Plugin Directory

Test out the new Plugin Directory and let us know what you think.

Stop Spammers Spam Prevention

Aggressive anti-spam plugin that eliminates comment spam, trackback spam, contact form spam and registration spam. Protects against malicious attacks.


  • Committed changes again.


  • fixed typo in last commit


  • Added IP address to debug info.
  • Added some extra checks on the invalid ip routine to avoid throwing an error on really broken IP addresses.
  • Added new PayPal allow IP ranges.
  • Added ClickBank IP addresses to Misc Allow List
  • Preserved 404 status return on malicious 404 checks. Tell spammers nothing to see here, move along.
  • Added a second security check to Ajax functions.
  • Added an additional spam check on logins and registrations in case theme or plugin hides login event. (This is a big deal).
  • Fixed bug in Hosting check module. Was reporting false positives. Fixed same bug in three other modules.
  • fixed bug from 4.3 (or 4.4) that caused the plugin to send out an extra email to the users on registration.
  • Disabled Botscout support. The service lowered their daily limits making it dangerous to rely on.
  • Fixed bug in ChkValid that allowed some ips to pass early.
  • stopped showing passwords on failed login attempts. Users complained. Might be a security risk.
  • removed admin registration link from email routine. WP kept breaking my code. I will put it back some day.
  • experimental add-on install seems to work. Still testing.
  • I did not update the country ips or the deny lists. I may make these add-ons in the future.
  • I did not get around to adding threat scan exceptions for WP 4.3 and 4.4. Will add in next release. Threat scan will thow a bunch of false positives.
  • fixed issue with plugin getting confused between Great Britain and United Kingdom. Not the same thing.
  • Removed OpenCaptcha - gives me a 500 error all the time. Need to use google or dumb or nothing (looking for an open captcha alternative).


  • Removed a pregreplace backdoor signature from threat scan. Securi thinks that my search for the string is the actual string, so it reported the plugin as malware. I will release immediately.


  • Fix Akismet conflict with white list. Akismet positives should be checked against the white list before reporting.
  • Fixed another bug in Threat Scan where the file open failed trying to read a file with bad permissions.
  • Added additional checks to threat scan based on an articles at: https://blog.sucuri.net
  • Added a more complex exclude list to threat scan.
  • Fixed OpenCaptcha so that it can display the HTTP image on HTTPS sites without a warning. Catchas require the host to enable curl libraries.
  • This plugin and WP Jetpack plugin Login Protection clash. You get a blank screen if you use both. The plugin disables itself if JetPack Login Protection is installed.
  • Rebuilt all spammer by country modules. Deleted Africa. Now African countries are reported by lacnic.net, so my programs to extract CIDRS from Stop Forum Spam lists works for Africa now. New Countries added. This fixed a bug where I spelled Africa wrong.
  • Admin checks at login are for any user containing the word 'admin' anywhere in login id. Changed from lower case "admin" only.
  • I now show failed password because I think it is important to see the dictionary attacks with many passwords. I may make an option for this in case some admins suffer from "fat fingers" and mistype their passwords frequently.
  • Fixed an error in options. The "Check credentials on all login attempts" and "Deny login attempts using 'admin' userid" were switched. The first one checks to the credentials of all login attempts. The second denies users who try to login with ids with the string 'admin', but the id doesn't exist.
  • Fixed range check in invalid IP check. Was returning false positives.
  • Conflict with eMember plugin. Stop Spammers disables itself (for login checks) if eMember is installed.


  • Fixed bug in check multi hits option.
  • Fixed problem with server_addr variable in checking of allow lists.
  • Johan Schiff sent me some nice improvements to the TLD check which I included. It supports complex sub-domains now in addition to simple TLDs.
  • Another fix to threat scan trying to follow symbolic links.
  • Fixed captcha processing on sites that cannot use URL open functions.
  • Checks for WP eMember login in order to prevent conflict on logins.


