{"id":314967,"date":"2026-05-29T15:47:08","date_gmt":"2026-05-29T15:47:08","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/anti-spam-protection\/"},"modified":"2026-05-29T16:00:58","modified_gmt":"2026-05-29T16:00:58","slug":"solverguard-spam-shield","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/solverguard-spam-shield\/","author":17927996,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.2","stable_tag":"1.0.2","tested":"7.0","requires":"5.8","requires_php":"7.4","requires_plugins":null,"header_name":"SolverGuard Spam Shield","header_author":"SolverWP","header_description":"A powerful multi-layered anti-spam protection for Contact Form 7 and WordPress comments. Includes honeypot, time-based checks, IP blocking, keyword filtering, reCAPTCHA v3, submission rate limiting, and native comment spam protection.","assets_banners_color":"12342e","last_updated":"2026-05-29 16:00:58","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/solverguard-spam-shield","header_author_uri":"https:\/\/solverwp.com\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":60,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.2":{"tag":"1.0.2","author":"solverwp","date":"2026-05-29 16:00:58"}},"upgrade_notice":{"1.0.2":"<p>Major update adding login protection, registration spam protection, advanced bot protection, XML-RPC hardening, security headers, and more. All new modules are enabled by default with safe settings. Review your settings after upgrading.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3553784,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":3553777,"resolution":"772x250","location":"assets","locale":"","width":2204,"height":713}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.2"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"<strong>Settings Page<\/strong> \u2014 All modules in a single, clean tabbed admin panel. Toggle individual features on or off instantly.","2":"<strong>Spam Log<\/strong> \u2014 Full audit log showing blocked requests with IP, module, reason, and timestamp.","3":"<strong>Bot Protection Settings<\/strong> \u2014 Granular control over all bot detection layers.","4":"<strong>Registration Spam Settings<\/strong> \u2014 Email domain blocking, honeypot, rate limiting, and keyword filtering for registration.","5":"<strong>Login Protection Settings<\/strong> \u2014 Configure failed attempt limits and lockout duration."}},"plugin_section":[],"plugin_tags":[2656,166108,598,1229,599],"plugin_category":[38,54],"plugin_contributors":[190348],"plugin_business_model":[],"class_list":["post-314967","plugin","type-plugin","status-publish","hentry","plugin_tags-anti-spam","plugin_tags-bot-protection","plugin_tags-honeypot","plugin_tags-login-security","plugin_tags-spam","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-solverwp","plugin_committers-solverwp"],"banners":{"banner":"https:\/\/ps.w.org\/solverguard-spam-shield\/assets\/banner-772x250.png?rev=3553777","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/solverguard-spam-shield\/assets\/icon-128x128.png?rev=3553784","icon_2x":false,"generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>SolverGuard Spam Shield<\/strong> is the only free WordPress plugin that protects every entry point of your site \u2014 contact forms, comment sections, user registrations, login page, REST API, XML-RPC, and your server itself \u2014 with zero shortcodes and zero per-form configuration required.<\/p>\n\n<p>While most anti-spam plugins protect only one area of your site, SolverGuard deploys <strong>30+ independent protection layers<\/strong> across six major modules. Install it, activate it, and your entire WordPress site is defended immediately.<\/p>\n\n<blockquote>\n  <p><strong>\"Set it and forget it\" protection \u2014 works automatically from the moment you activate.\"<\/strong><\/p>\n<\/blockquote>\n\n\n\n<h4>\ud83d\udee1\ufe0f MODULE 1: Contact Form 7 Protection<\/h4>\n\n<p>Six independent spam-fighting layers apply automatically to every CF7 form on your site \u2014 no per-form setup needed.