Plugin Directory

Stop Spammers Spam Prevention

Aggressive anti-spam plugin that eliminates comment spam, trackback spam, contact form spam and registration spam. Protects against malicious attacks.


  • Removed a pregreplace backdoor signature from threat scan. Securi thinks that my search for the string is the actual string, so it reported the plugin as malware. I will release immediately.


  • Fix Akismet conflict with white list. Akismet positives should be checked against the white list before reporting.
  • Fixed another bug in Threat Scan where the file open failed trying to read a file with bad permissions.
  • Added additional checks to threat scan based on an articles at: https://blog.sucuri.net
  • Added a more complex exclude list to threat scan.
  • Fixed OpenCaptcha so that it can display the HTTP image on HTTPS sites without a warning. Catchas require the host to enable curl libraries.
  • This plugin and WP Jetpack plugin Login Protection clash. You get a blank screen if you use both. The plugin disables itself if JetPack Login Protection is installed.
  • Rebuilt all spammer by country modules. Deleted Africa. Now African countries are reported by lacnic.net, so my programs to extract CIDRS from Stop Forum Spam lists works for Africa now. New Countries added. This fixed a bug where I spelled Africa wrong.
  • Admin checks at login are for any user containing the word 'admin' anywhere in login id. Changed from lower case "admin" only.
  • I now show failed password because I think it is important to see the dictionary attacks with many passwords. I may make an option for this in case some admins suffer from "fat fingers" and mistype their passwords frequently.
  • Fixed an error in options. The "Check credentials on all login attempts" and "Deny login attempts using 'admin' userid" were switched. The first one checks to the credentials of all login attempts. The second denies users who try to login with ids with the string 'admin', but the id doesn't exist.
  • Fixed range check in invalid IP check. Was returning false positives.
  • Conflict with eMember plugin. Stop Spammers disables itself (for login checks) if eMember is installed.


  • Fixed bug in check multi hits option.
  • Fixed problem with server_addr variable in checking of allow lists.
  • Johan Schiff sent me some nice improvements to the TLD check which I included. It supports complex sub-domains now in addition to simple TLDs.
  • Another fix to threat scan trying to follow symbolic links.
  • Fixed captcha processing on sites that cannot use URL open functions.
  • Checks for WP eMember login in order to prevent conflict on logins.


  • IIs 7 and IIs 6 and some hosts fixes for SERVER_ADDR not found
  • Fix for Manage Plugin Options to prevent transient checks. (I may restore the transient checks in a future version.)
  • Add WorldPay to misc allow list.
  • Updated Country spam list and Generated Allow List.
  • Fixed bug in finding values in POST. Sometimes returned an array.
  • Removed Stripe from Donation page.
  • TLD now looks at all post fields. If author, url, subject or comment ends in dot-tld it is denied. Woo forms sometimes confuses what is the email, so this will test more things for email. It is better though to try @.xxx in the deny list, than trying to use TLDs when a plugin uses non standard form field names.


  • Responded to complaints about admin menu - now it is boring.
  • Fixed issue in Threat Scan for unexpected directories or symlinks that threw errors in opendir();
  • Added keyword SPAM to plugin name. It was not coming up in plugin searches.
  • Added a month's worth of Spammers from the Stop Forum Spam lists. Regenerated all countries spammer lists.
  • Fixed bug in IP wildcard checks.


  • Fixed a bug in white listing
  • Fixed a bug in checking ip address
  • restored automatic cloudflare ip updating


  • Fixed a mistake that caused the plugin to stop checking some post variables
  • Fixed bug in diagnostics when phpinfo is not allowed
  • added a function deny or allow userids. This is dangerous and not very useful, but can be done. A user requested the feature.
  • removed cloudflare warning message for now, since the plugin mirrors the CF plugin.


  • Bad mistake in cloudflare module fixed. Breaks on IPv6 checks
  • Added Easter egg to summary screen to change the total count and date.


  • Removed goto in cloudflare check. It was a wonderful dream that turned into a nightmare when it turns out 5.2 PHP doesn't support the goto statement. It was the first goto that I've coded in high level language in 25 years and I wanted it to work.


  • Added robust full wild card search for lists using * and ?
  • Restored link in registration email
  • Restored use of WP_Http for all web service file reads
  • Added PHPInfo to Diagnostics
  • Added delete transients option to Other WP Options
  • Changed from Ugly image to a more conventional one on admin panel
  • Fixed bug in link for SFS api checks.
  • Forced CloudFlare IP fixing if CloudFlare plugin not found. It is still better to install CloudFlare plugin to get most recent IP list, but at least this way the plugin can check for bad ips.


  • fix link typo in summary.
  • fix conflict with Woo Commerce.


  • Total Rewrite of all code. The plugin uses modular approach so that programmers can add new modules to detect spam.
  • added Diagnostic checks.
  • added the ability to use a simple API so that plugin authors can hook into the Stop Spammers' processing to add new detection methods.
  • added the ability to block spammers by country.
  • added better proxy and firewall detection.
  • added multiple allow lists to help prevent false positives.
  • improved the plugin interface.
  • added the ability to scan the WordPress installation for malicious code.
  • added the ability to view and maintain all options, including those from other plugins.
  • added second chance captcha options including OpenCaptcha, Google reCaptcha or SolveMedia captcha.

Compatible up to: 4.2.5
Last Updated: 7 months ago
Active Installs: 30,000+


4.7 out of 5 stars


0 of 13 support threads in the last two months have been resolved.

Got something to say? Need help?


Not enough data

2 people say it works.
1 person says it's broken.

100,1,1 100,1,1
100,3,3 100,2,2 100,1,1 100,1,1 100,1,1 100,2,2 100,1,1
100,1,1 100,1,1 100,2,2
100,1,1 100,1,1 100,2,2 100,2,2 100,1,1 100,1,1
100,1,1 100,1,1
100,2,2 100,1,1
100,1,1 100,1,1
50,2,1 40,5,2 100,2,2 100,1,1
100,2,2 100,1,1
100,1,1 100,1,1 80,5,4
100,2,2 75,4,3 100,1,1 100,1,1
67,3,2 100,1,1
87,15,13 100,6,6
100,7,7 100,1,1
100,1,1 100,1,1
100,2,2 0,1,0 100,1,1 100,1,1
50,2,1 50,2,1 100,4,4 100,1,1
100,1,1 100,1,1 100,1,1 50,2,1 100,8,8
100,4,4 100,1,1
100,1,1 0,1,0 100,1,1 100,3,3 100,1,1 100,3,3 100,1,1 100,3,3