Someone on Linkedin mention Discourse, a Community site similar to BuddyPress. It is built in JavaScript, is open-sourced (no-cost) and looks like it would play nicely with WordPress. Here’s the dope on it.



1. Discourse – About

"One of the primary goals of Discourse is simplicity. Underneath that surface simplicity are features designed to help communities not just survive, but thrive:

  • 100% Open Source
  • Trust System
  • Mobile and Tablet
  • Community Moderation
  • Optimized for Reading
  • Likes
  • Summarize Topics
  • Inline Context
  • Translations
  • Real Time Notifications
  • SEO
  • Plugins
  • Single Sign On
  • Overlay Editor
  • Social Login
  • Private Communities
  • Blog Integration – with WordPress blogs
  • One Click Upgrades
  • Rate Limits
  • Easy Spam Cleanup
  • Spam Blocking
  • Analytics
  • Automatic URL Embedding
  • Advanced Image Handling
  • File Attachments
  • Link Tracking
  • Polls
  • Spoilers
  • Flexible Formatting – Markdown, BBCode – HTML in posts
  • Emoji
  • Comprehensive API
  • Local Avatars
  • Email Invitations
  • Automatic Drafts
  • Revision History
  • Wiki Posts
  • Badges
  • Email Notifications
  • Email Replies
  • Inline Moderation
  • Flag Queue
  • Site-Wide Notifications
  • Mailing List Support
  • Community Hub
  • Private Messaging
  • Send private messages to a single user or to groups of users.
  • Web Backup and Restore
  • Automated Backups
  • CDN Support

This is a pretty excellent feature list. Details in the page link.

Discourse – About

2. Discourse – FAQ

What is Discourse?

Discourse is the 100% open source discussion platform built for the next decade of the Internet. It works as:

  • mailing list
  • discussion forum
  • long-form chat roomWhat’s different about it?

Discourse is a from-scratch reboot, an attempt to reimagine what a modern, sustainable, fully open-source Internet discussion platform should be today – both from a technology standpoint and a sociology standpoint.

We’re civilized.

Our trust system means that the community builds a natural immune system to defend itself from trolls, bad actors, and spammers – and the most engaged community members can assist in the governance of their community. We put a trash can on every street corner with a simple, low-friction flagging system. Positive behaviors are encouraged through likes and badges. We gently, constantly educate members in a just-in-time manner on the universal rules of civilized discourse.

Uncompromisingly open source.

There is only one version of Discourse – the awesome version. There’s no super secret special paid commercial version with better or more complete features.

Everything that most communities would want is included right out of the box; a giant collection of complex plugins should not be required to have a great experience. And because Discourse is 100% open source, now and forever, it belongs to you as much as it belongs to us. That’s how community is supposed to work.

Simple. Modern. Fun.

Discussion shouldn’t be complicated, confusing, or a chore. Participating in a conversation online should fundamentally feel good in a way that it currently does not on existing forums and mailing lists. It should be fun to jump in and have discussions with other human beings who are passionate about the same stuff as you.

3. Discourse Blog

"Today we are incrementing the version number of Discourse to 1.0.

We’ve been working on Discourse in public for about a year and a half now – since February 2013. Turns out that’s about how long it takes to herd an open source project from ‘hey, cool toy’ to something that works for most online discussion communities.

It’s a bit like building an airplane in flight."

Discourse is relatively new, just a bit over a year and a half old. Version 1.0 hatched the end of August 2014.


From the recent WordPress Experts blog on Linkedin, Here are some plugins recommended to avoid spammy registrations / form entries.

1. Registration Honeypot by Justin Tadlock:

GitHub Repository

Registration Honeypot

A plugin for stopping most spambots from registering user accounts on WordPress sites with open user registration. This plugin creates a simple, hidden field that spambots will automatically fill out. If this registration field has data entered into it, the registration process is cut off and no spam user account will be created.

This plugin isn’t an end-all solution to spam registrations. It’s a simple solution for one type of spam registration issue that has come in handy for me many times.

There’s no configuration. Simply install, activate, and let the plugin do its work.


2. WordPress › Akismet « WordPress Plugins

"Akismet checks your comments against the Akismet Web service to see if they look like spam or not and lets you review the spam it catches under your blog’s ‘Comments’ admin screen.

