SE PHP - Spam and Banning Tools

Social networks are often the target of aggressive spam tactics. This most often comes in the form of fake user accounts and spam in comments or blogs. 

To get to the “Spam and Banning Tools” page, in your Admin panel navigate to Settings > Spam and Banning Tools. On this page, you can manage various anti-spam, ban, and censorship features.


IP Address Ban

To ban members by their IP address, enter their address into the field. Addresses should be separated by commas (example:, 23.45.67.*, - This helps to prevent abusive members from remaking new accounts from the same IP address.

Email Address Ban

To ban members by their email address, enter their address into the field. Addresses should be separated by commas (example:, You may use an asterisk (*) as a wildcard character (example: *

Profile Address Ban

To limit signups by profile address, enter the addresses into the field below. Addresses should be separated by commas (example: SiteAdmin, Postmaster). You may use an asterisk (*) as a wildcard character (example: *Admin, *Postmaster, Admin*).

Censored Words

Enter any words that you want to censor on your members' profiles as well as any plugins you have installed. These will be replaced with asterisks (*), and will only affect new content. Separate words by commas (example: word1, word2). Remember that administrators and moderators can always directly delete any offensive content that is not censored.

Enable anti-spamming technique in signup form?

You can enable anti-spamming technique in signup form for email field.

Enable anti-spamming technique in login form?

You can enable anti-spamming technique in login form for email field.

Captcha Validation

You can require members to enter a validation code in a CAPTCHA form before they are able to execute certain actions, such as commenting, signing up, inviting others, and more. This may be a useful tool to add additional security to your network, and makes it difficult for bots to spam your site.

Block Account on Unsuccessful Login Attempts

As added security, you can enable the setting to block users from logging in after a set amount of unsuccessful attempts. Once enabled, you would set the number of attempts allowed before being blocked and the duration, in seconds, of the block.

Enable Two Step Authentication for Delete Account?

If you select "YES," members will receive a code at their registered mail and have to enter that code for verification. If you select "NO," then users can directly delete their account.

reCAPTCHA Validation

ReCaptcha is a similar method for validating that a member is human. To use reCAPTCHA you will have to create an account at , or log in if you have an account, and input your domain. Choose the reCAPTCHA v2 or V3 (for SEPHP 5.1 and up).

Copy your Public and Private Keys and paste them in your SocialEngine Admin panel input boxes. 

HTML in Comments

You can choose to allow HTML in comments. By default, members may not enter any HTML tags in comments. If you want to allow specific tags, you can enter them below (separated by commas). Example: b, img, a, embed, font. We recommend that you only allow this for trusted member levels as HTML can be used for nefarious purposes.

Note: there is still a pre-programmed list in the source code that limits the allowed HTML tags in an entry. If you would like to see the list of forbidden tags, please refer to the /application/libraries/Engine/Filter/Html.php file. These tags were forbidden to prevent the corruption of the site's styling, however, if you would like to take any of the tags off the list, you are more than welcome to at your own risk.

Save Changes

Please remember to click “Save Changes” to save your settings.

Note: To turn on the signup image verification feature (a popular anti-spam tool), see the Settings > Signup Process page.

Login History

You can view who logged into your site, at what time, and other information in the “Login History.” To access the “Login History” page, click on the “Login History” tab.

In this tab, the “Login History” for the website is displayed by “Member Name,” “Email Address,” “IP Address,” “State,” “Source,” and “Timestamp,” You have the option to clear the history as well.

State - whether the login was a success, bad password, disabled, or no member (member tried to login with incorrect email address that does not exist in the database).

Source - whether the member logged in through Twitter, Facebook, etc. Just a dash (-) means the member logged in normally by using an email address and password.

Clearing Login History

If you wanted to go back to a clean slate and start keeping track of sign-ins from now on, you can click on the "Clear History" button in order to erase all the of the logged sign-ins.

Great work with Spam and Ban settings! Please feel free to contact us if you have any questions or need further tutorials. Visit our community to have more interactions with us and other clients or third party developers. We’d love to see you there!