redsand

Hi @hazechan916,

WP-SpamShield would not cause high CPU usage like that. What could cause high CPU usage is errors in PHP or something that is misconfigured, which will require some debugging on your site. We put a lot of work into making sure that the plugin is extremely light on resources. We also monitor CPU usage very closely to ensure it would never cause an issue like that.

Please see FAQ which explains this in more detail:
FAQ 15: Q: Will WP-SpamShield slow down my site, and is there anything I can do to optimize my site for it?

Also, please take note of the sticky post at the top of the forum — PLEASE READ BEFORE POSTING — Updated June 2017, and follow the links there to our support documentation and to our official support page. (These links are also in the plugin’s settings page.)

Please note that we don’t provide support here at the forums, but we do provide excellent support through our site, which is better equipped to help our plugin users.

Please direct all support requests to the plugin’s official support URL, the WP-SpamShield Technical Support page.

– Scott

I’ve never reviewed any plugin before, but I have to for this. I’ve made dozens of WordPress sites and only two have gotten hacked. Both of them are the ones I decided to use SpamShield for. This plugin is absolutely useless. Do yourself a favor, learn from my mistakes and use Wordfence instead.

Hi @russell2170,

I’m sorry to hear that you had an issue, and that your sites were hacked. That is definitely not a fun situation. However your site would not have been hacked due to WP-SpamShield. It’s one of the most secure plugins available, and one of the few that has never had a security vulnerability. We would never let one of our plugins compromise a site, as security is one of our highest priorities.

To be honest, the issues you’re reporting don’t seem to be related to WP-SpamShield at all. Perhaps you are confusing this one with a plugin that sounds similar?

If you’re referring to the recent fake plugin going around called “X-WP-SPAM-SHIELD-PRO”, that is a malware plugin that is 100% fake, and is designed by hackers as a backdoor. They made a plugin that sounded similar to WP-SpamShield in order to take advantage of our popularity. Please see this blog post explaining in more detail: Malware Alert: Beware of Fake Plugin X-WP-SPAM-SHIELD-PRO

That malware has nothing to do with us, and was trying to leverage our good reputation. The legit WP-SpamShield plugin, hosted here at WordPress.org, was never compromised, and is 100% secure.

Several major sites covered the issue as well and explain that it had nothing to do with us:

• Fake Plugins, Fake Security | Sucuri: “The plugin name is fake and has nothing to do with well-known WP-SpamShield plugin in the official WordPress plugin repository.”
• Hacker Hides Backdoor Inside Fake WordPress Security Plugin | Bleeping Computer: “The attacker was obviously trying to leverage on the reputation of a legitimate and highly popular WordPress plugin called ‘WP-SpamShield Anti-Spam,’ a popular anti-spam tool for self-hosted WordPress sites.”
• Backdoor Masquerades as Popular WordPress Plugin | Security Week: “Dubbed X-WP-SPAM-SHIELD-PRO, the offending plugin was abusing the popularity of WP-SpamShield Anti-Spam, a tool designed to help WordPress site admins fight a variety of spam.”

I hope you’re not confusing that fake malware plugin with us. I know that some people were getting the fake plugin confused with the real one, but we worked pretty hard to help clarify and prevent confusion.

Usually when users have issues, the way to handle things is to submit a support request before writing a review. Most issues can be fixed quickly. We have a reputation for outstanding support.

Please get in touch with us through our tech support URL, and we’ll be happy to help you.

– Scott