WordPress users who have enabled multi-site option and BuddyPress plugin together (i.e., networks) probably are experiencing massive spam registration from spammers. There isn’t a definitive method to stop waves of spam registration either by bots or human spammers, because sometimes it takes all available methods to put a stop to spam registration. It’s like a cat and mouse game. The sad thing is that many spam registration preventive methods have failed to prevent spammers from registering spam accounts. There is one noticeable method that may temporary put a stop to spam registration on your WordPress/BuddyPress website is to change the BuddyPress registration slug inside wp-config.php. If there isn’t one yet, just add it into wp-config.php.
Example: define ( ‘BP_REGISTER_SLUG’, ‘givemeanewacct’ );
With that line inside wp-config.php, the next time someone wants to sign up a new account, they’ll be redirected to yourdomain.tld/givemeanewacct.
This method probably is useless against human spammers, but it will work effectively against bots. Then again, you have to change the slug frequently to prevent bots from adapting to the new slug. Luckily, it’s rather painless to change the slug within wp-config.php.