<\/p>\n\n<ul>\n<li><strong>\ud83c\udf6f Honeypot<\/strong> \u2014 An invisible hidden field is silently injected into every form. Real users never see it or fill it in. Bots that auto-fill every field get caught instantly and blocked.<\/li>\n<li><strong>\u23f1 Time-Based Check<\/strong> \u2014 Bots submit forms in milliseconds; humans take a few seconds to read and fill out a form. This module blocks submissions that arrive suspiciously fast (bots) or from stale, expired sessions, eliminating both automated attacks and session replay attacks.<\/li>\n<li><strong>\ud83d\udeab IP Blocker<\/strong> \u2014 Block individual IP addresses or entire CIDR network ranges (e.g. <code>10.0.0.0\/8<\/code>) from submitting any form on your site. The same block list is automatically shared with comments, login, and registration protection for maximum coverage.<\/li>\n<li><strong>\ud83d\udd24 Keyword Filter<\/strong> \u2014 Case-insensitive keyword and phrase matching scans every submitted form field simultaneously. Block spam phrases, competitor names, casino\/pharma keywords, or any custom list of prohibited terms.<\/li>\n<li><strong>\ud83d\udcc8 Rate Limiter<\/strong> \u2014 Caps the number of form submissions per IP address within a configurable sliding time window. Stops bots that submit the same form hundreds of times per hour, without ever impacting real users.<\/li>\n<li><strong>\ud83e\udd16 Google reCAPTCHA v3<\/strong> \u2014 Silent, frictionless bot scoring via Google's reCAPTCHA v3. No annoying checkboxes or image puzzles for real visitors \u2014 the score is calculated invisibly in the background and submissions below your threshold are blocked automatically.<\/li>\n<\/ul>\n\n\n\n<h4>\ud83d\udcac MODULE 2: Comment Spam Protection<\/h4>\n\n<p>Ten layers of dedicated comment spam protection, covering every submission path including Gutenberg and headless REST API setups.<\/p>\n\n<ul>\n<li><strong>\ud83c\udf6f Comment Honeypot<\/strong> \u2014 A hidden anti-spam field is injected into every WordPress comment form automatically.<\/li>\n<li><strong>\u23f1 Comment Time Check<\/strong> \u2014 Blocks comments submitted too quickly after page load (bots) or from sessions that expired too long ago.<\/li>\n<li><strong>\ud83d\udeab IP Blocking<\/strong> \u2014 Automatically reuses the shared IP block list \u2014 block an IP once, block it everywhere.<\/li>\n<li><strong>\ud83d\udcc8 Comment Rate Limiter<\/strong> \u2014 Separate per-IP rate limiting specifically for comments, independent of form rate limiting.<\/li>\n<li><strong>\ud83d\udd24 Comment Keywords<\/strong> \u2014 A global keyword list plus comment-specific blocked phrases. Stop spam before it reaches your moderation queue.<\/li>\n<li><strong>\ud83d\udd17 Link Count Limit<\/strong> \u2014 Block comments containing more than a configurable number of hyperlinks \u2014 the #1 hallmark of spam comments.<\/li>\n<li><strong>\ud83d\udce7 Email Domain Blocking<\/strong> \u2014 Block registrations and comments from disposable or known spam email domains. Enter a list of blocked domains and all matching email addresses are automatically rejected.<\/li>\n<li><strong>\ud83e\udd16 User-Agent Filtering<\/strong> \u2014 Block comments from known spam bot user-agents. Optionally block requests with no user-agent header at all.<\/li>\n<li><strong>\u23f3 Hold Comments With Author URL<\/strong> \u2014 Automatically sends comments from authors with a URL in their display name to moderation, rather than publishing them instantly.<\/li>\n<li><strong>\ud83c\udf10 REST API Protection<\/strong> \u2014 All comment spam checks also apply to submissions made via the WordPress REST API (used by Gutenberg and headless\/decoupled WordPress setups).<\/li>\n<\/ul>\n\n\n\n<h4>\ud83d\udd10 MODULE 3: Login &amp; Brute-Force Protection<\/h4>\n\n<p>Stop hackers from guessing your password with automated brute-force attacks.<\/p>\n\n<ul>\n<li><strong>\ud83d\udd12 Login Rate Limiting<\/strong> \u2014 After a configurable number of failed login attempts from the same IP, further attempts are blocked for a configurable lockout period. Stops dictionary attacks and credential-stuffing bots cold.