WP-SpamShield Anti-Spam – All-in-One Spam Protection

Description

An exceptionally powerful and user-friendly WordPress anti-spam plugin that eliminates comment spam, contact form spam, registration spam, trackback spam, pingback spam, and every other type of WordPress spam.

The All-in-One Anti-Spam Plugin for WordPress – Without CAPTCHAs

Leading edge WordPress spam protection, with NO CAPTCHAs, challenge questions or other inconvenience to site visitors. This plugin works silently in the background, and simply makes WordPress spam disappear.

Supports: Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms & Comments, BuddyPress, bbPress, WooCommerce, s2Member, WP-Members, Mailchimp, Fast Secure Contact Form, Formidable Forms, almost all WordPress forms, and almost all WordPress registration forms. Automatically!

NEED HELP?

Plugin Documentation | Troubleshooting Guide | FAQs | Support Requests

How It Works

Most of the spam hitting your site originates from bots, but quite a bit comes from humans too. This plugin works like a firewall to ensure that your commenters are in fact, human, and that those humans aren’t spamming you.

Two Layers of Spam Blocking

There are two layers of leading edge anti-spam protection that work together to block both automated (spambots) and human spam:

  1. The JavaScript/Cookies Anti-Spam Layer
  2. The Algorithmic Anti-Spam Layer

The first anti-spam layer uses a dynamic combination of JavaScript and cookies to weed out the humans from spambots, preventing 100% of automated spam from ever getting to your site. Even if bot authors could engineer a way to break through the JavaScript/Cookies Anti-Spam Layer, the Algorithmic Anti-Spam Layer would still stop almost all of the spam that the JavaScript Layer blocks, and provides close to a fully redundant backstop. This JavaScript Anti-Spam Layer utilizes multiple randomly generated keys, and is algorithmically enhanced to ensure that spambots won’t beat it. The powerful Algorithmic Anti-Spam Layer consists of over 100 advanced filters, and eliminates trackback spam and most human spam as well. And, it does all that without hindering legitimate comments, trackbacks, contact forms, or registrations.

No More Wasted Time Sifting Through the Comment Spam Queue

This type of solution works invisibly in the background, with no inconveniences. You won’t have to waste valuable time sifting through a spam queue any more, because there won’t be anything there.

WP-SpamShield is different from other anti-spam plugins in that it BLOCKS spam at the front door of your site and doesn’t allow it into the WordPress database at all. Many other anti-spam plugins simply label a comment as spam, leaving you to sort through a spam queue, which wastes your valuable time. WP-SpamShield will give you back your time!

Improves User-Friendliness of Your Website

If you want to improve the user-friendliness of your site, this is THE anti-spam plugin you want. After all, why should your users have to prove they are human? Since your users won’t be inconvenienced by outdated and frustrating anti-spam methods, you will provide a smoother, trouble-free experience for your website users, which leads to improved readership, ad revenue, sales, or other types of conversion, and therefore greater success for your website.

Improves Security

Not allowing spam into the database improves security by potentially preventing SQL injection, DDoS, and XSS exploit attacks through automated spam comment submissions. WP-SpamShield fixes the security issues inherent to Pingbacks, and prevents Pingback-based DDoS attacks. As part of the Miscellaneous Form Spam Protection, the plugin protects against XML-RPC brute force amplification attacks. The plugin also has several other features that improve security, such as blocking certain potentially dangerous URLs in spam comment submissions, and limiting comment size to 15kb. (15kb of text is roughly the equivalent of 3 typed pages in Microsoft Word, single-spaced, so that’s more than enough for even the longest of comments.) See this blog post for more info.

Helps Improve Overall Website Performance

The plugin helps keep your WordPress database slimmer and more efficient (keeping your site running faster in the long term) by not allowing the thousands upon thousands of spam comments into it, which could bloat the database and potentially corrupt it. Keeping your database lean is extremely important, because bloated databases result in much longer query times and increased server load, slowing down a site dramatically even for simple functions. If website performance is important to you, then you definitely want an anti-spam plugin like WP-SpamShield instead of a plugin that uses a spam queue. See this FAQ for more detailed info.

ZERO False Positives

It does all this with ZERO false positives, because of the method used to block spam. Notice we didn’t say a “low false positive rate” – we said ZERO false positives. If a comment/contact form/registration gets blocked as spam, the user is given instant feedback and has a chance to correct their comment/contact form/registration/etc and try again, which means there cannot be false positives. This leads to fewer frustrated website visitors, and less work for you. We are committed to keeping the promise of zero false positives.

100% Pingback/Trackback Validation and Anti-Spam

The trackback validation contains a filter that compares the client IP address of the incoming trackbacks and pingbacks against the IP address of the server where the link is supposedly coming from. If they don’t come from the same server, then it is guaranteed spam, without fail. This alone eliminates more than 99.99% of trackback & pingback spam. Trackback spammers don’t send spam out from the same server where their clients’ websites reside. There are algorithmic anti-spam filters in place to ensure 100% trackback/pingback spam blocking. You can be confident that only legitimate trackbacks and pingbacks will get through.

Includes a Spam-Free Contact Form, and Anti-Spam for Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, and Most Other Forms

Includes drop-in spam-free contact form, with easy one-click installation. Easy to use – no configuration necessary, but you can configure it if you like. (See Installation for info.) WP-SpamShield also includes automatic anti-spam protection for Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, Fast Secure Contact Forms, Formidable Forms, and more. (You don’t have to do a thing…just add your Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, or other forms to your site, and they will automatically be protected.) It will automatically protect most forms on your WordPress site from automated spam, even if they are not listed here.

