=== Tiny Comment Spam Blocker === Contributors: Kasuga16 Donate link: https://www.paypal.me/kasuga16 Tags: comments, spam protection, anti-spam, security, honeypot Requires at least: 6.3 Tested up to: 6.9 Requires PHP: 7.4 Stable tag: 1.4.0 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html A simple and lightweight yet rock-solid plugin that blocks comment spam using multiple automatic detection methods. == Description == Tiny Comment Spam Blocker is a lightweight yet powerful plugin designed to protect your WordPress comments from spam. It employs five different techniques to detect and block unwanted comments: 1. **Nonce Verification** – Ensures that the comment form submission is genuine. 2. **Submission Time Check** – Blocks comments submitted too quickly to prevent bots. 3. **Honeypot Field** – Hidden field that traps automated spam bots. 4. **User Agent Validation** – Detects suspicious User-Agent strings and blocks them. 5. **Forbidden Word Filtering** – Blocks submissions containing words or phrases from a configurable list within the **comment body, email address, or IP address.** 6. **JavaScript-Based Human Interaction Detection** – Sets a verification token when mouse movement, scrolling, or touch interaction is detected. 7. **(Option) Block Non-Japanese Comments** – Blocks comments that do not contain Japanese characters (Hiragana, Katakana, or Han/Kanji), primarily targeting machine-translated or foreign spam. These filters are applied in order: if a comment passes the first check, it proceeds to the second, and so on, until all checks are applied or the comment is blocked. Additional features: * Option to log detected spam in a local log file (up to 1.0 MB). * Optional email notifications when spam is detected. * Easy settings page in the WordPress admin panel. --- == Installation == 1. Upload via WordPress Dashboard: – In your WordPress dashboard, go to 'Plugins' → 'Add New'. – Search for "tiny comment spam blocker" and click 'Install Now'. – Click 'Activate' once the installation is complete. – Go to **Settings → Tiny Spam Blocker** to configure options. 2. Manual Installation via FTP: – Download the plugin's zip file and extract it. – Connect to your server via FTP and navigate to the "wp-content/plugins/" directory. – Upload the extracted "quick-translate-pot-po-mo" folder to this directory. – Go to 'Plugins' in your WordPress dashboard and activate the plugin. – Go to **Settings → Tiny Spam Blocker** to configure options. --- == Settings == The plugin provides the following settings in the WordPress admin panel: * **Enable Spam Protection** – Toggle the spam protection on or off. When disabled, all anti-spam checks are skipped. * **Save Spam Detection Log** – Enable or disable logging of detected spam. Logs are saved in a local file up to 1.0 MB within the WordPress uploads directory. * **Notification Email Address** – Enter an email address to receive notifications when spam is detected. Leave blank to disable email notifications. * **Minimum Submission Time (seconds)** – Set the minimum allowed time between loading the comment form and submitting a comment. Comments submitted faster than this threshold are considered spam. * **Forbidden Words List** – Enter one forbidden word, phrase, or IP address per line. Submissions containing these entries in the comment body, **email address**, or **IP address** will be blocked. **Case is insensitive.** * **Example:** `viagra` `online pharmacy` `spam@email.com` `164.138.205.72` * **Block No Japanese Comments** - If enabled, this becomes the final check: Comments that contain Japanese characters (Hiragana, Katakana, or Kanji) will be automatically accepted after passing other security checks. **Comments without Japanese characters will be blocked.** --- == Frequently Asked Questions == = What is the "Submission Time Check"? This check measures how long a user takes to fill out the comment form. Bots often submit comments in 1-2 seconds. The default setting blocks submissions faster than **5 seconds**, but you can adjust this time threshold in the settings. = How do I enable email notifications? = Enter a valid email address in the **Notification Email Address** field. Leave it blank if you do not want to send an email. = How large can the log file grow? = The log file is capped at 1.0 MB. When it exceeds this limit, it will be overwritten with an initial message. = Where is the log file saved? If logging is enabled, spam attempts are saved to a file named tcsb-log.txt located in a dedicated folder under the WordPress content directory (WP_CONTENT_DIR). The log can be viewed and cleared directly from the plugin's settings page. --- == Screenshots == 1. Plugin settings page. 2. Example of the spam detection log output. --- == Changelog == = 1.4.0 = * Added JavaScript to detect human interaction. = 1.3.2 = * Security fix: Hardened log directory access via .htaccess and index.html. * Security fix: Randomized log filenames to prevent path guessing. = 1.3.1 = * Security fix: Moved spam logs to a non-public directory = 1.3.0 = * Added a new option to block non-Japanese comments. = 1.2.1 = * Fix a minor bug = 1.2.0 = * Added IP address to forbidden word checks. * The detection message has been modified. = 1.1.0 = * Extend forbidden word checks from comments to email addresses as well. * The log has been made more detailed. = 1.0.0 = * Initial release. * Five anti-spam techniques implemented. * Logging and optional email notifications added. --- == Arbitrary Section == This plugin is designed to be lightweight and fast, ensuring minimal impact on site performance while providing robust protection against comment spam.