<\/li>\n<li><strong>\u23f1 Configurable Lockout<\/strong> \u2014 Set exactly how many failed attempts trigger a lockout, and how many minutes the lockout lasts. Default: 5 attempts, 15-minute lockout.<\/li>\n<li><strong>\ud83d\udccb Full Audit Logging<\/strong> \u2014 Every blocked login attempt is logged with the IP address, timestamp, and the reason for the block, so you can see exactly what threats your site faces.<\/li>\n<\/ul>\n\n\n\n<h4>\ud83d\udc64 MODULE 4: Registration Spam Protection<\/h4>\n\n<p>Block fake accounts and spam bot registrations before they are ever created in your database.<\/p>\n\n<ul>\n<li><strong>\ud83c\udf6f Registration Honeypot<\/strong> \u2014 A hidden field traps bots that auto-fill every registration field.<\/li>\n<li><strong>\u23f1 Registration Time Check<\/strong> \u2014 Blocks registrations submitted impossibly fast or from expired form sessions.<\/li>\n<li><strong>\ud83d\udce7 Email Domain Blocking<\/strong> \u2014 Block registrations from specific disposable email domains. Subdomain matching included \u2014 blocking <code>spammail.com<\/code> also blocks <code>user@sub.spammail.com<\/code>.<\/li>\n<li><strong>\ud83d\udd24 Username &amp; Email Keyword Filter<\/strong> \u2014 Blocks registrations with prohibited words in the username or email address.<\/li>\n<li><strong>\ud83d\udcc8 Registration Rate Limiter<\/strong> \u2014 Limits the number of registration attempts per IP in a configurable period.<\/li>\n<li><strong>\ud83c\udf10 REST API &amp; XML-RPC Coverage<\/strong> \u2014 Protection applies to ALL registration paths: the standard form, the WordPress REST API, and direct <code>wp_insert_user()<\/code> calls. Fake accounts are blocked before they are ever written to the database, which also prevents WordPress from sending notification emails for blocked registrations.<\/li>\n<\/ul>\n\n\n\n<h4>\ud83e\udd16 MODULE 5: Advanced Bot Protection<\/h4>\n\n<p>A dedicated bot-detection engine that runs before WordPress even fully loads \u2014 blocking malicious traffic at the earliest possible moment.<\/p>\n\n<ul>\n<li><strong>\ud83d\udd75\ufe0f Known Bad Bot Blacklist<\/strong> \u2014 30+ built-in user-agent signatures covering scrapers (AhrefsBot, SemrushBot, MJ12bot), vulnerability scanners (Nikto, sqlmap, WPScan, Acunetix, Nessus), DDoS tools (Slowloris, LOIC), AI crawlers, and spam bots. Fully customizable with your own additional signatures.<\/li>\n<li><strong>\ud83d\udeab Empty User-Agent Blocking<\/strong> \u2014 Blocks all requests with no User-Agent header \u2014 a near-universal sign of automated attack traffic.<\/li>\n<li><strong>\ud83d\udd0d Fake Googlebot \/ Bingbot Detection<\/strong> \u2014 Real Googlebots come from specific Google-owned IP ranges with verifiable reverse DNS. This module performs a live reverse DNS lookup to verify any request claiming to be Googlebot or Bingbot, and blocks fakes that don't pass verification. Protects your server resources from being wasted on impersonators.<\/li>\n<li><strong>\u26a0\ufe0f Suspicious URL Pattern Blocking<\/strong> \u2014 Blocks probes for sensitive files and attack patterns including:\n\n<ul>\n<li><code>\/wp-config.php<\/code>, <code>\/.env<\/code>, <code>\/.git\/<\/code>, <code>\/.htaccess<\/code> access attempts<\/li>\n<li>Web shell uploads (<code>shell.php<\/code>, <code>c99.php<\/code>, <code>r57.php<\/code>)<\/li>\n<li>Directory traversal attacks (<code>..\/..\/<\/code>)<\/li>\n<li>SQL injection in URLs (<code>UNION SELECT<\/code>, <code>DROP TABLE<\/code>)<\/li>\n<li>XML\/XXE injection attempts<\/li>\n<li>phpMyAdmin and database tool probes<\/li>\n<li>WordPress scanner paths (<code>\/wp-content\/uploads\/*.php<\/code>)<\/li>\n<\/ul><\/li>\n<li><strong>\ud83c\udf0a Request Flood Protection<\/strong> \u2014 Sitewide per-IP rate limiting that blocks any IP sending excessive requests within a configurable time window. Stops DDoS and scraping attacks that would otherwise overload your server.<\/li>\n<li><strong>\ud83d\udd12 HTTP Method Filter<\/strong> \u2014 Blocks unnecessary and dangerous HTTP methods such as TRACE and CONNECT that are used by certain attack tools.