Blocking User from Signup Does not Fully Document in profile

[Ipstenu]

With the new-ish signup tool that allows us to un-spam registrations, it also lets us block users from that interface. However, while it does log who did the action, it doesn't do so in a trackable way. That is, we only get logged "Changed to blocked by X" but none of the reason.

Generally the reason is "Bio and/or registration URLs were spammy" but none of that is recorded.

What we need is a change to the notice.

1. Where was the account spammed/blocked from? This can be "Banned by X via ..."

2. A COPY of the bio and URLs (recommend truncation since some bios are 5000 word porn stories, not kidding). That way it's obvious to everyone else "Oh, yeah, the person with the bio about their casino is probably spam"

Example of a spammy signup:

url: ​http://10040656...
from: metro hispania
occ: Security guard
interests: sex

or:

url: ​https://www.facebook.com/Huge-Market-1234566
from: Main Street

Those should be copied into the user notes.

[jdembowski]

Can we also get that for the forums?

When I ban someone in the forums for cause I do the following.

1. Copy the bio and profile URL to the notes
2. Wipe both fields.
3. Set the Display name to the forum ID.

Then set the account to blocked.

If that could happen automatically or via one click it would save me some copy pasta.

[Ipstenu]

Example: ​https://wordpress.org/support/users/bugoutbill/

I manually edited it but you get the idea of how easy it is to spot.

[Ipstenu]

One thought for Jan's ask. We could hide those fields. That would help SEO on WP.org as well, if we're not already. No more bad links/data, just pffft. Gone.

[jdembowski]

Replying to Ipstenu:

One thought for Jan's ask. We could hide those fields. That would help SEO on WP.org as well, if we're not already. No more bad links/data, just pffft. Gone.

That would be good. Right now the forum profile is hidden but logged in users can read the profile and links.

I like to wipe them and copy them into the notes because we've had people argue when they use their old profile as "proof". By making it so only moderators or higher can read them it preserves that and prevents people from seeing it.

I like to keep it to be aware if the email forum-password-resets.

[dd32]

Replying to Ipstenu:

One thought for Jan's ask. We could hide those fields. That would help SEO on WP.org as well, if we're not already. No more bad links/data, just pffft. Gone.

I would much prefer we just hide the fields, and display user logins instead of any other set fields.

We already hide the URL and bio on the profiles.wordpress.org page when the user is spammed, if we're not doing that on the support site already, that's an inadvertent oversight.

[Ipstenu]

We already hide the URL and bio on the profiles.wordpress.org page when the user is spammed, if we're not doing that on the support site already, that's an inadvertent oversight.

I'd have to spin up and check - as an admin, I can't easily tell... Which maybe is another oversight. Marking what's hidden and what isn't so an admin 'knows' "URL: example.com (hidden from non-admins)"