Restricting WPMU sign-up

Restricting the ability to sign up to new wpmu blogs is unfortunate but necessary to get away from all the spam bloggers out there. They make life hell for everyone.

This simplest means of hindering their progress is a plug-in that checks to see the login status of the person trying to create a new blog.

<?php
  add_action("signup_header","ICITAreYouAllowed");
  function ICITAreYouAllowed() {
    if (!is_site_admin()) {
      header("location: http://{$_SERVER["HTTP_HOST"]}");
    } else {
      return;
    }
  }
?>

Something like the above dropped into the mu-plugins folder would make it hard, if not impossible, to create blogs unless you were a site administrator. Nice for locked down sites but not very useful for sites that want to be open. You could change the “is_site_admin” to a check for logged on user with “user_level_0″ access. This would add an extra step to the sign-up process and would require that the user provide a few more details before they can move on to the process of creating a blog. This would eliminate the scripted bot blog creation but would not stop the manually created spam blogs.

That leaves us with a problem. Either lock it all down and the admin has to do it manually upon request or leave it open and be forever fighting fires.

As a result of the above I’m going to create a plug-in that gives you the following:

  1. Drop down menu to choose the minimum account level to allow blog creation. i.e. level_0 to level_10 or “site admin”
  2. Option to choose to give users blog create access once they have X number of moderated comments on the site. This may also help get people posting comments to other blogs. Of course it could also lead to people posting youtube-esque comments just to get to the magic number.
  3. As part of the last one I may also introduce a comment voting system (different plug-in) and only trigger when a certain quality has been reached.
  4. Add an option that states you should have been a member of the site for at least X amount of time before you can create accounts. Couple that with the post count and it should make it a lot easier to spot and block the spammers.
  5. Will have to include the option to have the settings available for each site on the one mu install. So blog creation on each site can be controlled on a site by site basis.
  6. An option to pick up the wp-login form from a kind of page template in the plug-in folder or the theme folder. Would allow you to style it uniquely for each of your themes.

WARNING: These are my personal notes and there is no time frame for this. I can see this turning from the simple code above to something quite large. :D

Comments
  • clopinettes 8 / May / 2008 at 10:31 am

    Worked for us – no more spam blogs!

    Of course, if you want to get anyone to be able to sign in and create new blogs then it gets more difficult to stop splogs.

  • sky 8 / May / 2008 at 1:34 am

    How did you go with this mod? were you able to do it, as i need something really bad. im getting about 200 spam blogs created every day :(

css.php