<\/li>\n<li><strong>\ud83d\udee1\ufe0f Security Headers<\/strong> \u2014 Automatically adds five HTTP security headers to every response:\n\n<ul>\n<li><code>X-Content-Type-Options: nosniff<\/code><\/li>\n<li><code>X-Frame-Options: SAMEORIGIN<\/code><\/li>\n<li><code>X-XSS-Protection: 1; mode=block<\/code><\/li>\n<li><code>Referrer-Policy: strict-origin-when-cross-origin<\/code><\/li>\n<li><code>Permissions-Policy: geolocation=(), microphone=(), camera=()<\/code><\/li>\n<\/ul><\/li>\n<li><strong>\ud83c\udfad Hide WordPress Version<\/strong> \u2014 Removes the WordPress version number from page source, RSS feeds, script\/style URLs, and HTTP headers \u2014 making version-specific exploit scanning much harder.<\/li>\n<li><strong>\ud83d\udc64 Block Author Enumeration<\/strong> \u2014 Blocks the <code>?author=1<\/code> URL trick that attackers use to discover your WordPress usernames before launching targeted brute-force attacks.<\/li>\n<li><strong>\u270f\ufe0f Custom Bot Signatures &amp; URL Patterns<\/strong> \u2014 Add your own custom bot user-agent signatures and URL regex patterns directly from the admin panel.<\/li>\n<\/ul>\n\n\n\n<h4>\u2699\ufe0f MODULE 6: General WordPress-Wide Protection<\/h4>\n\n<p>Site-wide hardening that protects your WordPress installation at the infrastructure level.<\/p>\n\n<ul>\n<li><strong>\ud83d\udce1 XML-RPC Protection<\/strong> \u2014 Fully disable XML-RPC (a common DDoS amplification vector), or choose the surgical option: disable only the pingback methods while leaving the rest of XML-RPC available for legitimate use (e.g. mobile apps).<\/li>\n<li><strong>\ud83d\udd17 REST API Rate Limiting<\/strong> \u2014 Rate-limit unauthenticated REST API requests per IP to prevent API abuse by bots and scrapers.<\/li>\n<li><strong>\ud83d\udeab REST API User Enumeration Block<\/strong> \u2014 Automatically blocks unauthenticated access to the <code>\/wp\/v2\/users<\/code> REST endpoint, which attackers use to harvest all WordPress usernames on your site.<\/li>\n<li><strong>\ud83c\udfd3 Trackback &amp; Pingback Spam Blocking<\/strong> \u2014 Block all incoming trackback and pingback requests sitewide. Also removes the <code>X-Pingback<\/code> HTTP header and the pingback URL from your blog info to hide the endpoint from probes.<\/li>\n<li><strong>\ud83d\udd17 Comment Author URL Hold<\/strong> \u2014 Automatically sends any comment to moderation when the author's display name contains a URL \u2014 a common spam technique.<\/li>\n<\/ul>\n\n\n\n<h4>\ud83d\udcca Spam Log &amp; Reporting<\/h4>\n\n<ul>\n<li><strong>Full Audit Log<\/strong> \u2014 Every blocked request is logged with the IP address, user-agent, submission data, block reason, and timestamp. Available under <strong>Anti-Spam Protection \u2192 Spam Log<\/strong>.<\/li>\n<li><strong>Filter by Module<\/strong> \u2014 Quickly find blocked entries by protection module (honeypot, rate limiter, bot protection, login, registration, etc.).<\/li>\n<li><strong>Automatic Log Cleanup<\/strong> \u2014 Set a log retention period in days and old entries are automatically purged. Keep your database clean without manual work.<\/li>\n<li><strong>One-Click Log Clear<\/strong> \u2014 Clear all log entries instantly from the admin panel.<\/li>\n<\/ul>\n\n\n\n<h4>\u2705 Why Choose SolverGuard Spam Shield?<\/h4>\n\n\n\n\n  Feature\n  SolverGuard\n  Typical Free Plugin\n\n\n\n\n  CF7 Form Protection\n  \u2705 6 layers\n  \u2705 1-2 layers\n\n\n  Comment Spam Protection\n  \u2705 10 layers\n  \u2705 Basic\n\n\n  Login Brute-Force Protection\n  \u2705 Yes\n  \u274c No\n\n\n  Registration Spam Protection\n  \u2705 Yes\n  \u274c No\n\n\n  Advanced Bot Protection\n  \u2705 10+ checks\n  \u274c No\n\n\n  XML-RPC &amp; REST API Hardening\n  \u2705 Yes\n  \u274c No\n\n\n  Security Headers\n  \u2705 Yes\n  \u274c No\n\n\n  Hide WordPress Version\n  \u2705 Yes\n  \u274c No\n\n\n  Author Enumeration Block\n  \u2705 Yes\n  \u274c No\n\n\n  Spam Log with Auto-Cleanup\n  \u2705 Yes\n  \u274c No\n\n\n  Zero Configuration Required\n  \u2705 Works instantly\n  \u26a0\ufe0f Often requires setup\n\n\n  100% Free\n  \u2705 Yes\n  \u2705 Yes\n\n\n\n\n\n\n<h4>Works Automatically \u2014 Zero Configuration Required<\/h4>\n\n<p>All protection layers activate automatically the moment you install and activate the plugin. No shortcodes to add, no per-form configuration, no template edits. Every module can be individually toggled on or off, and all settings are accessible from a single admin page under <strong>Anti-Spam Protection \u2192 Settings<\/strong>.