Users Marked as Spam showing up in New Members Widget List on Homepage
Hi Ray --
I've been pretty assiduous about marking users as spam on NYCDH.org, but I've noticed that even though I've marked users as spam, they still show up on the members widget on the homepage. Please see the attached screenshots. The homepage screenshot comes from a look at the site as a non logged-in user (ie., not an admin view). The second screenshot is of the network view of users.
As you'll see, two members are marked as spam on the backend but still show up on the frontend:
I think that this is less about these particular users than the way the widget is handling information, since in the past, I've marked users as spam and they show up, but then as more users register and I mark as spam, the older ones cycle off the list and the newer ones appear.
#1 Updated by Raymond Hoh over 8 years ago
I tried to duplicate this locally but I can't.
To test, I'm using BP 1.7 on a WP multisite install with the cbox-theme.
I checked the "Members" widget before spamming a user to see if that user was in the list. Then, I spammed that user and checked the "Members" widget. The spammed user does not show up.
Matt, if you are concerned with spammed users showing up in the members list, you should probably delete the user outright since WP doesn't really do anything with spammed user accounts.
#2 Updated by Matt Gold over 8 years ago
- Tracker changed from Bug to Support
- Status changed from Assigned to Reporter Feedback
Thanks, Ray. I'm happy to delete users, but see this ticket:
This actually may not be an issue anymore because I've turned off the ability to create blogs on sign-up. As Boone noted by email, keeping users marked as spam means that the same email address won't be able to be used again, but my take on that is that most spammers use auto-generated addresses for the email field and that we'll rarely get two spam registrations from the same email address, so that it's okay to delete. Do you agree, Ray?
#3 Updated by Raymond Hoh over 8 years ago
but my take on that is that most spammers use auto-generated addresses for the email field and that we'll rarely get two spam registrations from the same email address, so that it's okay to delete. Do you agree, Ray?
I definitely agree with this assessment. An email address is not a suitable identifier.
If WP recorded the spammer's IP address, then I would be inclined to keep their user record in the database.
We could use a plugin to start recording the IP address for new user registrations and then use another plugin to ban the user's IP from accessing the site. Once we've done that, the user's account can be deleted. What do you think, Matt?
#5 Updated by Raymond Hoh over 8 years ago
Also sounds similar to the plugin we started using on the Inq 13 site.
Yes, that will handle the banning of IP addresses, but we still need a plugin that records the IP address of new user registrations.
Was looking at this:
I'll do some testing locally to see if that is suitable enough.