Given that there’s only ONE registration (and it’s for the network, you just activate per site), I can’t see how…
Have you tried this: http://www.darcynorman.net/2009/05/20/stopping-spamblog-registration-in-wordpress-multiuser/
That’s what I thought as well Ipstenu, but what’s happening is when the spam registrations come in, they aren’t assigned to any specific blog. Meaning, if I go to http://www.adaptistration.com/wp-admin/network then click on the “users” menu item I see five columns labeled “Username | Name | E-mail | Registered | Sites”
All of the spam registrations coming in have nothing attributed under “sites” whereas all of my legitimate registered users do. As such, I don’t see that the spam registrations are coming in via a specific blog registration page. Does this shed more light on what’s going on?
That’s not unexpected behavior, you know. If you register on my site, you don’t automatically belong to any site. WordPress used to assign you to the ‘main’ blog, but now it’s able to act like WordPress.com in that you get psudeo subscriber access.
IIRC you have to comment on a site to be added to it.
How are you having them ‘assign’ themselves to a site? But really, those may not be spammers and just people who haven’t finished yet…
I do check the email addresses and they all come up on the spam lists. But as for assigning to a blog, I guess that’s done through the respective blog where they sign up. The two blogs I have on that network are:
http://www.adaptistration.com
http://www.adaptistration.com/jobs
I’ve tested it directly and when creating a user account directly on either site, the user is assigned to the respective blog (or at least that’s what it indicates in the network users admin panel).
Spammers are only appearing on the network users admin panel without a blog assigned.
Then they are signing up as just users through some other way.
Got a bbpress install?
Or are you letting site admins add new users on their own? You can disable that, and I’ve seen spammers get in that way as well.
No bbpress install Andrea and I’m not familiar with WP multisite to know if there is a master registration page beyond those located in each respective blog. I’m the only site admin, everyone else is listed as an editor or author.
yourdomains.com/wp-signup.php is the public facing signup page in multisite.
go to network admin -> Settings. look at your registration settings.
Also look at the part where it says “allow site admins to add users” and UNCHECK that box.
Many thanks Andrea, I followed those instructions and tested one of the blog sites to make sure registration still works and so far so good. I guess we’ll see if spam registrations keep coming in.
@ipstenu: I’ll certainly give that a shot if this doesn’t stop the flow.
