Hi All, I'd like to begin allowing users to register on my blog (in my signature) and allow the registrants to submit their own articles, under various categories. Does any one have experience with this transition from a single author blog on wordpress to allowing additional contributors? What should I look out for? I'm concerned about getting bombarded with user registration spam (I just deleted about 100 bull$#it registrants), any thoughts on how to protect this? What should I think about in terms of hosting structure - right now I use a shared hosting account, uber cheap, and easily handles my 20 or so visitors/day. As it gains traction and grows, how should I prepare? What else should I be thinking about/what am I missing?
If you open your blog up to the public, you are going to get spammed continuously. By the minute. You need some kind of captcha or anti spam plug in to slow down the bots and scripts and maybe even a verification email system, but that still won't stop the article spammers. They are just as bad as comment spammers. My personal feeling is that I would never allow my blog to be open registration. I'd rather solicit people to send in articles via email.
Astral Walker - Thanks a lot. I ended up closing it to the public, and manually adding users when they request to add an article (which they write themselves and then I publish after editing). I'm still getting tons of fake user registrations (even though registrations are closed), not sure if this was a result of opening it momentarily to the public. I'll start searching for some plug-ins to help - any recommendations?
++ Second method is to make contributor the default access level and also installing a captcha. You can tell them to provide the review article and then approve yourself later on if it passes copyscape and fits the quality requirements.
Are you using any kind of membership or registration plug ins? Buddypress? If so check those settings. If not double check that you have disabled user registrations. They are likely coming in through the comments. Registering to leave a comment. Go to your Discussion settings and make some adjustments.
I have client sites that have guest bloggers. They don't let them post themselves, or have access to register themselves. We post the articles and make an authors box for the contributor...making them a contributor in the users settings.
So what I've done so far is add the following plugins 1) Stop Spammers - and registered with the following 3 services: a) stopforumspam, b) honeypot, c)botscout. Stop Spammers is supposed to check IP addresses, emails, and more against these databases to block any known spammers or bots. 2) Sabre - to add a captcha from on the registration page... and also works in conjunction w/stopspammers unfortunately it does not add a captcha on other access points (log-in, log out screen, admin, etc) 3) SI Captcha, which added a captcha to the other pages (and comments) that Sabre was missing 4) Social Login - which will still give users an option to login through their social media accounts, if they don't want to create a new account
If all of that works for you, then go for it. It may be a little overkill since you aren't allowing anyone to register. If comments are the only open door for comment spammers, I just use Disqus and that pretty much solves the problem. Set the settings to "All comments must be approved by an Admin" and only allow comment registration through Facebook, Twitter, Yahoo, and Open ID. Most blatant spammers won't go through the trouble and bots can't register through social media sites. At least not yet. But no matter what you use, you will still get "Nice post" spammers who don't think they are spamming. Depending on traffic, I also close comments after a certain number of days. Comment spammers love hitting old posts. And remember to break the URL of your images, unless they are linking to something specific. That's a trap door that most people forget. Just remember this, for the most part, spam bots can't push buttons or check a box. Most scripts are primitive and aren't designed to make choices, only fill in fields and use the "Enter" command to execute. You can spend a weekend blocking IP addresses and it still won't do you any good. The same spammer will change IP address 50 times.
So I figured it out (i think). Upon reviewing my files in my hosting account's filemanager I noticed that my old buddypress files over were never deleted when I uninstalled it over a year ago. There was still a forum up w/the bbpress login and registration exposed. Deleted all the bb files, so hopefully should be ok. What do you mean by this? I'm not sure I follow... what makes it a trap door and how would I do so?
When you put an image in a post or page, it goes in as a live link. It links to the image on a page all by itself. Sometimes there is an open comment box underneath it and spammers will spam that comment box that is with the images. So break the link so that your images don't link to their own page.