Spam blogs and Buddypress

A couple weeks ago we posted that D’Arcy Norman has figured out a quick htaccess method to stop those sploggers from doing their automated signups.

You can modify those rewrite rules to work with Buddypress:

  • Replace yourbpsignupslug with the slug used for your BP signup (ex. register).
  • And, replace yourhomedomain with the domain of you home blog (ex.

Add these rewrite rule before the #uploaded files:

RewriteCond %{REQUEST_URI} .yourbpsignupslug*
RewriteCond %{HTTP_REFERER} !.*yourhomedomain.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) [R=301,L]

About Ron

Homeschooling dad of 4 (ages 27 - 14), grampy to 3, WordPress core contributor, former farmboy & software developer by profession.


  1. Thank you for sharing this information. I used captcha protection – but it’s not perfect. The more walls between users and spammers – the better.
    [rq=214,0,blog][/rq]Аддон к [CDPACK] – BuddyPress Russian Months v0.5

  2. Thanks for the BuddyPress explanation. I’m not sure how I would test this to make sure it’s working. Got a new site so it’s not like I would see a decline in spam registrations to measure against a baseline. Any ideas?


  3. This would also block users who have turned off referrer reporting in their browsers. I’m guessing that is not a significant portion of users, but does anyone know?

    (It would also fail to block spambots smart enough to fake their referrer info. Just the usual arms race.)

  4. How do I know what my sign up slug is?

    Sorry – I’m a WP newbe.

    • If you visit your site while not logged in, the signup link will be in the admin bar. Just hover over it to see the slug.

  5. Would the slug always be register? I have
    RewriteCond %{REQUEST_URI} .register*
    as the entry for the slug and have deleted the WP MU register file and the bbPress ones also.

    I have no idea how splog registers are signing up but I am close to looking elsewhere for a solution 12 -20 splogs a day and a deny list of close to 120 IP addresses. It is getting real old using 1/2 hour a day of my life to clean up after these jerks.

    I know they are using an automated method because I installed BP-Registration-Options
    and although it does not really work well enough to use yet I could tell the amount of automated to actual sign ups. Almost all sploggers are automated on my site.

  6. Thank you!
    Here is a modified re-Captcha to work with BuddyPress.
    Hope this will help :)

  7. it doesn’t work. I pasted the following code in .htaccess file.

    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .register*
    RewriteCond %{HTTP_REFERER} !.** [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) [R=301,L]

    but still blogs are being made by spammers. Is there any other solution to stop spammer?

  8. This worked prior to wpmu2.9. I got tons of splogs right after I upgraded.

    I don’t know if it’s a coincidence.

  9. Sorry it might not be a correct place to ask, but it seems you know quite a lot about bp and I cant find this info anywhere else.

    My question:
    As I have a site in russian lang and when the group is created or forum it tries to use cyrillic in a slug, which messes everything up.

    How can I change rewrite rules for bp, so that instead of slug id is used?

    Thanks in advance


  10. Thanks Ron. quick questions. The code above differs sligly from the code suggested in the WPMU readme file on spam protection.
    In particular, your code does not include the following line:
    RewriteEngine On

    Is this line necessary?

    Second question, do I just need to include my sign-up slug (in my case “register”)?



  1. [...] I can defeat the machine spambots thanks to what I learned from Norman D’Arcy here and Ron Rennick at WPMU Tutorials here, I cannot defeat the live human spambloggers who are paid to post.   Hey, I figure they are [...]

  2. [...] Spam blogs and Buddypress – WPMU Tutorials – [...]

  3. [...] information regarding splog problems on WordPress MU 3. A couple were and involving adding the following to the .htaccess file of WordPress for my BuddyPress register [...]