WordPress Registration Anti-Spam

The plugin also includes powerful protection from user registration spam. Once you install WP-SpamShield, you don’t have to worry about bots or spammy users signing up any more. (Note: This protects almost all registration forms, including the WordPress default registration form, and registration forms for bbPress, BuddyPress, WooCommerce, s2Member, WP-Members, and many more. See this FAQ for more info.

Stops Email Harvesters

The plugin has a feature to thwart email harvesting bots and keep them from scraping your site for email addresses. (Which helps reduce spam in your email inbox.) The plugin automatically obfuscates plain text email addresses and mailto links in your website content by encoding them into HTML entities (hexadecimal and decimal character codes that look like gibberish to harvesters, but render the email addresses perfectly in a browser). It protects email addresses on pages, posts, comments, excerpts, and text widgets.

Why Not Just Use a CAPTCHA-Based Anti-Spam Method?

The concept of using a CAPTCHA as an anti-spam solution in this modern day and age is flawed for several reasons:

  1. It’s an outdated concept that has far outlived its usefulness, and was originally developed before user-friendliness was a high priority.
  2. It goes in the exact opposite direction of user-friendly design principles. Think about it. Users of your website have to type in numbers and letters obscured by squiggly lines and symbols, only to be told they are wrong several times, even after typing in the correct answer. This is proven to hurt website business and revenue because of the negative feelings it causes. People simply don’t like CAPTCHAs.
  3. It is not the user’s responsibility to separate humans from bots, or to stop spam; it’s the web developer’s responsibility. Even if the CAPTCHA is simple, and all the user has to do is click a button, it is still annoying and unnecessary. It’s one extra step that you are putting between your user and their end goal.
  4. CAPTCHAs can be defeated. In fact, bots have been cracking CAPTCHAs since 2008. The only benefit of a CAPTCHA was that it was considered to be unbeatable by bots. That day is long past.
  5. Why use a CAPTCHA when there are better solutions that don’t inconvenience your website users?

Optimized and Scalable – Won’t Slow Down Your Site

This plugin has an extremely low overhead and won’t slow down your site, unlike some other anti-spam plugins. Each of the filters in the plugin have been benchmarked, and when processing comments for spam, the fastest filters are put at the front of the stack. Once a comment tests positive for spam, the testing process terminates and will not engage the remaining filters. Additionally, as mentioned above, by keeping spam out of the WordPress database altogether, WP-SpamShield helps keep your database slimmer and more efficient, which in turn helps keep your site running faster. This efficiency helps keep the server load down, and helps improve the overall performance of your site. WP-SpamShield is optimized to work well with all major caching plugins.

Faster than the Cloud

Speaking of scalability, WP-SpamShield can kill spam faster than any cloud-based anti-spam solution. Cloud-based anti-spam plugins are inherently slower at processing spam because they have to connect to an external server to check the spam status, which in turn will increase your site’s server load. With WP-SpamShield, all anti-spam processing happens directly on your website’s server, with lightning speed.

Free for Commercial and Personal Websites

No cost, no hidden fees. This powerful anti-spam plugin is free for both Commercial and Personal use. If you find that WP-SpamShield benefits you, and you’re so inclined, then feel free to make a donation.

Responsive and Helpful Tech Support

If you have any issues with the plugin, we are here to help. Simply submit a support request at the WP-SpamShield Support Page, and we’ll help you diagnose and fix the issue quickly. Don’t take our word for it though – look through our plugin ratings/reviews and notice the high percentage of resolved support threads and satisfied users.

Additional Features

  1. Now WP-SpamShield provides automatic anti-spam protection for: Contact Form 7 forms, Gravity Forms, Ninja Forms, JetPack Contact Forms; BuddyPress, bbPress and WooCommerce registration forms; Mailchimp signup forms; almost all other WordPress forms; and almost all registration forms!
  2. As of version 1.9.2, WP-SpamShield protects JetPack Comments from spam. (Making it one of the few anti-spam plugins that works with JetPack Comments.)
  3. A counter on your dashboard to keep track of all the spam it’s blocking. The numbers will show how effective this plugin is.
  4. See what’s been blocked with “Blocked Comment Logging Mode”, a temporary diagnostic mode that logs blocked spam (comments, trackbacks, registrations, and contact form submissions) for 7 days, then turns off automatically. If you want to see what spam has been blocked, or verify that everything is working, turn this on and see what WP-SpamShield is protecting your site from.
  5. Multiple languages available and more on the way. Currently includes Dutch (nl_NL), French (fr_FR), German (de_DE), Indonesian (id_ID), Italian (it_IT), and Serbian (sr_RS) translations. Ready for translation into other languages.
  6. Easy to install – truly plug and play. Just upload and activate. (Installation Status on the plugin admin page to let you know if plugin is installed correctly.)
  7. Compatible with, and optimized for all major cache plugins, including WP Super Cache and many others. Not all anti-spam plugins can say that.
  8. Display your blocked spam stats on your site. Customizable widgets for graphic counters to display spam stats, in multiple colors, sizes and options.
  9. Works in WordPress Multisite as well. (See the related FAQ for details.)
  10. Enhanced Comment Blacklist option. Instead of just sending comments to moderation as with WordPress’s default Comment Blacklist functionality, with this turned on, anything that matches a string in the blacklist will be completely blocked. Block specific human spammers by IP, email address, or a number of other options. The Enhanced Comment Blacklist has some improvements over the default WordPress blacklist functionality, and adds a link in the comment & contact form notification emails that will let you blacklist a spammer’s IP with one click. It also provides some advanced custom options for blocking spam on everything else that WP-SpamShield protects.
  11. WP-SpamShield Whitelist option. Allows you to specify certain users who you want to let bypass the antispam filters.
  12. This plugin is legal to use in Germany and the EU, and does not violate European privacy laws. It does not use any type of cloud-based service, spam data is not transmitted from your server to any other server, and all anti-spam processing happens directly on your website’s server.
  13. A truly plug and play replacement and upgrade for WP-SpamFree. (This plugin is a far more advanced fork of WP-SpamFree with dramatically improved page load speed, security, and spam blocking power, by its original author.) It will import your old data from WP-SpamFree automatically upon installation and activation, and features you were using on your site previously such as contact forms and spam stats will continue to work without any changes to pages, posts, or theme.

