If you run a forum you’ll know first hand what a problem spam can be. When you get hit by a spam attack, not only can it clog up your forums upsetting your community but often the posts will contain links to malicious or undesirable websites. This can be damaging to your websites reputation for your community but also from search engines crawling your site and looking at what sites you are linking to.

As spam is constantly evolving and attackers are finding new ways to target forums it’s important to stay on top of things and in our experience having multiple layers of protection is the best approach. So what can you do?

Use our bbPress Moderation Tools plugin

Our bbPress Moderation Tools plugin is free and available on the WordPress Plugin marketplace. It was designed to help fight forum spam by adding customisable rules that can automatically detect spam from users and bots. Topics and replies that hit these rules are held for moderation, ready for your Moderators to approve or reject. Once a user has at least one approved post, a flag is set to trust their future posts, depending on the settings you choose.

Let’s take a quick look the spam detection rules you can use to hold posts for moderation:

  • Unapproved users posting anything
  • Unapproved users posting links
  • Unapproved users posting below the English character threshold
  • All posts below the English character threshold
  • All posts (lockdown)

When a post is held for moderation, you can decide who should get notified by email. Your moderators can also see and manage pending posts from the from the front end.

We’ve already had great success with this plugin on busy forums and are always looking to add new features to fight spam and improve the forum experience for communities.

Use Cloudflare DNS

Cloudflare currently powers over 38% of managed DNS domains and runs one of the largest authoritative DNS networks in the world. Running your DNS through Cloudflare not only can improve the speed of DNS queries to your site but it is a great way to filter out bot traffic at the DNS level, which means bots will often get blocked before they can launch attack.

Cloudflare have a free plan which works for most small websites however we recommend looking at the paid plans for websites that are serious about optimising DNS speed and security.

Restricting who can create topics and replies

Restricting your forum so that only registered or activated users can post is a great way to filter out a large amount of bot spam. There are a couple of options here so let’s take a look at the difference between a registered user and an activated user.

Registered Users

A registered user is someone who has completed the registration form on your website and can log in to create topics or replies. bbPress has an option to require a user to be logged in to post, so this is a good start to stop bots from easily creating new posts. The problem is that most bots are capable of targeting basic registration forms to create an account. You can combat this by adding reCaptcha to your registration form, however this still won’t filter out all bot registrations.

Activated Users

Requiring users to activate their accounts by marking new accounts as pending, then sending an email with an activation link which has to be clicked to activate an account before users can post is a great way to further reduce bot registrations.

We’ve had great success using the Theme My Login plugin to add reCaptcha and user activation functionality to websites; you also get the added benefit of front end log in and registration forms.