I love Elgg. It's great, especially for a guy like me with virtually no budget and low-level skills in php and css. Up until a year and a half ago, I had a Joomla site with a few hundred users until it got hacked into oblivion - despite every recommended precaution plus some. It's nice to spend time doing other things now.

That's part of the reason Elgg is a great choice. You can't beat it for simplicity and functionality. The team and community here are top notch. That said, I've been wondering what advice I would offer newbies, or new users.

For those of you who have never had a site, first thing I'd say, is learn how to back up your site and have working copies of the Elgg files, data, and the database. That's real easy to learn so don't fret.

For me, however, the main problem I have encountered is other people's detritus which forces me to try hard to prevent Spam on my site. Unfortunately, I can't offer a great solution for you. I would highly suggest though that before you go public or really even go on line, you think this question through and prepare your site.

There are some partial solutions that have been talked to death in discussion threads here. Look at them, and see what is possible.  Also, I would like to point out that there are specific flags that alert spammers to Elgg sites. The following are example that will be googled (and that is Google specifically) and lead live spammers, the most difficult to deal with, directly to your site. 

inurl:pg/.../

inurl:mod/..../

(I don't hesitate to put that here because it seems every spammer in the universe already knows, but team please free to remove and chastise me if necessary.)

There have also been discussions here about what you can do to combat those not necessarily sophisticated, but annoying spammers. Search and prepare yourself. According to a few techies here, some solutions are highly technical and require complicated algorithms or making sitewide changes such as pg to gp for example. (This might be addressed in 1.8 coming out soon.) There is captcha and a cool plugin by webgalli which uses a database to stop known spammers. There is siteaccess and a sitecode plugin which can prevent spammers altogether but also close off registration to anyone who isn't privy to the code. I would also think through your robots.txt file and how much information you want Google to index and share with the world. I also use cpanel recent visitors to look for suspect IP's and Google new registrants, searching their usernames as soon as they sign up. Believe me they show up all over the place and are likely trouble if so.

Note that it's been pointed out here that if someone is determined and skillful enough they will probably beat you at the spam game no matter what. But to decide what you will do, I think you need to set a tolerance level for your site. How much spam are you willing to accept and clean up will determine what measures you implement and how easy it will be for netizens to become part of your community.

I doubt I've said this all well, but hope it gets you gets you bettered prepared before those Spamalot citizens catch on to your site. I think others here will have some disagreement with or want to say more.  I hope this post helps at least one new user out.

Good luck.