Running a WordPress arcade can be very difficult especially if you want to use BuddyPress to start a community. Your primary issue when starting a site like this is overcoming spam. Spam comes in two main forms on a WordPress website comments and registration spam and there are solid ways you can go about limiting this (or even completely stopping it).

Forget The Captcha’s

Captcha’s are annoying they add a lot of resources to your front-end that hurt load time and they are a pain to integrate properly on your website (especially into ajax login windows). I personally don’t like or use captcha’s ever unless I need to and the reason is they are just a pain to both your users and yourself. While the latest version of Google’s reCaptcha is as simple as a mouse click it’s still distracting so what can we do?

Comment Spam

Comment spam is annoying and to solve this there are two options you can go into your discussions settings (in your wp-admin panel) then in the comment blacklist box enter the following content from this GitHub page: https://raw.githubusercontent.com/splorp/wordpress-comment-blacklist/master/blacklist.txt

Your second option is to install Askimet it will reduce the total amount of spam to near none the advantage here is Askimet is learning from millions of other websites virtually all spam will be blocked. If not you can use this in conjunction with the above comment blacklist rules.

Another interesting tip is to only allow comments from logged in users (which should reduce it to near 0 levels with the next plugin).

Registration Spam

Registration spam is spam where there are bots logging into your site and are likely posting on a BuddyPress profile in order to generate backlinks to their website. The issue here is that they waste resources, are hurting your on-page SEO (for posting malicious links), and they are able to use this as a vector to launch attacks.

WordPress has no built-in way to prevent registration spam like the blacklist function for comments. To stop Registration Spam I recommend another free plugin WangGuard. Activate this plugin by signing up for an API key and your website registration spam should decrease dramatically (for me it goes down to 0). The plugin also has the ability to check currently registered users.

If you have 5k users and you are sure some of them are producing spam WangGuard can go through and check each of the users and will tell you the ones that are spammers and will delete them for you.

Concluding Thoughts

Spam is a difficult subject it’s constantly changing and it’s very difficult to check for it properly and there isn’t much we can do from our end (theme-wise). There are tools such as honeypot, stop forum spam, etc, etc and you can check all of them but when you find generic spam that its brand new it’s going to be near impossible for it to be detected. Remember to properly manage your arcade, don’t enable registration if you aren’t going to use something such as BuddyPress for it to be meaningful and continue to be an awesome webmaster!