How to moderate signups
Since at some point spammers will find your site and create splogs, there’s many ways to stop them. Deleting them as they occur is like shovelling snow during a blizzard. You can add another field to signup, add a captcha, go invite-only, or in the case of my main niche blogging site - moderate the signups. This works well for smaller signups where you don’t get a huge number of new bloggers on a daily basis, and where spammers have proven to be a general nusiance, a potential embarrasement, as well as a time suck.
Basically, this is a light hack which re-words the signup page so users aren’t confused as to what is happening, and sends the activation email to you, the site admin, instead of the new user.
You’ll need to edit two files:
- public_html/wp-signup.php
- wp-includes/wpmu-functions.php
Open up wpmu-functions.php in your favorite text editor. Scroll down until you find the function wpmu_signup_blog_notification. Copy everything from $admin_email to just before the last } and paste it directly underneath.
Edited to add this bit:
$admin_email = get_site_option( “admin_email” );
if( $admin_email == ” )
$admin_email = ’support@’ . $_SERVER['SERVER_NAME'];
$from_name = get_site_option( “site_name” ) == ” ? ‘WordPress’ : wp_specialchars( get_site_option( “site_name” ) );
$message_headers = “MIME-Version: 1.0\n” . “From: \”{$from_name}\” <{$admin_email}>\n” . “Content-Type: text/plain; charset=\”" . get_option(’blog_charset’) . “\”\n”;
$message = sprintf(__(”To activate your blog, please click the following link:\n\n%s\n\nAfter you activate, you will receive *another email* with your login.\n\nAfter you activate, you can visit your blog here:\n\n%s”), $activate_url, “http://{$domain}{$path}”);
// TODO: Don’t hard code activation link.
$subject = sprintf(__(’Activate %s’), $domain.$path);
wp_mail($user_email, $subject, $message, $message_headers);
(Note: in case of future code edits this may end up looking a little different. So to clarify, it’s the section of this function that sends an email. It helps to read the code you’re tweaking. 
)
In the first section (the original bit we copied), change the message sent to the user to something like “We’ve recieved your signup request and you’ll get another email with your password.” Remove the $activate_url directly after that. This verifies that we are not sending them the activation link.
Now, in the bit you copied over, we’ll do a little more work. This is the message that will come to you, the site admin, and we have to add more details so we can determine if this is a legit signup. First, we’ll change the message that gets sent to us.
Mine looks like this:
$message = sprintf(__(”Someone at the address %s has signed up for a blog: %s. To activate this for them, please click the following link:\n\n%s\n\nAfter activation, the user will receive *another email* with their login.\n\nYou can visit their blog here:\n\n%s”), $user_email, $title, $activate_url, “http://{$domain}{$path}”);
The %s stands for string, and the value inserted is the first (or next) option listed directly after this message. By comparing this to the original, you can see I added the user’s email and the title of the requested blog. There are four %s in the message and four matching values at the end of it.
On the last line, change the line like this:
wp_mail($user_email, $subject, $message, $message_headers);
to this:
wp_mail($admin_email, $subject, $message, $message_headers);
This will send the message to the admin, not the user.
Another thing to do in this file is moderate the user signups as well. Spammers can still create splogs (and they will) if they can easily signup for just a username.
For ease of use, the function wpmu_signup_user_notification is just underneath the one we’ve been working on. Make the same changes as above.
Save your work.
Now that we have moderated the signups, we need to inform the users we did so. Otherwise, you’ll get dozens of annoyed potential users asking “Where’s my activation key???”
Open up wp-signup and find the function confirm_user_signup (line 292). All we are going to change is the text of the messages. I changed mine to read something like, “But, before you can start using your new username, we must activate it. Check your inbox for the password we will send to you. If you do not get an activation notice within two days, please email support.”
Scroll down a little further to line 362 to the confirm_blog_signup function, and make similar changes to the message there. Save your work.
Make sure you save a copy of the original files somewhere, then you can replace them with your new edited version of the files. Whenever you upgrade, you can overwrite the files with the new version and make these changes again, OR you can use the revision log to make line-by-line upgrades to each file.
wp-signup revision log
wpmu-functions revision log
October 5th, 2007 at 2:53 pm
Good article. But how do you identify the spammer from a good intentional user. How to make a decision from the signup name or email address. Thanks,
TW
Good article. But how do you identify the spammer from a good intentional user. How to make a decision from the signup name or email address. Thanks,
TW
October 5th, 2007 at 3:05 pm
In my experience, it’s usually easy to determine a spammer.
- Their email is suspect for one. It usually doesn’t make any sense (nonsense characters and letters together) and/or is from a recognizably spammy domain (a lot of .info ones)
- They fill in the title with links or the words Default Title, which is a BIG tip-off. What person would type in Default Title as their blog title?
- the username, blog title and email are all identical. This is a little sneakier, but most people want to express themselves and wouldn’t pick the same phrase for all of the options.
It is hard if you’re just looking at one or two options, but I found all of them together, especially with the blog title, make it quite obvious in many cases.
When in doubt, you’ve just been sent the user’s email address and you can email them to verify their existance.
In my experience, it’s usually easy to determine a spammer.
- Their email is suspect for one. It usually doesn’t make any sense (nonsense characters and letters together) and/or is from a recognizably spammy domain (a lot of .info ones)
- They fill in the title with links or the words Default Title, which is a BIG tip-off. What person would type in Default Title as their blog title?
- the username, blog title and email are all identical. This is a little sneakier, but most people want to express themselves and wouldn’t pick the same phrase for all of the options.
It is hard if you’re just looking at one or two options, but I found all of them together, especially with the blog title, make it quite obvious in many cases.
