My WPMU site Stampin Corner started getting hit the day it went live and I’d see between 5 an 15 new spam blogs created every day. After searching around and trying several solutions intended to stop the bots, and getting frustrated none of them really worked, I decided to just modify an existing plugin that I use on my regular WordPress installations.
It’s called WPMU Block Spam By Math. It’s based on the simple, yet highly effective plugin Block-Spam-By-Math created by Alexander Grau. Where Alexanders plugin protects your blogs registration, login and comment forms from spambots, WPMU Block Spam By Math protects your new blog creation process and the new user creation process.
It’s a simple plugin really but I find it to be highly effective at what it does. By simply adding math question to workflow (something like “what is 5+2 ?”). I won’t say it’s 100% effective but after adding this plugin to Stampin Corner two weeks ago, I’ve not had a single spam blog created (knock on wood).
Installation is simple:
- NOTE: As of version 1.2 of this plugin you must have Buddypress 1.2.3 installed. For prior versions of BP you will need an older version of the plugin.
- Download the plugin from WordPress.org.
- Copy it to the wp-content/mu-plugins directory of your blog.
That’s all there is to it. You should now start seeing a dramatic reduction in the amount of spam blogs you see created. NOTE: This does not protect against those spammer who take the time to manually create spam blogs on your site. For those I recommend barbed wire and toothpicks under the fingernails.
BuddyPress Users
If you are using BuddyPress this plugin should still work fine unless you are using the default BuddyPress theme. If you want this plugin to work with the ‘bp-default’ theme you need to make a manual edit to create a new hook location. The process is very simple.
For versions of BP prior to 1.2.2
Open your wp-content/themes/bp-sn-parent/registration/register.php file.
Locate this line of code (approx. line 215).
<?php if ( 'completed-confirmation' == bp_get_current_signup_step() ) : ?>
BELOW this add this line of code:
<?php do_action( 'bp_before_current_signup_step' ) ?>
For versions of BP 1.2.2 and newer (tested on 1.2.3)
- Simply install/upgrade the plugin
I completely skipped 1.2.2 but since it was reported the plugin wasn’t working correctly on that version I’m going to assume the problem was the same. If you are on 1.2.2 and still have problems upgrade to at least 1.2.3.
It appears BP is now able to bundle their default theme within the plugin directory and in doing so added a new hook which I had to manually add in previous versions. This update applies to an unaltered install of BP 1.2.3, if you have the older BP default theme in your wp-content/themes directory you should be able to delete it then activate the new default theme which resides in wp-content/plugins/buddypress/bp-themes/bp-default. (NOTE: This plugin will no longer work properly using the older default theme if you’ve upgraded BuddyPress).
There are NO manual edits for this version of BP just be sure you have downloaded and installed version 1.2 of the WPMU-Block-Spam-By-Math plugin. It should as simple as auto updating Buddypress and updating WPMU-Block-Spam-By-Math to the latest version (download from Codex or use link above) then switching your theme to the new Buddypress default theme.
FAQ
- Does this plugin work with the regular Block spam By Math plugin?
Yes, you can run both. I use the regular WordPress plugin on my WPMU site as well to allow individual site owners the option to add the protection at the blog level. - Does this plugin work on regular WordPress?
No. This is only targeting the WPMU new blog signup and new user signup functions. If you need WP registration, login and comment protection I recommend you get the Block Spam By Math plugin. - Change I change the math questions?
Yes, just edit the two rand functions in the plugin file to generate whatever type of numbers you want. - Does this plugin work with BuddyPress?
Yes. See the Buddypress note above under installation. You have to perform a manual edit in order for it to work with the default Buddypress theme.
Support
If you like this plugin and want to support me, leave a comment or check out my donations and support page!
{ 17 comments… read them below or add one }
i have actived the plugin on http://ciaobbweb.com but it seem do not work
I have buddypress installed with multi fields
http://ciaobbweb.com/register
I am unable to get your plugin WPMU Block Spam By Math to work on a WPMU 2.9.1.1 fresh install, have any suggestions?
Have you thought about setting this plugin up to work with buddypress?
