Spam is one of the most discouraging things about managing a BuddyPress-powered social network. Since WordPress itself is already a magnet for spam signups and comments, BuddyPress is subject to the same and then some. With an ordinary WordPress site you can block most of it fairly well, but with BuddyPress you often have to wade through signups to verify that real humans aren’t getting blocked.
One of the best ways to cut down on the avalanche of unwanted signups is to restrict them by email domain. BP Restrict Signup by Email Domain is a plugin that allows you to whitelist an email domain or set of domains that will be required for registration on the site. You can also set an error message and create a custom message to appear on the registration page.
The plugin was created by BuddyPress contributing developer Ray Hoh for the CUNY Academic Commons. It’s part of a suite of plugins recommended by the Commons In A Box (CBOX) free software project. The university uses the plugin to ensure that anyone signing up to the Academic Commons will have a CUNY email address. You can see it in action on the registration page.
BP Restrict Signup by Email Domain works on both single site and multisite installations of WordPress. It has been tested with the latest version of BuddyPress (2.5) but should also be compatible back to version 1.6.
Not every social site can afford to limit email domains, but this plugin works well for academic sites, nonprofit or other types of organizations, or any community that excludes all but a few set email domains. BP Restrict Signup by Email Domain is open source on WordPress.org and is actively maintained for use on CUNY.
While managing a BuddyPress-powered site I discovered (after analysing thousands of registrations), that it’s more convenient and maintainable to have a block-list of domains. Here is mine: https://gist.github.com/slaFFik/69b129dbfdc2f3e128a6
I also use some stop-words lists, but they are not part of this conversation.
Spammers are using patterns (because they are automated), and regular users – are not. We have lots of public domains for emails (gmail, outlook, yahoo) and literally millions of those, that you don’t know (all other domains, where users can have own email set up). So it’s easier to scan using grep or
SELECTfor those records, that are repeating (patterns), than those that are not.
So I believe, that the plugin BP Restrict Signup by Email Domain was created not to prevent spam, but to be used in corporate and/or edu sphere, where you need to enable to register only users from a camp, or university, or company etc.
But the plugin is definitely useful. Thanks for sharing, both Sarah and Ray!