Languages Available

  • English
  • Dutch (nl_NL)
  • French (fr_FR)
  • German (de_DE)
  • Indonesian (id_ID)
  • Italian (it_IT)
  • Serbian (sr_RS)

If you would like to help translate, please get in touch with us.

Minimum Requirements

  • WordPress 4.0+ (Recommended: WordPress 4.5 or higher)
  • PHP 5.3+ (Recommended: PHP 5.6 or higher) [PHP 7 Compatible: YES – 100%]
  • Your server must be configured to allow the use of an .htaccess file. (This is enabled by default on the vast majority of servers.)

Please see the plugin documentation’s minimum requirements section for more information.

To find web hosts that meet and exceed the requirements, see our list of recommended web hosts.

WordPress Without Spam

How does it feel to run a WordPress site without being bombarded by blog comment spam, trackback spam, contact form spam, and registration spam? If you’re happy with the WP-SpamShield WordPress anti-spam plugin, let others know by reviewing the plugin!

Screenshots

  • WP-SpamShield Settings page
  • Widget - WP-SpamShield Counter - Graphic: Style 9
  • Blocked spam stats on the main Dashboard page
  • The WordPress spam queue after installing WP-SpamShield. Empty.
  • Widget - End Blog Spam
  • Widget - WP-SpamShield Counter - Custom: Style 1, Base Color 17
  • Widget - WP-SpamShield Counter - Custom: Style 1, Base Color 6
  • Widget - WP-SpamShield Counter - Custom: Style 2, Base Color 14
  • Widget - WP-SpamShield Counter - Custom: Style 2, Base Color 3
  • Widget - WP-SpamShield Counter - Graphic: Style 3

FAQ

We’ve put together a list of Frequently Asked Questions (FAQs) that will answer many of the questions out there. If you have an issue, please read these first.

Also, see the Troubleshooting Guide as it solves over 90% of support issues.

If you have any further questions, please submit them on the main WP-SpamShield Support Page (our main support channel) and we will be happy to help you out.

Reviews

This works amazingly well!

rrhode

I install this on every site I setup and haven't had any spam registrations or comment posts or anything. I haven't really looked into how it's possible but I think it's great! I just wanted to say thank you! Nice work!

Efficient and Silent

Miguel

Best solution found to the date. Not a single spam from forms since I've tested this plugin plus it's clean and silent. Awesome!

Read all 846 reviews

Changelog

1.9.9.9.5

released 03/27/17

  • Fixed a bug that caused a compatibility issue with the Slim Stat Analytics plugin and certain plugins making AJAX POST requests to the /wp-admin/admin-ajax.php file.
  • Made various code enhancements and improvements.
  • Maintenance: Updated the spam filters.

1.9.9.9.4

released 03/24/17

  • Made various code enhancements and improvements.
  • Maintenance: Updated the spam filters.

1.9.9.9.3

released 03/17/17

  • Added a compatibility improvement for browsers with aggressive caching.
  • Maintenance: Updated the spam filters.

1.9.9.9.2

released 03/15/17

  • Fixed a JavaScript bug in the jscripts.php file that affected certain sites.
  • Maintenance: Updated the spam filters.

1.9.9.9.1

released 03/13/17

  • Made various minor code enhancements and improvements.
  • Maintenance: Updated the spam filters.

1.9.9.9

released 02/09/17

  • Made some improvements to the whitelisting functionality.
  • Made some improvements to the widgets, and made some tweaks to make them fully compatible with the customizer. It was necessary to remove the custom color option and color picker on the “WP-SpamShield Counter – Custom” widget to make this possible. We may look into re-adding these in the future.
  • Made various code enhancements and improvements.
  • Improved some filters in the anti-spam algorithm.

1.9.9.8.9

released 01/31/17

  • Made various code enhancements and improvements.
  • Maintenance: Updated the spam filters.

1.9.9.8.8

released 01/28/17

  • Made various code enhancements and improvements.
  • Added new spam filters to the algorithm.
  • Improved some filters in the anti-spam algorithm.
  • Maintenance: Updated the spam filters.

