Stop a logged-in user who is marked as a spammer.


When an admin marks a live user as a spammer, that user can still surf around and cause havoc on the site until that person is logged out.

This code checks to see if a logged-in user is marked as a spammer. If so, we redirect the user back to wp-login.php with the ‘reauth’ parameter.

This clears the logged-in spammer’s cookies and will ask the spammer to reauthenticate.

Note: A spammer cannot log back in – bp_core_boot_spammer().

Runs on ‘bp_init’ at priority 5 so the members component globals are setup before we do our spammer checks.

This is important as the $bp->loggedin_user object is setup at priority 4.


File: bp-members/bp-members-functions.php

function bp_stop_live_spammer() {
	// If we're on the login page, stop now to prevent redirect loop.
	$is_login = false;
	if ( isset( $GLOBALS['pagenow'] ) && ( false !== strpos( $GLOBALS['pagenow'], 'wp-login.php' ) ) ) {
		$is_login = true;
	} elseif ( isset( $_SERVER['SCRIPT_NAME'] ) && false !== strpos( $_SERVER['SCRIPT_NAME'], 'wp-login.php' ) ) {
		$is_login = true;

	if ( $is_login ) {

	// User isn't logged in, so stop!
	if ( ! is_user_logged_in() ) {

	// If spammer, redirect to wp-login.php and reauthorize.
	if ( bp_is_user_spammer( bp_loggedin_user_id() ) ) {
		// Setup login args.
		$args = array(
			// Custom action used to throw an error message.
			'action' => 'bp-spam',

			// Reauthorize user to login.
			'reauth' => 1

		 * Filters the url used for redirection for a logged in user marked as spam.
		 * @since BuddyPress 1.8.0
		 * @param string $value URL to redirect user to.
		$login_url = apply_filters( 'bp_live_spammer_redirect', add_query_arg( $args, wp_login_url() ) );

		// Redirect user to login page.
		wp_redirect( $login_url );


Version Description
BuddyPress 1.8.0 Introduced.


We're always happy to help with code or other questions you might have! Search our developer docs, contact support, or connect with our sales team.