Skip to:

Opened 12 years ago

Closed 6 years ago

#4200 closed enhancement (maybelater)

Better spam-prevention admin settings (password strength, username blacklists, content filters)

Reported by: dbasolo's profile dbasolo Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Core Keywords: trac-tidy-2018

Description (last modified by boonebgorges)

For buddy press

I have for the past several months been receiving several spam / fraud accounts through buddy press via my website Is there or shouldn’t there be an area to set the security up for usernames, passwords, and first and last name fields? Example I should have a place to add and edit items I believe should not be allowed such as in the name field first name and last name I should be able to say in this field that numerical characters such as 1,2,3,4 etc cannot be used and or alphabetical characters in sequence like abcd of aaa, zzz, ddd making the user use their actual name. In the password field I should be able to say must contain one numerical and capital letter and password must be a minimum of 8 characters etc.. Also there should be a setting for email criteria so you can ad and edit a list you create that you consider to be invalid or false and or fraudulent accounts. For example I might would say any email that is aajjaajjaajj@… is not a valid email account.

Spam today is horrible and there isn’t much you can do about it if you don’t have these features available so we buddy press users can add to a growing list we create thus making our sites more and more and more secure.

Also there isn’t a feature I can see that allows me to say I don’t want users to use html in there post and or activity streams. there should also be a list you can add words to that you don’t want to have on your site say if your site is pg13 then I should be able to exclude words like ass, and f@#@ck from being used via there profiles. Wordpress has this feature for comments!

Can you assist me in trying to fix these issues? I receive 15+ fake spam accounts a day.

Change History (4)

#1 follow-up: @boonebgorges
12 years ago

  • Description modified (diff)
  • Milestone changed from Awaiting Review to Future Release
  • Severity changed from critical to normal
  • Summary changed from No Spam Features or User security to Better spam-prevention admin settings (password strength, username blacklists, content filters)

I'm removing your phone number and email address, as you probably don't want them here in this public forum. I'm also going to change the description to something more accurate, as this is not a security issue per se.

The issue of spam on BuddyPress installations has been discussed often here, on, and elsewhere. Here are a few helpful links:

Your suggestions for password strength and username restriction fields are good ideas. I'm not sure that they have a place in BuddyPress itself - they seem more like they should be WordPress features, or at the very least should be part of a more general WordPress plugin - but I will leave the ticket open as an enhancement request for these suggestions.

Your suggestions regarding content filtering are reasonable. Some of your concerns will be taken care of by the integration of Akismet filtering for activity streams in BP 1.6.

#2 in reply to: ↑ 1 @dbasolo
12 years ago

Well I have read all your links for assistance. Unfortunately this doesn’t cover the issue at hand. All these links are great and very helpful but they all are rather common and don’t help a whole lot. I have some of these plugins but my 15+ spam accounts a day are due to real people from marketing agencies paid to bypass these protective measures.

This is why my suggestions is crucial to the development of a future release through buddy press. PHP is great and allows you to create certain variables in the fields that a user is supposed to add content to. As my example’s before you can deny phony identities by simply saying in the name field that numbers aren’t allows or aaa, bbb, ccc, etc.. And having an area in buddy press settings giving you the ability to always add new ones as they come up will give your users the ability to continue creating a more and more secure site. A step further would be to have a database here that people can vote on these words and strings of characters and have them added to each release of buddy press as well! can you imagine all your users feeding a database that they could vote on, making a securer release for buddy press for all your new users and at the same time fully customizable by the individual user to add what he or she wants. Thus everyone benefits from every user as they uncover spam. Such is the same for emails, passwords ect... Sure it may be a gruesome to accomplish for buddy press but you would also be the only social network plugin with these features. (-:

Even Facebook must rely mostly on them self’s to accomplish as much but you don’t have to! And the majority of it could be automated through a voting process only allowing each user to vote once on any particular string. At 5 stars or 100 votes that word or string for that field could be added to buddy press master list! But at minimum it should be at least offered to your users.

#3 @DJPaul
6 years ago

  • Keywords trac-tidy-2018 added

We're closing this ticket because it has not received any contribution or comments for at least two years. We have decided that it is better to close tickets that are good ideas, which have not gotten (or are unlikely to get) contributions, rather than keep things open indefinitely. This will help us share a more realistic roadmap for BuddyPress with you.

Everyone very much appreciates the time and effort that you spent sharing your idea with us. On behalf of the entire BuddyPress team, thank you.

If you feel strongly that this enhancement should still be added to BuddyPress, and you are able to contribute effort towards it, we encourage you to re-open the ticket, or start a discussion about it in our Slack channel. Please consider that time has proven that good ideas without contributions do not get built.

For more information, see
or find us on Slack, in the #buddypress channel:

#4 @DJPaul
6 years ago

  • Milestone Awaiting Contributions deleted
  • Resolution set to maybelater
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.