1.9.9.8.7

released 01/22/17

  • Fixed a bug affecting certain server configurations.
  • Made various code enhancements and improvements.

1.9.9.8.6

released 01/21/17

  • Made various code enhancements and improvements.
  • Added an option to disable automatic plugin updates.
  • Maintenance: Updated the spam filters.

1.9.9.8.5

released 01/19/17

  • Fixed a bug causing PHP Notices/Warnings.
  • Made various code enhancements and improvements.
  • Maintenance: Updated the spam filters.

1.9.9.8.4

released 01/18/17

  • Fixed a bug in the web host detection function. The error was caused by new functionality imported from our RS System Diagnostic plugin in version 1.9.9.8.2 and has now been fixed.

1.9.9.8.3

released 01/18/17

  • Fixed a fatal error introduced in version 1.9.9.8.2 that affected Wordfence users.

1.9.9.8.2

released 01/18/17

  • Added robust detection for over 90 web hosting services to further improve compatibility with various server setups and edge cases. We developed this functionality for our RS System Diagnostic plugin and imported it to WP-SpamShield.
  • Added robust detection for web proxy/WAF/CDN services such as Cloudflare, Incapsula, and Sucuri CloudProxy. We developed this functionality for our RS System Diagnostic plugin and imported it to WP-SpamShield.
  • Improved support for Varnish and other server-side caching systems.
  • Added functionality to enforce existing plugin Minimum Requirement #3, “Your server must be configured to allow the use of an .htaccess file.” Accordingly, if a standalone Nginx server is detected, the plugin will deactivate. Standalone Nginx servers have never been supported by the plugin, and this has always been explained in the plugin Minimum Requirements, but unfortunately despite existing warnings in the admin, not everyone pays attention, and this became necessary.
  • Made various code enhancements and improvements.
  • Improved some filters in the anti-spam algorithm.
  • Maintenance: Updated existing spam filters.

1.9.9.8.1

released 12/23/16

  • Maintenance: Updated the spam filters.

1.9.9.8

released 11/27/16

  • Fixed a bug that caused a comments without a website entry to be incorrectly blocked.
  • Maintenance: Updated existing spam filters.

1.9.9.7

released 11/26/16

  • Fixed a bug that caused a compatibility issue with the CloudFlare plugin (version 3.0+).
  • Made various code enhancements and improvements.
  • Added new spam filters to the algorithm.
  • Improved some filters in the anti-spam algorithm.
  • Maintenance: Updated existing spam filters.

1.9.9.6

released 11/19/16

  • Fixed an issue affecting the Contact Form button in the WordPress editor, due to TinyMCE updates and other changes to the WordPress Editor in version 4.6. The new implementation ensures backwards compatibility.
  • Maintenance: Updated the spam filters.

1.9.9.5

released 11/11/16

  • Improved support for Varnish and other server-side caching systems.
  • Added support for secure cookie handling. On sites with HTTPS enabled, WP-SpamShield will now serve PHP cookies securely.
  • Made various code enhancements and improvements.
  • Improved some filters in the anti-spam algorithm.
  • Maintenance: Updated the spam filters.

1.9.9.4

released 10/22/16

  • Fixed a bug in the contact form settings.
  • Fixed a text capitalization error on localized registration form translations.
  • Fixed a bug in the blocked spam logging expiration time.
  • Added improved support for localized WooCommerce registration pages.
  • Made various code enhancements and improvements.
  • Added new spam filters to the algorithm.
  • Improved some filters in the anti-spam algorithm.
  • Maintenance: Updated existing spam filters.

1.9.9.3

released 10/08/16

  • Made various code enhancements and improvements.
  • Updated the spam filters.

1.9.9.2

released 08/29/16

  • Fixed a bug in the jscripts.php file that affected PHP versions 5.4 and below.
  • Updated the spam filters.

1.9.9.1

released 08/28/16

  • Made various code enhancements and improvements.
  • Updated the anti spam filters.

1.9.9

released 08/14/16

  • Made various code enhancements and improvements.
  • Tested and confirmed compatibility with WordPress 4.6.
  • Updated the anti spam filters.

1.9.8.9

released 07/12/16

  • Made various code enhancements and improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti spam filters.

1.9.8.8

released 06/20/16

  • Made various code enhancements and improvements.
  • Improved Whitelist functionality. Expanded the functionality of the Whitelist to allow not only email addresses, but IP addresses as well. Also, the Whitelist now affects all form/POST submission channels that the plugin protects. Previously it only applied to comments and contact forms.
  • Added protection against XML-RPC brute force amplification attacks. Added a filter to the Miscellaneous Form Spam Protection to block XML-RPC and REST requests from servers using spoofed Reverse DNS entries (ie. non-existant servers), a common element of these attacks used to mask an attacker’s identity. By doing a simple check to ensure that the server is real, all XML-RPC requests will have to originate from properly configured servers. For example, hackers will often use spoofed Reverse DNS entries (fake servers) when trying to brute-force your login passwords using the system.multicall function in XML-RPC (aka brute force amplification attacks). The plugin also employs a number of other methods to block these types of attacks. Stopping these attacks improves the security of your site.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti spam filters.

1.9.8.7

released 06/12/16

  • Made various code enhancements and improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti spam filters.