Major features in Akismet include:

  • Automatically checks all comments and filters out the ones that look like spam.
  • Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.
  • URLs are shown in the comment body to reveal hidden or misleading links.
  • Moderators can see the number of approved comments for each user.
  • A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.

PS: You’ll need an Akismet.com API key to use it. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites."

Akismet has been around long enough to have 24 Million+ downloads. It is now part of Jetpack. Unfortunately it isn’t enough to deter all spammers.

Clobber spam users

3. WordPress › Clobber spam users « WordPress Plugins

“Deleting spam posts from your website is much easier with this plugin. With a click of a button, you can delete all the posts created by spammer accounts and prevent anyone from logging into an account that you have clobbered. A new administrative page is created to allow this moderation under the Users menu.”

There are only 2,075 downloads here. It works by deleting all of the banned authors posts, changing the password to prevent re-logins and changing the registered email address to prevent password recovery.

4. WordPress › Ban Hammer « WordPress Plugins

"We’ve all had this problem. A group of spammers from mail.ru are registering to your blog, but you want to keep registration open. How do you kill the spammers without bothering your clientele? While you could edit your functions.php and block the domain, once you get past a few bad eggs, you have to escalate.

Ban Hammer does that for you by preventing unwanted users from registering.

On a single install of WP, instead of using its own database table, Ban Hammer pulls from your list of blacklisted emails from the Comment Blacklist feature, native to WordPress. Since emails never equal IP addresses, it simply skips over and ignores them. On a network instance, there’s a network wide setting for banned emails and domains. This means you only have one place to update and maintain your blacklist. When a blacklisted user attempts to register, they get a customizable message that they cannot register.

Ban Hammer no longer uses Stop Forum Spam. Stop Spammer Registrations did it so much better, I bow to their genius."

This plugin allows email announcing the ban and then blacklists that domain. (Usually the domain is from spam land, insert country name here.)

Cms critic

5. 8 WordPress Security Tips to Help You Secure Your WordPress Site

"The worst part about it is that you could potentially lose everything. Your content. Your media. Personal data. It’s natural to want to protect your site from being hacked. It’s just as important as protecting your home from burglars.

There are a few ways to lock your website and WordPress install down. Unfortunately there are never any guarantees when it comes to security. That’s why extra care is important. Even the most obvious or seemingly unimportant stuff could bring your security down. It’s never good to leave your site vulnerable when you can take action and better protect it. At the very least, it may slow down an intruder even if it doesn’t stop them completely.

Today, we present you eight things you can do to your WordPress site to ensure it remains as secure as a locker. A locker in a bank. A bank that’s inside a bunker. A CIA bunker. Pretty secure, all in all."

  1. Always Stay Up to Date
  2. Hide Your WordPress Version Number – (If I did number 1 you know my Version #).
  3. Don’t Use “Admin” As Your Username – (Yes there are still people out there using the WP default ‘Admin’ followed by ‘Password’ 123456’)
  4. Hide Your Username Warning: Database hacks ahead.
  5. Change Your Passwords Regularly – (Probably better to use a good long and compliated password application generated utility password. You might actually change that every now and again.)
  6. Limit Login Attempts
  7. Delete Any Plugins or Themes You’re Not Using – (Scrabbling at the coal face here a bit….)
  8. Prevent Others from Browsing Your WordPress Folder Structure

There are some good security plugins that you could use listed here as well.



1. Build a Custom API to Connect WordPress With Ruby on Rails – Tuts+ Code Tutorial

"Once upon a time, web applications used to be monoliths that did everything all by themselves. These days, not so much. With web services opening up their APIs, developers are moving to using third party applications to handle parts of the functionality—things such as authentication or emailing users.

While the most common case is one where you use an API to connect to one of the popular online services (Google, Twitter, and so on) there are times when both of the applications you want to connect are your own.

This happened to me some time ago: I had created a custom shopping cart as a Ruby on Rails application and, for a while, was happy to use it together with a plain HTML landing page. After some time, however, I found that to make the landing page more appealing, I needed to upgrade it to something more frequently updated. I wanted a blog, and so WordPress was the natural choice. 