When in doubt, you’ve just been sent the user’s email address and you can email them to verify their existance.
October 5th, 2007 at 5:35 pm
Hi!..
Is this for Wpmu 125a? Because the line numbers you give dont line up with I get in my program and u dont say what to copy and paste execpt –> Open up wpmu-functions.php in your favorite text editor. Scroll down until you find the function wpmu_signup_blog_notification (line 1106)(1106 in my program is [$meta = serialize($meta)]. Copy everything from line 1114 to line 1122 and paste it directly underneath. –Underneath what? .. function wpmu_signup_blog_notification ? As You can see Im trying to learn..
Hi!..
Is this for Wpmu 125a? Because the line numbers you give dont line up with I get in my program and u dont say what to copy and paste execpt –> Open up wpmu-functions.php in your favorite text editor. Scroll down until you find the function wpmu_signup_blog_notification (line 1106)(1106 in my program is [$meta = serialize($meta)]. Copy everything from line 1114 to line 1122 and paste it directly underneath. –Underneath what? .. function wpmu_signup_blog_notification ? As You can see Im trying to learn..
October 5th, 2007 at 7:07 pm
You’re looking for the function called wpmu_signup_blog_notification, which is a few lines down at 1114. Gotta read the code too.
I took the line numbers right out of trac for the absolute latest copy. Copy everything from $admin_email (line 1122) to the end brace (but not including it) and paste it right before that end brace. Continue as directed.
You’re looking for the function called wpmu_signup_blog_notification, which is a few lines down at 1114. Gotta read the code too.
I took the line numbers right out of trac for the absolute latest copy. Copy everything from $admin_email (line 1122) to the end brace (but not including it) and paste it right before that end brace. Continue as directed.
October 6th, 2007 at 8:03 am
Great hack, I did it myself and got it working in no time.
Great hack, I did it myself and got it working in no time.
October 18th, 2007 at 9:11 am
It sounds like a great hack, but I couldn’t get it to work. The wpmu-functions file has changed several times, and the version on trac doesn’t match the lines you suggested changing. Could you copy and paste the code here that need to be copied instead of just telling us the line numbers? Or at least copy and paste the first line and the last line (not just the line numbers)?
Thanks
It sounds like a great hack, but I couldn’t get it to work. The wpmu-functions file has changed several times, and the version on trac doesn’t match the lines you suggested changing. Could you copy and paste the code here that need to be copied instead of just telling us the line numbers? Or at least copy and paste the first line and the last line (not just the line numbers)?
Thanks
November 2nd, 2007 at 11:55 pm
Andrea/All,
I’m interested in implementing an invite only system on my wpmu site. Do you have any code you can share that might help me get this going? Are there any plug-ins available?
Thanks!
Andrea/All,
I’m interested in implementing an invite only system on my wpmu site. Do you have any code you can share that might help me get this going? Are there any plug-ins available?
Thanks!
January 10th, 2008 at 3:40 pm
For some reason i still cant get it too work either ? HELP
For some reason i still cant get it too work either ? HELP
January 17th, 2008 at 12:00 am
This code caused my site to stop working. I get errors like this one.
————————-
Parse error: syntax error, unexpected ‘:’ in /home2/arkblogs/public_html/wp-includes/wpmu-functions.php on line 1006
————————-
Don’t copy the code from this site. Just make changes to the text the emails sends out.
This code caused my site to stop working. I get errors like this one.
————————-
Parse error: syntax error, unexpected ‘:’ in /home2/arkblogs/public_html/wp-includes/wpmu-functions.php on line 1006
————————-
Don’t copy the code from this site. Just make changes to the text the emails sends out.
January 17th, 2008 at 11:16 am
If you just change the email text, that’s all it does - send different emails, no moderation.
You got the error for one of three reasons:
- it wasn’t copied correctly (sometimes scraping it can catch odd characters)
- you’re using a different php version
- there’s something different in the latest code.
The error you’re getting means there’s a stray colon somewhere, an error in syntax, which leads me to believe it may be a combo of a different php version (I haven’t tried this on php5) and possibly a change in the recent code.
The code changes pretty often, so something form a few months ago may certainly need changing.
If you just change the email text, that’s all it does - send different emails, no moderation.
You got the error for one of three reasons:
- it wasn’t copied correctly (sometimes scraping it can catch odd characters)
- you’re using a different php version
- there’s something different in the latest code.
The error you’re getting means there’s a stray colon somewhere, an error in syntax, which leads me to believe it may be a combo of a different php version (I haven’t tried this on php5) and possibly a change in the recent code.
The code changes pretty often, so something form a few months ago may certainly need changing.
May 17th, 2008 at 9:23 pm
Huh? I’m sorry. I’m not followign the instructions. EXACTLY what code am I supposed to paste and WHERE I am supposed to paste it? I’m not following your sentences here … sorry.
Huh? I’m sorry. I’m not followign the instructions. EXACTLY what code am I supposed to paste and WHERE I am supposed to paste it? I’m not following your sentences here … sorry.
May 18th, 2008 at 12:04 pm
For example:
“Directly underneath” where?
For example:
“Directly underneath” where?
July 23rd, 2008 at 10:22 am
In the function wpmu_signup_blog_notification you copy the lines from $admin_email to just before the last } and paste them under this copied section but before the last }.
Nice hack, great for my site, in that I really missed admin control over registration. Lucky I found your blog and browsed here…
In the function wpmu_signup_blog_notification you copy the lines from $admin_email to just before the last } and paste them under this copied section but before the last }.
Nice hack, great for my site, in that I really missed admin control over registration. Lucky I found your blog and browsed here…