1.9.8.6

released 06/08/16

  • Made various code enhancements and improvements.
  • Fixed a couple bugs: Fixed a bug with the “Blacklist the IP Address” link in email notifications, and fixed a bug affecting certain AJAX requests.
  • Added an option to encode the body content of emails generated by the built-in contact form.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti spam filters.

1.9.8.5

released 06/04/16

  • Made various code enhancements and improvements.
  • Made various performance and speed optimization improvements.
  • Added an early-firing Pingback spam filter that STOPS pingback-based DDoS attacks. This filter fixes the security issue inherent to Pingbacks. It preempts WordPress’ slower Pingback validation with a very, very fast pre-check filter that eliminates 99.9% of pingback spam and saves a TON of bandwidth and server load. The plugin previously still blocked Pingback spam, but it fired after WordPress processed the Pingback. By adding the pre-check filter to the front of the stack in the processing queue, it prevents your site’s XML-RPC functionality from being abused for use in Pingback-based DDoS attacks against other sites, it prevents your site from being the victim of Pingback-based DDoS attacks, it takes a huge load off of WordPress by catching and blocking 99.9% of spam before processing, which speeds up your site and improves scalability.
  • Made some improvements to the log formatting.
  • Updated the anti spam filters.

1.9.8.4

released 05/30/16

  • Made various code enhancements and improvements.
  • Pre-emptive security enhancements.
  • Updated the anti spam filters.

1.9.8.3

released 05/22/16

  • Made various code enhancements and improvements.
  • Updated the anti spam filters.

1.9.8.2

released 05/17/16

  • Made various code enhancements and improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti spam filters.

1.9.8.1

released 05/10/16

  • Made various code enhancements and improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti spam filters.

1.9.8

released 05/01/16

  • Updated the anti spam filters.

1.9.7.9

released 04/27/16

  • Fixed a bug affecting pingback and trackback validation.
  • Improved some of the filters in the anti-spam algorithm.

1.9.7.8

released 04/26/16

  • Added detection and security warning notices for old versions of WordPress with known security vulnerabilities. The plugin will now periodically check the installed WordPress version against the WPScan Vulnerability Database for any known vulnerabilities.
  • Made some improvements to the built-in contact form and email formatting.
  • Added improved support for payment gateways and webhooks.
  • Added detection for more ecommerce plugins.
  • Extended the Enhanced Comment Blacklist (ECBL) protection from only comments and the built-in contact form, to now full protection of everything else WP-SpamShield protects: Contact Form 7, Gravity Forms, all miscellaneous 3rd party forms, and registration forms. Now, if you have a user who you want to block from signing up, you can block them by IP address or email, by enabling ECBL in the settings and entering that info into the blacklist.
  • Made various code enhancements and improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti spam filters.

1.9.7.7

released 03/25/16

  • Fixed 2 minor bugs.
  • Updated the anti spam filters.

1.9.7.6

released 03/23/16

  • Fixed a bug affecting ecommerce compatibility.
  • Updated the anti spam filters.

1.9.7.5

released 03/21/16

  • Fixed a bug in the translations.
  • Added detection for more ecommerce and cache plugins.
  • More compatibility improvements for surrogates (gateway caches/reverse proxies, see RFC 3040).
  • Made various code improvements.
  • Updated the anti spam filters.

1.9.7.4

released 03/11/16

  • Fixed a backwards compatibility issue with new user notification emails on old WordPress versions (lower than 4.3).
  • Minor translation improvements. Switched some of the translation strings to use WordPress’ built in translations in order to not duplicate efforts. This will allow some of the documentation and text to be translated even if the plugin doesn’t have a translation for that language yet. For example, registration forms will now be fully translated in every language that WordPress has a translation for.
  • Compatibility improvements for surrogates (gateway caches/reverse proxies, see RFC 3040).
  • Pre-emptive security enhancements.
  • Updated the anti spam filters.

1.9.7.3

released 03/06/16

  • Fixed a compatibility issue affecting multisite setups with domain mapping.
  • Made some improvements to the Autoptimize compatibility fix.
  • Made various minor code improvements.
  • Updated the anti spam filters.

1.9.7.2

released 02/18/16

  • Fixed an error detection bug that affected site owners who enable FORCE_SSL_ADMIN in wp-config.php.
  • Made various minor code improvements.
  • Updated the anti spam filters.

1.9.7.1

released 02/17/16

  • Added compatibility improvements for surrogates (gateway caches/reverse proxies, see RFC 3040).
  • Added detection for certain WordPress configuration errors that can prevent the plugin from working.
  • Made various code improvements.
  • Updated the anti spam filters.

1.9.7

released 02/15/16

  • Increased minimum required required PHP version to 5.3.21. We will eventually be phasing out support for PHP 5.3, as it reached end of life (EOL) 1.5 years ago in 2014. We recommend running at least PHP 5.5 or 5.6 on your server. It’s extremely important that users stay up to date with the most recent version of WordPress (currently 4.4.2) and a reasonably up-to-date version of PHP for security, functionality, and website performance. See PHP Unsupported Branches for more info.
  • Improved some of the anti spam filters for the built-in WP-SpamShield contact form.
  • Made various code improvements.
  • Updated the anti spam filters.

1.9.6.9

released 01/18/16

  • Made some improvements to the Autoptimize compatibility fix. Autoptimize added some new features in version 2.0, and we’ve been working with the author, Frank Goosens, on streamlining plugin compatibility.
  • Updated the anti-spam filters.