This is the one type of plugin I’m missing for buddypress … the Captcha just isn’t cutting it!
Actually I’ve never used Buddypress but I’m hoping to look at the problem with WPMU 2.9.1 this week so I’ll try and give it a go with BP as well.
@Gid, how did you managed to set up your forum section? I am getting desperate with the styling of BBpress. I would appreciate your help admin@ecoflare.eu
btw. this plugin works for me! (WPMU 2.9.1)
I’ve updated this plugin to work with the Buddypress default theme. Be sure to read the update under the installation instructions as there is a manual edit you have to make to one of the theme files for this to work.
As noted, Im not a big Buddypress user but on a generic install with WPMU 2.9.1.1 and the latest BPress it appears to work. If you run into a problem, just post it here.
I’ve also tested this on WPMU 2.9.1.1 and it seems to work fine.
Thanks James
Its works like a charm! Now my Buddypress site is powered with your preety plug-in
Hi James,
back again.. The plugin used to work as you described in the manual.
However as soon I did an upgrade to wpmu 2.9.2 and Buddypress 1.2.2.1 it stopped. Any plans to upgrade it? I use a child theme, but tried to copy the registration page to my child, to be able to do changes you suggest.
The math request does appear on the registration page, but is not verified with the submitting, so basically you can leave it empty and Buddypress will give you a name anyway.
I will try to have a look how the Super-CAPTCHA plugin is doing it. But nowadays are captha’s easy to read by robots..
That’s why I like your more
Bedo, I’ve updated the plugin using BP 1.2.3. BP added a new hook in their core that makes my manual edit no longer necessary. It also makes their process a little cleaner than it was. If you’ve updated to BP 1.2.3 (I assume the change is in 1.2.2 as well) then you no longer need the old default theme (and this plugin will no longer work with it). Switching to the new default theme and updating this plugin to v1.2 should take care of the problem. Let me know if there is still an issue.
Hi James, it is working like a charm! Thank you!
HI. I wanted to change addition to subtraction. I have changed the plus sign to a minus sign and of course the html message. trying to register with a wrong number I can still register.
here is my code:
<?php
/*
Plugin Name: WPMU-Block-Spam-By-Math
Plugin URI: http://www.jamespegram.com/wpmu-block-spam-by-math/
Description: This plugin protects your WPMU signup process against spambots with a simple math question. This plugin is based on the Block-Spam-By-Math plugin created by Alexander Grau. This only protects the new blog creation process and the new user creation process. If you wish to have individual blog protection use the regular Block-Spam-By-Math plugin on individual blogs.
Author: James Pegram (based on the work by Alexander Grau)
Version: 1.1
Author URI: http://www.realitywired.com
*/
/* Copyright 2009
James Pegram (email : jwpegram [make-an-at] gmail [make-a-dot] com)
Alexander Grau (email : alex [make-an-at] grauonline [make-a-dot] de)
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
if ( !class_exists( ‘wpmuBlockSpamByMath’ ) ) {
class wpmuBlockSpamByMath {
// Constructor
function wpmuBlockSpamByMath() {
// WPMU specific actions/filters
add_action(‘wpmu_options’, array( &$this, ‘blockspam_site_admin_options’));
add_action(‘update_wpmu_options’, array( &$this, ‘blockspam_site_admin_options_process’));
add_action(‘wp_head’, array( &$this, ‘blockspam_stylesheet’) );
add_action( ‘signup_extra_fields’, array( &$this, ‘wpmu_add_hidden_fields’ ) );
add_action( ‘bp_before_registration_submit_buttons’, array( &$this, ‘wpmu_add_hidden_fields’ ) );
add_filter(‘wpmu_validate_user_signup’, array( &$this, ‘wpmu_validate_user_signup’ ) );
add_filter(‘bp_before_current_signup_step’, array( &$this, ‘wpmu_validate_user_signup’ ) );
add_filter(‘signup_blogform’, array( &$this, ‘wpmu_add_hidden_blogfields’ ) );
// We don’t want this filter applied if we’re outside of the initial MU signup process (ie: don’t apply it to the wp-ativate function calls).