With the WordPress site built, all was good except for one little thing: when visitors added items to the shopping cart and then came back to shop for more, they forgot they had added items to their shopping cart! The shopping cart and the web site needed to work together. I needed to display the contents of the cart on the main web site."

2. Creating Dummy Text in WordPress – Tuts+ Code Tutorial

"When developing a new WordPress site, you’ll often want to add some dummy text to your posts and pages so you can see what the site will look like before the content is published. In this tutorial, you’ll learn how to speed up this process by developing a plugin that generates dummy text for you.

The plugin you’ll be creating will add a button to the WYSIWYG editor which, when clicked, will open a window and ask for the number of paragraphs of dummy text to create. The user will enter a number, and the content will be inserted!

Please note this plugin uses the TinyMCE 4.0 library, which was recently integrated in WordPress 3.9, meaning that this plugin will only work in 3.9 and newer."

You can use TextExpander for this as well. For instance, when I type lorem3, I get:

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae ab illo inventore veritatis et quasi architecto beatae vitae dicta sunt explicabo. Nemo enim ipsam voluptatem quia voluptas sit aspernatur aut odit aut fugit, sed quia consequuntur magni dolores eos qui ratione voluptatem sequi nesciunt. Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora incidunt ut labore et dolore magnam aliquam quaerat voluptatem. Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?

At vero eos et accusamus et iusto odio dignissimos ducimus qui blanditiis praesentium voluptatum deleniti atque corrupti quos dolores et quas molestias excepturi sint occaecati cupiditate non provident, similique sunt in culpa qui officia deserunt mollitia animi, id est laborum et dolorum fuga. Et harum quidem rerum facilis est et expedita distinctio. Nam libero tempore, cum soluta nobis est eligendi optio cumque nihil impedit quo minus id quod maxime placeat facere possimus, omnis voluptas assumenda est, omnis dolor repellendus. Temporibus autem quibusdam et aut officiis debitis aut rerum necessitatibus saepe eveniet ut et voluptates repudiandae sint et molestiae non recusandae. Itaque earum rerum hic tenetur a sapiente delectus, ut aut reiciendis voluptatibus maiores alias consequatur aut perferendis doloribus asperiores repellat.

The plugin described does a good job of populating your new site with users and posts and comments, etc.

3. Creating Maintainable WordPress Meta Boxes: Verify and Sanitize – Tuts+ Code Tutorial

"Throughout this series, we’ve been creating a plugin that’s meant to provide authors with a way to collect, manage, and save ideas and references to content that they’re creating within WordPress.

While doing so, we’re also looking at ways that we can organize our plugin so that the code and the file organization is clear and maintainable so that as the plugin continues development, we’re able to easily add, remove, and maintain its features.

Up to this point, we’ve put together the basic file organization of the plugin as well as the front-end, but we haven’t actually implemented functionality for saving information to the database. And if you can’t save information, then the plugin is of little benefit to anyone."

4. Using AlterEgo to Add Two-Factor Authentication to Your WordPress Site – Tuts+ Code Tutorial

"While WordPress does a good job at handling basic security, its login is still only as secure as your username and password — just like the login on pretty much every web site out there. 

The jury is still out on what the login method of the future will be but at the moment the best candidate seems to be two-factor authentication: combining a username and password based login with an additional, time limited one-time token generated and verified by a third party.

Luckily for us, WordPress provides filters that make it possible to hook into its authentication flow to extend it in plugins and themes. So, in this tutorial, I will show you how to do just that by creating a plugin to add two-factor authentication to WordPress using AlterEgo, the two-factor authentication service by MailChimp. 

AlterEgo is not the only solution for two-factor authentication but it is an interesting one, mainly because of the possibility to log in using your phone without typing in a passcode."

I’m not a big fan of two-factor authentication. Not that you have any choice with WordPress.com these days. It creates an extra layer of hassle to rely on another device for authentication, or even a number string for input.

WordPress TV

1. WordPress.tv | Engage Yourself with WordPress.tv

Head on over to WordPress.tv. You will find a great collection of WordCamp presentations, suitable for all skill levels. Slowly but surely, the technology bugs are being worked out of recording WordCamp presentations.