1.9.6.8

released 12/22/15

  • Increased minimum required WordPress version to 4.0. It’s extremely important that users stay up to date with the most recent version of WordPress (currently 4.4) for security and functionality.
  • Updated the anti-spam filters.

1.9.6.7

released 12/08/15

  • Updated the anti-spam filters.

1.9.6.6

released 11/28/15

  • Updated the anti-spam filters.

1.9.6.5

released 11/15/15

  • Updated the anti-spam filters.

1.9.6.4

released 10/30/15

  • Updated the anti-spam filters.

1.9.6.3

released 09/23/15

  • Updated the anti-spam filters.

1.9.6.2

released 09/18/15

  • Compatibility fix for new user notifications due to code change in WordPress 4.3.1.
  • Compatibility improvement for PayPal IPN when site is not using SSL to process e-commerce transactions.
  • Compatibility improvement for IIS servers.
  • Made various code improvements.
  • Updated the anti-spam filters.

1.9.6.1

released 09/10/15

  • Made various code improvements.
  • Updated the anti-spam filters.

1.9.6

released 09/04/15

  • Made various preemptive compatibility enhancements.
  • Reduced the total number of image files used in the plugin. Removed unused image files and converted images on the widgets admin page to use CSS sprites. All the plugin’s other widget images were already using CSS sprites.
  • Updated the anti-spam filters.

1.9.5.9

released 08/30/15

  • Compatibility fix for multi-page forms using the “Enable AJAX” option in Gravity Forms.
  • Updated the anti-spam filters.

1.9.5.8

released 08/28/15

  • Compatibility fix for Gravity Forms PayPal Standard Add-On plugin.
  • Compatibility fix for Vantage theme by Appthemes.
  • Added workarounds for two plugins on the Known Conflicts list: Affiliates, and New User Approve.
  • Made various other preemptive compatibility enhancements.
  • Pre-emptive security enhancements.
  • The log file can now be viewed by more than one administrator at a time.
  • Improved image optimization and file size reduction. Ran all plugin images though better lossless image compression to further reduce file size, for a total images file size reduction of 22%, and plugin package file size reduction of 15%. Plugin images were previously optimized, but new apps provide us with greatly improved lossless compression.
  • Made various code enhancements and improvements.
  • Updated the anti-spam filters.

1.9.5.7

released 08/22/15

  • Compatibility fix for a new issue starting in WordPress 4.3 that affected notification emails sent to new users after registering. In WordPress 4.3, some changes were made to the functionality of the notifications sent to new users after they registered. This prevented the password information from being shown in the notification emails when WP-SpamShield was active. This release fixes the issue while maintaining backwards compatibility with previous versions of WordPress.
  • Updated the anti-spam filters.

1.9.5.6

released 08/18/15

  • Added improved email address validation for WordPress by integrating a filter into the core is_email() function. Previously, the core is_email() function would allow many invalid email addresses to pass through. All WordPress functions and plugins that use is_email() will benefit from this improved email validation. Added RFC rules that are not included in the WordPress core function, and added Email Service Provider (ESP) specific rules for Gmail and Yahoo email addresses to prevent spammers from using email addresses that would pass RFC standards but can’t possibly exist at these providers. Will add further (ESP) specific rules for other providers in the future.
  • Compatibility fix for Flexible Posts Widget plugin.
  • Compatibility fix for Beaver Builder plugin.
  • Made additional browser and proxy cache control improvements for the jscripts.php file.
  • Made various code improvements.
  • Added screenshots to plugin’s WordPress.org page.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti-spam filters.

1.9.5.5

released 08/07/15

  • Added Indonesian Translation (id_ID). Thank you to GhozyLab for doing the Indonesian translation.
  • Improvements for WooCommerce login and registration pages.
  • Added new filter hooks that other developers can use to extend the plugin’s capabilities and bridge compatibility between plugins.
  • Browser and proxy cache control improvements for the jscripts.php file.
  • Made various code improvements.
  • Updated the anti-spam filters.

1.9.5.4

released 07/29/15

  • Fixed a bug in the integration with WooCommerce registration forms.
  • Roll back some changes from 1.9.5.3.
  • Made various code improvements.
  • Updated the anti-spam filters.

1.9.5.2

released 07/25/15

  • Made some preemptive fixes to the Gravity Forms integration to prevent JavaScript conflicts.
  • Added improved compatibility for certain BuddyPress themes and 3rd party registration pages.
  • Minor compatibility improvement for IIS servers.
  • Made various code improvements.
  • Updated the anti-spam filters.

1.9.5.1

released 07/22/15

  • Added improved compatibility for Fast Secure Contact Form plugin.
  • Added workaround for PHP bug in mb_substr() function on some servers.
  • Fixed an activation error caused by a function added in PHP 5.3 when plugin was activated on servers running PHP 5.2. (We no longer support PHP 5.2, but this error prevented our informational message from coming up.)
  • Made various code improvements.
  • Updated the anti-spam filters.

1.9.5

released 07/17/15

  • Improved Gravity Forms anti-spam protection and changed how it works to provide immediate feedback when spam is blocked. This makes it more consistent with how WP-SpamShield handles spam-blocking for everything else.
  • Added new anti-spam filters and improved handling for MailChimp forms.
  • Compatibility fix for payment gateways with Easy Digital Downloads plugin when website is not using SSL.
  • Compatibility fix for WooCommerce POS plugin.
  • Compatibility improvement for IIS servers.
  • Made various code improvements.
  • Updated the anti-spam filters.

