user trying to register is a spammer based on their IP using IP blacklist databases you can use any of the following plugins listed below.

Plugin Name	Blacklist Databases
Stop Spammers Spam Prevention	StopForumSpam, Project Honeypot, BotScout, Spamhaus
Bad Behavior	Project Honeypot
AP HoneyPot WordPress Plugin	Project Honeypot
WP Stop Forum Spam	StopForumSpam

IP Blacklist Database sites*

StopForumSpam

Project Honeypot

Spamhaus

BotScout

All In One Anti-Spam Solutions

WangGuard
WangGuard is a freemium solution that requires registration and an API key from their site. It handles registration spam quite well and also includes security questions on the registration forms, registration honeypot, duplicated account verification, blocking users by their email domain, cleaning unwanted registered spam users and much more in additional separate plugins.

Stop Spammers Spam Prevention
The plugin Stop Spammers Spam Prevention is really useful for handling registration spam and also includes tools to handle comment and contact form spam. This has features like scanning an IP address with 4 different IP blacklist databases, denying disposable email addresses, block invalid HTTP-REFERRER, block users with over 64 character usernames and emails, block bbcode posts, block specific countries from registering to your site, and much more to stop registration spam.

Additional Steps to Stop Spam

Allow your community to report posts
You can let the users on your site report users as spam on your site using two very similar plugins

• bbPress – Report Content
• bbpress – Report Abuse

They both add a “Report” link to the admin links on each post near the reply link. When each post is reported in either plugin, the Moderators and Keymasters will see a notification/message that the particular post reported needs their attention. The Moderators and Keymasters will then take action and either spam the post or un report the post if it is accepted as safe.

Using rel=nofollow on links
The nofollow attribute is a method to stop spammers. bbPress automatically adds rel=nofollow to all hyperlinks in a reply or a topic post. SEO Spammers will deprive no benefit from posting on your forums.

Create community guidelines
You can make the text widget pretty handy in your sidebar and create a list of guidelines for your users to follow, make a super sticky topic with forum rules to show on all forums on your site, and you can just link to a separate page that lists all your forum rules.

Allow login from social networks
Installing a social login or registration plugin will limit the amount of spam registrants on your site. There are tons of plugins free or paid that can accomplish this, so take a look and compare each and choose the best plugin that peaks your interest.

Additional Resources

These are mostly about comment spam in WordPress, but some of the information in each of the guides are useful to learn.

• Comment Spam
• Combating Comment Spam
• Combating Comment Spam: FAQ
• Combating Comment Spam: Deny Access

---