if ($_POST['stage'] != ‘validate-user-signup’) { remove_filter(‘wpmu_validate_user_signup’,array( &$this, ‘wpmu_validate_user_signup’ ) ); }
}
// Initialize plugin
function init() {
if ( function_exists( ‘load_plugin_textdomain’ ) ) {
load_plugin_textdomain( ‘wpmu-block-spam-by-math’, PLUGINDIR.’/’.dirname(plugin_basename(__FILE__)) );
}
}
// Protection function for submitted comment form
function wpmu_validate_user_signup( $content ) {
$this->wpmu_check_hidden_fields();
return $content;
}
// Add hidden fields to the signnup form
‘;
/* function wpmu_add_hidden_fields() {
$mathvalue0 = rand(2, 15);
$mathvalue1 = rand(2, 15);
echo ‘IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human)
echo “What is $mathvalue0 + $mathvalue1 ?”;
echo ”;
echo ”;
echo ‘Please leave these two fields as-is: ‘;
echo “”;
echo “”;
echo ”;
}
*/
//add to the constractor values for this …
//or change + to minus altogether
// Add hidden fields to the signnup form
function wpmu_add_hidden_fields() {
‘;
$mathvalue0 = rand(10, 20);
$mathvalue1 = rand(1, 10);
echo ‘IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human)
echo “What is $mathvalue0 – $mathvalue1 ?”;
echo ”;
echo ”;
echo ‘Please leave these two fields as-is: ‘;
echo “”;
echo “”;
echo ”;
}
// Pass the hidden fields to the blog form
function wpmu_add_hidden_blogfields() {
if ( !empty( $_POST['mathvalue0']) && !empty($_POST['mathvalue1'] ) && !empty($_POST['mathvalue2'])) {
echo “”;
echo “”;
echo “”;
}
}
function blockspam_stylesheet() {
?>
.mu_register .error {font-size: 12px; margin:5px 0; }
.mu_register #spambot {font-size: 12px; margin:10px 0; }
#spambot {clear:both; font-size: 12px; margin:10px 0;}
<?php
}
// If from WPMU wp-signup check for hidden fields and kick an error instead of dieing.
function wpmu_check_hidden_fields() {
// Get values from POST data
$val0 = '';
$val1 = '';
$val2 = '';
if ( isset( $_POST['mathvalue0'] ) ) {
$val0 = $_POST['mathvalue0'];
}
if ( isset( $_POST['mathvalue1'] ) ) {
$val1 = $_POST['mathvalue1'];
}
if ( isset( $_POST['mathvalue2'] ) ) {
$val2 = $_POST['mathvalue2'];
}
// Check values
//if ( ( $val0 == '' ) || ( $val1 == '' ) || ( intval($val2) != (intval($val0) + intval($val1)) ) ) {
if ( ( $val0 == '' ) || ( $val1 == '' ) || ( intval($val2) != (intval($val0) – intval($val1)) ) ) {
$error = get_site_option('blockspam_error');
echo '’ . $error . ”;
exit;
}
}
function blockspam_site_admin_options_process() {
update_site_option( ‘blockspam_error’ , $_POST['blockspam_error'] );
}
function blockspam_site_admin_options() {
?>
<?php _e('spammers … get a life! ‘) ?>
<?php _e('You can really do better things in life.‘) ?>
sorry i forgot to mention I use ordPress MU 2.9.2 and buddypress. thanks for the great plugin I hope to get this to work.
p.s. I think it might have started with a non-working install from the beginning because there was spam coming through, and now I see that i can register whether or not the answer is correct.
I’m running bp 1.2.3 and the latest wpmu version with a custom theme and a custom registration page eg “http://mysite.com/create-an-account”.
On the submit page, it results in a blank page. No error. Just a blank page. Is this something to do with the custom theme I’m using instead of the default bp 1.2.3 theme? Any workaround this?
I’m not sure offhand but it sounds as though one of the hooks is missing. You are using the latest version of the plugin correct? If you want to send me your theme I’ll take a look at it. You can email it to jwpegram at gmail dot com.
I think this is not work yet on WP 3.0
Its works like a charm! Now my Buddypress site is powered with your preety plug-in
{ 1 trackback }