1.9.4.2

released 07/13/15

  • Added a compatibility fix for AIT Themes.
  • Updated the anti-spam filters.

1.9.4.1

released 07/9/15

  • Fixed a bug with some of the anti-spam checks not being properly verified on certain server configurations with dynamic IP addresses.
  • Made various minor code improvements.
  • Updated the anti-spam filters.

1.9.4

released 07/1/15

  • Made various performance and speed optimization improvements.
  • Added gzip compression to both external JavaScript files, and far future Expires headers to the jscripts-ftr-min.js file (the external footer JavaScript) to further improve speed in loading.
  • Made some improvements to the Autoptimize compatibility fix.
  • Added a minor bug fix for Gravity Forms anti-spam.
  • Made various code improvements.
  • Updated the anti-spam filters.

1.9.3

released 06/25/15

  • Added an option in the settings to disable email harvester protection if you choose.
  • Made a number of code improvements to further improve overall performance, efficiency, and speed of the plugin.
  • Updated the anti-spam filters.

1.9.2

released 06/22/15

  • Added compatibility and anti-spam for JetPack Comments. Previously, due to JetPack modifying the core functionality of the WordPress comment system, the JetPack Comments module had to be deactivated, but now it only needs to be deactivated if you run Compatibility Mode.
  • Added improved compatibility and full anti-spam support for JetPack Contact Forms.
  • Made various logic and code improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti-spam filters.

1.9.1

released 06/18/15

  • Added 2 new Advanced Features: “Compatibility Mode” and “Disable Temporary Blacklist”. The Advanced Features are something new that we’ll be introducing over time, and are explained in the plugin documentation in more detail.
  • Added some improvements to the installation status detection.
  • Added automatic fixes for certain issues. During the installation status detection process the plugin will attempt to fix some uncommon issues by automatically switching the plugin into Compatibility Mode. (At the top of the Settings page it tells you if the plugin is installed correctly or not.)
  • Made various code improvements.
  • Improved some of the anti-spam filters for the built-in WP-SpamShield contact form, Contact Form 7, Gravity Forms, and miscellaneous forms.
  • Updated the anti-spam filters.

1.9.0.6

released 06/15/15

  • Added several improvements to the integration with ecommerce plugins.
  • Pre-emptive security enhancement for the log file (formerly temp-comments-log.txt) – added a randomly generated 32 character long key to the filename to make it unique (now temp-comments-log-{random key}.txt). The log was already protected by an .htaccess file and restricted to the IP address of the admin.
  • Made various code improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti-spam filters.

1.9.0.5

released 06/12/15

  • Added a new feature to thwart email harvesting bots and keep them from scraping your site for email addresses. It automatically obfuscates plain text email addresses and mailto links in your website content by encoding them into HTML entities (hexadecimal and decimal character codes that look like gibberish to harvesters, but render the email addresses perfectly in a browser). It protects email addresses on pages, posts, comments, excerpts, and text widgets. (It’s always best not to post email addresses on your site and use a contact form instead, but if you absolutely have to, they should be encoded.)
  • Compatibility fix for new users registering on a WooCommerce checkout page.
  • Made various code improvements.
  • Updated the anti-spam filters.

1.9.0.4

released 06/09/15

  • Added improved compatibility and full support for WooCommerce to protect its registration form from spam.
  • Made various code improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti-spam filters.

1.9.0.3

released 06/08/15

  • Added compatibility for 2 additional caching plugins: ZenCache and ZenCache Pro. As of this release, the following 14 cache plugins are supported: Cachify, DB Cache Reloaded, DB Cache Reloaded Fix, Gator Cache, Hyper Cache, Hyper Cache Extended, Lite Cache, Quick Cache, W3 Total Cache, WP Fast Cache, WP Fastest Cache, WP Super Cache, ZenCache, and ZenCache Pro.
  • Added options to disable anti-spam protection for Contact Form 7, Gravity Forms, and miscellaneous forms if you wish.
  • Made various code improvements.
  • Updated the anti-spam filters.

1.9.0.2

released 06/04/15

  • Fixed a couple bugs.
  • Added the option to set the minimum required comment length, from 1-30 characters. Previously, the minimum comment length was 15 characters.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti-spam filters.

1.9.0.1

released 06/03/15

  • Fixed a bug that caused a conflict with the WP Remote plugin.

1.9

released 06/02/15

  • Fixed a bug that caused a conflict with certain AJAX calls.
  • Fixed a bug with registration protection on BuddyPress legacy themes.

1.8.9.9

released 06/02/15

  • Added support for Contact Form 7 and Gravity Forms to automatically protect their contact forms from spam.
  • Added support for BuddyPress to protect its registration form from spam.
  • Added improved compatibility and full support for s2Member and WP-Members to protect their registration forms from spam.
  • Added automatic antispam protection for almost all registration forms (even forms that we have not specifically coded the plugin for), and many other WordPress forms.
  • Modified the .htaccess file to the wp-spamshield directory to improve compatibility with certain branches of Apache, including IdeaWebServer.
  • Improvement to the Autoptimize compatibility fix.
  • Made various code improvements and optimizations.
  • Updated the anti-spam filters.