<\/p>\n\n\n\n<h3>External Services<\/h3>\n\n<p>This plugin optionally integrates with <strong>Google reCAPTCHA v3<\/strong> for silent spam scoring on Contact Form 7 submissions. This feature is <strong>disabled by default<\/strong> and must be explicitly enabled by the site administrator by entering their own reCAPTCHA site and secret keys.<\/p>\n\n<p><strong>What data is sent and when?<\/strong>\nWhen reCAPTCHA is enabled, the visitor's reCAPTCHA response token and IP address are sent to Google's servers at the time of a form submission.<\/p>\n\n<p><strong>No data is sent to Google if the reCAPTCHA module is disabled.<\/strong><\/p>\n\n<ul>\n<li>Service: Google reCAPTCHA v3<\/li>\n<li>Provider: Google LLC<\/li>\n<li>Terms of Service: https:\/\/policies.google.com\/terms<\/li>\n<li>Privacy Policy: https:\/\/policies.google.com\/privacy<\/li>\n<\/ul>\n\n<p>No other data is sent to any external service. All spam detection is performed locally on your own server.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>solverguard-spam-shield<\/code> folder to <code>\/wp-content\/plugins\/<\/code>, or install directly via <strong>Plugins \u2192 Add New<\/strong> in your WordPress dashboard.<\/li>\n<li>Activate the plugin from <strong>Plugins \u2192 Installed Plugins<\/strong>.<\/li>\n<li>Go to <strong>Anti-Spam Protection \u2192 Settings<\/strong> to review and configure each module (all modules are pre-enabled with sensible defaults \u2014 no configuration is required to get started).<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20work%20with%20all%20cf7%20forms%20automatically%3F\"><h3>Does this work with all CF7 forms automatically?<\/h3><\/dt>\n<dd><p>Yes. All six Contact Form 7 protection layers are applied globally to every CF7 form on your site without any per-form configuration. Simply activate the plugin and your forms are protected.<\/p><\/dd>\n<dt id=\"do%20i%20need%20contact%20form%207%20installed%3F\"><h3>Do I need Contact Form 7 installed?<\/h3><\/dt>\n<dd><p>No. The CF7-specific modules (Honeypot, Time Check, Rate Limiter, Keyword Filter, reCAPTCHA) only activate if CF7 is detected. All other modules \u2014 bot protection, login protection, registration protection, comment protection, XML-RPC hardening, and security headers \u2014 work independently of CF7.<\/p><\/dd>\n<dt id=\"will%20this%20slow%20down%20my%20website%3F\"><h3>Will this slow down my website?<\/h3><\/dt>\n<dd><p>No. The plugin is designed with performance in mind. Bot protection and security checks run before WordPress loads heavy resources, so blocked requests are terminated early. Spam checks are lightweight transient-based lookups. Real visitors on your site will experience no measurable performance impact.<\/p><\/dd>\n<dt id=\"how%20do%20i%20enable%20recaptcha%20v3%3F\"><h3>How do I enable reCAPTCHA v3?<\/h3><\/dt>\n<dd><ol>\n<li>Go to the <a href=\"https:\/\/www.google.com\/recaptcha\/admin\">Google reCAPTCHA admin console<\/a>.<\/li>\n<li>Register a new site with <strong>reCAPTCHA v3<\/strong>.<\/li>\n<li>Copy your <strong>Site Key<\/strong> and <strong>Secret Key<\/strong> into the plugin settings under the reCAPTCHA tab.<\/li>\n<li>Enable reCAPTCHA v3 and set your score threshold (Google recommends 0.5).<\/li>\n<\/ol><\/dd>\n<dt id=\"can%20i%20block%20entire%20countries%3F\"><h3>Can I block entire countries?<\/h3><\/dt>\n<dd><p>You can block CIDR IP ranges in the IP Blocker tab, which covers known regional IP ranges. For granular country-level blocking, combine this with a Cloudflare firewall rule or similar CDN-based geo-blocking service.<\/p><\/dd>\n<dt id=\"does%20the%20login%20protection%20work%20with%20woocommerce%20and%20custom%20login%20pages%3F\"><h3>Does the Login Protection work with WooCommerce and custom login pages?