WordPress Zero Spam


Why should your users prove that they’re humans by filling out captchas? Let bots prove they’re not bots with the WordPress Zero Spam plugin.

WordPress Zero Spam blocks registration spam and spam in comments automatically without any additional config or setup. Just install, activate, and enjoy a spam-free site.

Zero Spam was initially built based on the work by David Walsh.

Major features in WordPress Zero Spam include:

  • No captcha, spam isn’t a users’ problem
  • No moderation queues, spam isn’t a administrators’ problem
  • Blocks 99.9% of spam registrations & comments
  • Supports caching plugins to help provide great performance
  • Blocks spammy IPs from ever seeing your site
  • Extend the plugin with action hooks
  • Theme & plugin integration for any form on your site
  • Optional logging, so you can see who’s trying to spam
  • Advanced settings for complete control

Supported Plugins

  • Contact Form 7
  • Gravity Form
  • Ninja Forms
  • BuddyPress
  • WPForms

Note: This plugin does not work with Jetpack Comments. For more information, see https://wordpress.org/support/topic/incompatible-with-jetpack-comments.

Languages: English

If you have suggestions for a new add-on, feel free to email me at me@benmarshall.me. Want regular updates? Follow me on Twitter or visit my blog.




Plugin Installation

  1. Upload the zero-spam folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress

Theme Integration

You can integrate WordPress Zero Spam with any theme or plugin. Just add the class zerospam to a form element and the following at the beginning of your validation function:

if ( zerospam_is_valid() ) {
  // Valid form submission.
} else {
  // Invalid form submission.
  zerospam_log_spam( 'My Custom Form', 'http://www.myurl.com/custom-form' );

For more information and a full list of helpers you can use if your theme or plugin, see the helpers.php file.


Is JavaScript required for this plugin to work?

Yes, that’s what does the magic and keeps spam bots out.

I keep getting ‘There was a problem processing your comment.’

Be sure JavaScript is enabled and there are no JS errors.

Can I extend the plugin with action hooks?

Yes, see below:

  • zero_spam_found_spam_registration – Runs after a spam registration is detected
  • zero_spam_found_spam_comment – Runs after a spam comment is detected
  • zero_spam_found_spam_cf7_form_submission – Runs after a spam Contact Form 7 form submission is detected
  • zero_spam_found_spam_gf_form_submission – Runs after a spam Gravity Form submission is detected
  • zero_spam_ip_blocked – Runs after a blocked IP attempts to visit the site
  • zero_spam_found_spam_buddypress_registration – Runs when a BuddyPress spam registration is detected
  • zero_spam_found_spam_nf_form_submission – Runs when a spam Ninja Forms submission is detected
  • zero_spam_found_spam_wpf_form_submission – Runs when a spam WPForms submission is detected
Does this plugin support Contact Form 7 forms?

Yes! Thanks to @leewillis77.

Does this plugin support Gravity Forms forms?

Yes! Thanks to @shazahm1.

Does this plugin support BuddyPress?


Does this plugin support NinjaForms?


Does this plugin support WPForms?

Yes! Thanks to @jaredatch.

Does this plugin work with caching plugins like W3 Total Cache?

Yes! Thanks to @shazahm1.

Does this plugin work with multisite?

Yes! Thanks to @afragen. When using with multisite the plugin may be network activated or used individual sub sites.

Can I blacklist spammy IPs to CloudFlare?

Yes! Install Sunny and follow this guide.


Blocks normal comments too

After reading good things about this plugin, I migrated from Akismet. Was happy that I didn’t get any spam comments for few days. But actually it was blocking normal comments too. Reverted back to Akismet.

Works perfect so far!

Story is…after optimizing my WP site to the nth degree especially for security and reducing server load, I found my Contact Form 7 getting useless spam posts just 2 days ago and my existing Honey Pot solution was ineffective in this instance. The posts were a coordinated multi IP and email address attack.

I installed Zero Spam….it immediately started blocking this spam attack and today the attack has ceased. According to the easy to read Zero Spam log charts…the attacker first reduced it’s frequency and then gave up entirely. At least for now. My CPU server shows no sign of resource usage beyond normal. I am impressed, relieved and grateful.

I hope that the development of this plugin somehow stays alive because I would would gladly donate or make a one time payment.

Круто ловит спам!

Поставил на несколько сайтов.
Забыл про “левые” регистрации и камменты. Спасибо!

Seems to be working well

It seems to be working well. Traffic on our website is very low currently so can’t tell the effectiveness. Don’t know how to test spams but the plugin seems fine.

Read all 70 reviews

Contributors & Developers

“WordPress Zero Spam” is open source software. The following people have contributed to this plugin.


Translate “WordPress Zero Spam” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.


v3.0.6 (December 27, 2016)

  • [bug] Gravity Forms submission fix (https://github.com/bmarshall511/wordpress-zero-spam/pull/140).

v3.0.5 (December 23, 2016)

  • [bug] Gravity Forms submission fix.

v3.0.4 (November 24, 2016)

  • [bug] Fixed IP location lookup issue.
  • [improvement] Updated the Grunt development tasks.

v3.0.3 (November 23, 2016)

  • [bug] Fixed issue with settings not getting saved (https://wordpress.org/support/topic/can-unselect-default-options/).
  • [bug] Fixed PHP notice on Spammer Log page.
  • [bug] Removed outdated CloudFlare instructions.
  • [improvement] Made the JS file version dynamic.