1.8.9.8

released 05/30/15

  • Fixed a minor bug.

1.8.9.7

released 05/29/15

  • Added HTML 5 front-end validation to certain elements of the contact form and comments form.
  • Made various code improvements.
  • Updated the anti-spam filters.

1.8.9.6

released 05/26/15

  • Increased minimum required WordPress version to 3.9. It’s extremely important that users stay up to date with the most recent version of WordPress (currently 4.2.2) for security and functionality.
  • Made various code improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti-spam filters.

1.8.9.5

released 05/18/15

  • Added Italian Translation (it_IT). Thank you to Bakeneko for doing the Italian translation.
  • Fixed a minor bug in the translation files.
  • Fixed a compatibility issue with the Autoptimize plugin.
  • Updated the anti-spam filters.

1.8.9.4

released 05/08/15

  • Updated the anti-spam filters.

1.8.9.3

released 04/30/15

  • Made various minor code improvements.
  • Updated the anti-spam filters.

1.8.9.2

released 04/23/15

  • Made various minor code improvements.
  • Updated the anti-spam filters.

1.8.9.1

released 04/21/15

  • Added an .htaccess file to the wp-spamshield directory to control browser access to certain files.
  • Added a fix to ensure that certain security plugins could not inadvertently block browser access to the jscripts.php file. This fix will prevent most of the occurrences of the issue discussed in Troubleshooting Guide step 14.
  • Upgraded the .htaccess file in the data directory (that protects the log file) to be compatible with changes in Apache 2.4.
  • Modified the log file creation process so that WordFence (and any other security plugins that compare plugin files against the WordPress repository) will no longer give the following warning: “Modified plugin file: wp-content/plugins/wp-spamshield/data/temp-comments-log.txt” when Blocked Comment Logging Mode is turned on. This file is supposed to change, since it’s the log file.
  • Removed inline CSS from the three registration fields that WP-SpamShield adds, in order to make it easier for users to configure the look and feel of the registration page.
  • Updated the anti-spam filters.

1.8.9

released 04/19/15

  • Made various minor code improvements.
  • Updated the anti-spam filters.

1.8.8

released 04/13/15

  • Fixed a bug in one of the blog comment spam filters. Previously, if WordPress Discussion settings have “Comment author must fill out name and e-mail” unchecked, and a user submitted a comment where the author name and author URL were both blank, it would incorrectly be blocked. (The comments would go through if there was a URL.) This is fixed in this version.
  • Updated the anti-spam filters.

1.8.7

released 04/08/15

  • Updated the anti-spam filters.

1.8.6

released 04/04/15

  • Fixed a minor bug in the new custom widget.
  • Updated the anti-spam filters.

1.8.5

released 04/02/15

  • Updated the anti-spam filters.

1.8.4

released 03/30/15

  • Added new widgets. Converted the spam stat counter graphics to widgets, so they are much easier to add to your site now. No more messing around with code. There are a number of new widget options to check out.
  • Added a new customizable widget that has a number of color and style options, including a custom color chooser.
  • Fixed a few potential issues with UTF-8 and multibyte support.
  • Made a small fix to the contact form thank you message that will help multi-language users.
  • Made the blog comment spam blocking process a little more efficient.
  • Added info to the settings page with info on how much time the plugin has saved you.
  • Made various code improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti-spam filters.

1.8.3

released 03/24/15

  • Added a contact form quicktag so users can just click a button in the editor to add a contact form to pages. No more manually inserting shortcodes.
  • Made various code improvements.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti-spam filters.

1.8.2

released 03/16/15

  • Increased minimum required WordPress version to 3.8 and added a minimum required PHP version of 5.3, as we are no longer supporting PHP 5.2. The PHP team stopped supporting PHP 5.2 back in 2011, and even PHP 5.3 reached its end of life in August 2014. WordPress has a current minimum requirement of 5.2.4, but PHP 5.4 is recommended – see the WordPress requirements. It’s extremely important that users stay up to date with the most recent version of WordPress (currently 4.1.1) and a reasonably up-to-date version of PHP for security, functionality, and website performance. (Not only are the newer versions more secure, but they are faster, so its a double win.) We recommend PHP 5.4 or higher. Also, see PHP Unsupported Branches for more info.
  • Fixed XHTML validation error in the hidden input fields on the forms.
  • Internationalized the formatting of numbers used throughout the plugin so users in different countries will see numbers formatted according to their local customs. This will show in the blocked spam stats on the dashboard, spam counter widgets, and in the blocked comments log.
  • Updated the anti-spam filters.

1.8.1

released 03/11/15

  • Updated the French (fr_FR) translation.
  • Improved some of the filters in the anti-spam algorithm.
  • Updated the anti-spam filters.

1.8

released 03/09/15

  • Made some improvements to the anti-spam algorithm.
  • Made a number of various code and performance improvements.
  • Improved some of the error messages.
  • Fixed a couple bugs introduced in 1.7.9, including a bug in the contact form that incorrectly detected spam servers, and a compatibility issue with the new registration antispam feature and certain multisite configurations. This feature was rolled back while we look into the compatibility issues.
  • Made a few improvements to the blocked comment logging functionality.
  • Updated the anti-spam filters.

Changelog

For a complete list of changes to the plugin, view the Changelog.

Contributors & Developers

This is open source software. The following people have contributed to this plugin.

Contributors

Browse the code