<\/h3><\/dt>\n<dd><p>Yes. Login rate limiting hooks into WordPress core's authentication system, so it works with any login form that uses the standard WordPress authentication, including WooCommerce My Account, BuddyPress, bbPress, and most membership plugins.<\/p><\/dd>\n<dt id=\"what%20is%20author%20enumeration%20and%20why%20should%20i%20block%20it%3F\"><h3>What is author enumeration and why should I block it?<\/h3><\/dt>\n<dd><p>Author enumeration is a reconnaissance technique where an attacker visits <code>yoursite.com\/?author=1<\/code>, <code>?author=2<\/code>, etc. to discover the usernames of all WordPress users. Once an attacker has your username, they only need to guess the password. Blocking author enumeration is an important first line of defense against targeted brute-force attacks.<\/p><\/dd>\n<dt id=\"will%20blocking%20xml-rpc%20break%20anything%3F\"><h3>Will blocking XML-RPC break anything?<\/h3><\/dt>\n<dd><p>It depends on whether you use any tools that rely on XML-RPC (such as older mobile apps, certain desktop publishing tools, or Jetpack). If you are unsure, use the \"Disable only pingback\" option instead of the full disable \u2014 this stops the most common XML-RPC abuse (DDoS pingback amplification) while leaving legitimate XML-RPC functionality intact.<\/p><\/dd>\n<dt id=\"can%20i%20whitelist%20my%20own%20ip%20so%20i%27m%20never%20locked%20out%3F\"><h3>Can I whitelist my own IP so I'm never locked out?<\/h3><\/dt>\n<dd><p>You can ensure your own IP is not listed in the IP Blocker. The login rate limiter skips logged-in administrators. If you are ever locked out, you can disable the login rate limiter by deactivating the plugin temporarily via FTP or your hosting file manager.<\/p><\/dd>\n<dt id=\"is%20this%20plugin%20compatible%20with%20multisite%3F\"><h3>Is this plugin compatible with multisite?<\/h3><\/dt>\n<dd><p>The plugin functions on multisite installations. Network-wide activation applies settings on a per-site basis.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20caching%20plugins%3F\"><h3>Does it work with caching plugins?<\/h3><\/dt>\n<dd><p>Yes. All spam checks run on form submissions and POST requests, which caching plugins do not cache. Your page caching is not affected.<\/p>\n\n<\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.2<\/h4>\n\n<ul>\n<li>Added Advanced Bot Protection module with 10 detection layers.<\/li>\n<li>Added Login brute-force rate limiting.<\/li>\n<li>Added Registration Spam Protection (honeypot, time check, email domain blocking, rate limiter).<\/li>\n<li>Added General WordPress hardening (XML-RPC control, REST API rate limiting, user enumeration blocking, trackback\/pingback blocking).<\/li>\n<li>Added Security Headers (X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy).<\/li>\n<li>Added WordPress version hiding.<\/li>\n<li>Added author enumeration blocking.<\/li>\n<li>Added Fake Googlebot \/ Bingbot detection via reverse DNS.<\/li>\n<li>Added suspicious URL pattern blocking (SQL injection, directory traversal, shell upload probes).<\/li>\n<li>Added request flood protection (sitewide per-IP rate limiting).<\/li>\n<li>Added REST API user enumeration blocking.<\/li>\n<li>Improved spam log with filtering and auto-cleanup.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release with CF7 honeypot, time check, IP blocker, keyword filter, rate limiter, reCAPTCHA v3, and comment spam protection.<\/li>\n<\/ul>","raw_excerpt":"The most complete free WordPress anti-spam plugin. Protects Contact Form 7, comments, login, registration, REST API, and XML-RPC \u2014 all in one shield.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/314967","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=314967"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/solverwp"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=314967"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=314967"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=314967"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=314967"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=314967"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=314967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}