  • Fixed fatal error.


  • Added the default options when the plugin is activated.


  • Lots of updates & fixes! Improved code documentation to help promote contributions.


  • Fixed uninstall issue, thanks @thiagolcks (https://github.com/bmarshall511/wordpress-zero-spam/pull/139)


  • Fixed security issue, thanks @thiagolcks (https://github.com/bmarshall511/wordpress-zero-spam/pull/138)


  • Fixed issue with Gravity Forms not working, thanks @karpstrucking & @jaredatch (https://github.com/bmarshall511/wordpress-zero-spam/issues/132)
  • Updated the repo link on the admin page (https://github.com/bmarshall511/wordpress-zero-spam/issues/124)


  • Minor updates


  • Added support for WPForms (https://github.com/bmarshall511/wordpress-zero-spam/issues/129)


  • Added the ‘contactform’ id to fix issue with valid comments not getting through (https://wordpress.org/support/topic/false-positives-6)
  • Updated readme file


  • Updates to the readme file
  • Fixed Contact Form issue forcing users to submit twice (https://github.com/bmarshall511/wordpress-zero-spam/issues/118)


  • Added CloudFlare instructions (https://github.com/bmarshall511/wordpress-zero-spam/pull/107)
  • Added ability to integrate with any theme or plugin (https://github.com/bmarshall511/wordpress-zero-spam/issues/116)
  • Added support for Ninja Forms (https://github.com/bmarshall511/wordpress-zero-spam/issues/114)
  • Complete rewrite of plugin code & structure
  • Added plugin icon


  • Made minor modification on how spam comments are detected. Tested & verified working as expected.
  • Changed how Gravity Forms spam is detected. Needs to be tested & verified.


  • Fixed issue with CF7 validation in the latest version – 4.1 (https://wordpress.org/support/topic/contact-form-7-version-41-no-longer-prevents-spam-using-wp-zero-spam?replies=4)


  • Fixed Gravity Form issues (https://github.com/bmarshall511/wordpress-zero-spam/issues/101)


  • Added IP location service (https://github.com/bmarshall511/wordpress-zero-spam/issues/84)
  • Improved pagination (https://github.com/bmarshall511/wordpress-zero-spam/issues/91)
  • Made date/times match site’s WP time, not servers (https://github.com/bmarshall511/wordpress-zero-spam/issues/89)
  • Removed the banner image to boost performance (https://github.com/bmarshall511/wordpress-zero-spam/issues/86)
  • Enhancements to the admin JS to boost performance
  • Works with Multisite as network activated or per sub site (https://github.com/bmarshall511/wordpress-zero-spam/issues/85)
  • Added BuddyPress support (https://github.com/bmarshall511/wordpress-zero-spam/issues/61)


  • Added missing code documentation and fixed typos (https://github.com/bmarshall511/wordpress-zero-spam/issues/64)
  • Fixed issue with settings not getting initially saved when the plugin is activated. (https://github.com/bmarshall511/wordpress-zero-spam/issues/69)
  • Added ability to auto block spam IPs (https://github.com/bmarshall511/wordpress-zero-spam/issues/71)
  • Added paging to spammer log and blocked IPs (https://github.com/bmarshall511/wordpress-zero-spam/issues/60)
  • Added additional stats and graphs (https://github.com/bmarshall511/wordpress-zero-spam/issues/75)
  • Fixed issue with comment moderators not being able to reply to comments (https://github.com/bmarshall511/wordpress-zero-spam/issues/74)
  • Fix issue with DB errors when first activating plugin (https://github.com/bmarshall511/wordpress-zero-spam/issues/80)


  • Switched to using a nonce to validate form submissions that support WordPress Zero Spam
  • Added Zero Spam plugin settings page for advanced control
  • Fix for for non-logged in users (https://github.com/bmarshall511/wordpress-zero-spam/pull/27, thanks @afragen)
  • Added blank index.php files to prevent directory browsing (https://github.com/bmarshall511/wordpress-zero-spam/pull/24, thanks @TangRufus)
  • Added uninstall.php (https://github.com/bmarshall511/wordpress-zero-spam/pull/23, thanks @TangRufus)
  • Addded support for GitHub Updater plugin (https://github.com/bmarshall511/wordpress-zero-spam/pull/21, thanks @afragen)
  • Added support for Contact Form 7 form submissions (https://github.com/bmarshall511/wordpress-zero-spam/pull/26, thanks @leewillis77)
  • Added ability to log spam detections
  • Fix for warnings cause by default settings not being set before actions run (https://github.com/bmarshall511/wordpress-zero-spam/pull/31, thanks @leewillis77)
  • Installed Compass (http://compass-style.org/)
  • Added support for Gravity Forms
  • Fixed potential issue with sites that use caching plugins
  • Fixed minor typos (thnaks @macbookandrew)


  • Added zero_spam_found_spam_comment and zero_spam_found_spam_registration action hooks (thanks @tangrufus)
  • Minor updates to the readme file

1.3.1 – 1.3.3

  • Minor fixes to WP SVN repo


  • Removed Grunt creation of the trunk directory
  • Added spam detection script to registration form


  • Fixed some typos in the readme.txt file


  • Removed testing for core function testing
  • Fix for adding comments from admin (thanks @afragen)
  • Removed unneeded WP svn trunk and tags folders from the git repo (thanks @afragen)


  • Updated theme documentation.
  • WordPress generator meta tag removed to help hide WordPress sites from spambots.


  • Initial release.