  • IIs 7 and IIs 6 and some hosts fixes for SERVER_ADDR not found
  • Fix for Manage Plugin Options to prevent transient checks. (I may restore the transient checks in a future version.)
  • Add WorldPay to misc allow list.
  • Updated Country spam list and Generated Allow List.
  • Fixed bug in finding values in POST. Sometimes returned an array.
  • Removed Stripe from Donation page.
  • TLD now looks at all post fields. If author, url, subject or comment ends in dot-tld it is denied. Woo forms sometimes confuses what is the email, so this will test more things for email. It is better though to try @.xxx in the deny list, than trying to use TLDs when a plugin uses non standard form field names.


  • Responded to complaints about admin menu - now it is boring.
  • Fixed issue in Threat Scan for unexpected directories or symlinks that threw errors in opendir();
  • Added keyword SPAM to plugin name. It was not coming up in plugin searches.
  • Added a month's worth of Spammers from the Stop Forum Spam lists. Regenerated all countries spammer lists.
  • Fixed bug in IP wildcard checks.


  • Fixed a bug in white listing
  • Fixed a bug in checking ip address
  • restored automatic cloudflare ip updating


  • Fixed a mistake that caused the plugin to stop checking some post variables
  • Fixed bug in diagnostics when phpinfo is not allowed
  • added a function deny or allow userids. This is dangerous and not very useful, but can be done. A user requested the feature.
  • removed cloudflare warning message for now, since the plugin mirrors the CF plugin.


  • Bad mistake in cloudflare module fixed. Breaks on IPv6 checks
  • Added Easter egg to summary screen to change the total count and date.


  • Removed goto in cloudflare check. It was a wonderful dream that turned into a nightmare when it turns out 5.2 PHP doesn't support the goto statement. It was the first goto that I've coded in high level language in 25 years and I wanted it to work.


  • Added robust full wild card search for lists using * and ?
  • Restored link in registration email
  • Restored use of WP_Http for all web service file reads
  • Added PHPInfo to Diagnostics
  • Added delete transients option to Other WP Options
  • Changed from Ugly image to a more conventional one on admin panel
  • Fixed bug in link for SFS api checks.
  • Forced CloudFlare IP fixing if CloudFlare plugin not found. It is still better to install CloudFlare plugin to get most recent IP list, but at least this way the plugin can check for bad ips.


  • fix link typo in summary.
  • fix conflict with Woo Commerce.


  • Total Rewrite of all code. The plugin uses modular approach so that programmers can add new modules to detect spam.
  • added Diagnostic checks.
  • added the ability to use a simple API so that plugin authors can hook into the Stop Spammers' processing to add new detection methods.
  • added the ability to block spammers by country.
  • added better proxy and firewall detection.
  • added multiple allow lists to help prevent false positives.
  • improved the plugin interface.
  • added the ability to scan the WordPress installation for malicious code.
  • added the ability to view and maintain all options, including those from other plugins.
  • added second chance captcha options including OpenCaptcha, Google reCaptcha or SolveMedia captcha.

Compatible up to: 4.5-alpha
Last Updated: 10 months ago
Active Installs: 30,000+


4.6 out of 5 stars


0 of 9 support threads in the last two months have been marked resolved.

Got something to say? Need help?


Not enough data

0 people say it works.
0 people say it's broken.

100,1,1 100,1,1
100,3,3 100,2,2 100,1,1 100,1,1 100,1,1 100,2,2 100,1,1
100,1,1 100,1,1 100,2,2
100,1,1 100,1,1 100,2,2 100,2,2 100,1,1 100,1,1
100,1,1 100,1,1
100,2,2 100,1,1
100,1,1 100,1,1
50,2,1 40,5,2 100,2,2 100,1,1
100,2,2 100,1,1
100,1,1 100,1,1 80,5,4
100,2,2 75,4,3 100,1,1 100,1,1
67,3,2 100,1,1
87,15,13 100,6,6
100,7,7 100,1,1
100,1,1 100,1,1
100,2,2 0,1,0 100,1,1 100,1,1
50,2,1 50,2,1 100,4,4 100,1,1
100,1,1 100,1,1 100,1,1 50,2,1 100,8,8
100,4,4 100,1,1
100,1,1 0,1,0 100,1,1 100,3,3 100,1,1 100,3,3 100,1,1 100,3,3