=== Zero Spam for WordPress === Contributors: bmarshall511 Tags: protection, firewall, security, spam, spam blocker Donate link: https://www.zerospam.org/subscribe/ Requires at least: 5.2 Tested up to: 5.9 Requires PHP: 7.3 Stable tag: 5.2.13 License: GNU GPLv3 License URI: https://choosealicense.com/licenses/gpl-3.0/ No captcha needed, behind the scenes protection against spam & malicious attacks using proven techniques & up-to-date blacklists. == Description == Quit forcing people to answer questions or confusing captchas to prove they're not spam. Stop malicious users before they ever have a chance to infiltrate your site — **introducing Zero Spam for WordPress**. [Zero Spam for WordPress](https://www.highfivery.com/projects/zero-spam/?utm_source=wordpress.org&utm_medium=plugin&utm_campaign=wordpress_zero_spam) uses AI in combination with proven spam detection techniques and databases of known malicious IPs from around the world to detect and block unwanted visitors. **Just install, activate, configure, and enjoy a spam-free site!** = Zero Spam for WordPress features = * No captcha, spam isn't a users' problem * No moderation queues, spam isn't a administrators' problem * [Zero Spam](https://www.zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/) & [Project Honeypot](https://www.projecthoneypot.org/) integration * Automatically & manually block IPs temporarily or permanently * Geolocate IP addresses to see where offenders are coming from * Block entire countries, regions, zip/postal codes & cities * Optional disallowed list using [splorp's Comment Blacklist](https://github.com/splorp/wordpress-comment-blacklist) * Block known disposable & malicious email domains using [disposable](https://github.com/disposable) * Multiple detection techniques including [David Walsh's solution](https://davidwalsh.name/wordpress-comment-spam) = Zero Spam for WordPress also protects = * WordPress core comments, user registrations & login attempts * [GiveWP](https://givewp.com/ref/1118/) donation submissions * [Contact Form 7](https://wordpress.org/plugins/contact-form-7/) submissions * [WPForms](https://wordpress.org/plugins/wpforms-lite/) submissions * [Formidable Form Builder](https://wordpress.org/plugins/formidable/) submissions * [Fluent Forms](https://wordpress.org/plugins/fluentform/) submissions * [MemberPress](https://memberpress.com/) registrations * [Mailchimp for WordPress](https://wordpress.org/plugins/mailchimp-for-wp/) submissions * [WooCommerce](https://wordpress.org/plugins/woocommerce/) registrations * and can be easily integrated into any existing theme or plugin Zero Spam for WordPress is great at blocking spam — as a site owner there's more you can do to [stop WordPress spam](https://www.benmarshall.me/stop-wordpress-spam/) in its tracks. = Zero Spam for WordPress needs your support = **Zero Spam for WordPress is free & always will be.** Please consider making a [donation](https://www.benmarshall.me/donate/?utm_source=wordpress.org&utm_medium=plugin&utm_campaign=wordpress_zero_spam) to help encourage plugin's continued development. * Like our [Facebook Page](https://www.facebook.com/zerospamorg/) * Follow us on [Twitter](https://www.facebook.com/zerospamorg) * Rate us on [WordPress](https://wordpress.org/support/plugin/zero-spam/reviews/?filter=5/#new-post) == Installation == 1. Upload the entire wordpress-zero-spam folder to the */wp-content/plugins/* directory. 2. Activate the plugin through the Plugins screen (*Plugins > Installed Plugins*). 3. Visit the plugin setting to configure as needed (*Settings > Zero Spam*). For more information & developer documentation, see the [plugin’s website](https://www.benmarshall.me/wordpress-zero-spam). == Frequently Asked Questions == = Does Zero Spam for WordPress block user IPs? = *Not by itself.* Zero Spam for WordPress does not block IP addresses by itself. Visitors that are getting blocked have either been manually blocked by the site admin or appear in one of the IP blacklist like [Stop Forum Spam](https://www.stopforumspam.com/), [Project Honeypot](https://www.projecthoneypot.org/), or the [Zero Spam IP database](https://www.zerospam.org). If a legitimate user is getting blocked, check the Log (Admin > Dashboard > Zero Spam > Log) to get further details why they were blocked. You can adjust how strict the 3rd-party blacklist checks are or disable those if you find that your users are prone to being flagged as spam/malicious. = Does Zero Spam for WordPress check Jetpack comments? = **No.** Zero Spam for WordPress is unable to integrate Jetpack. For more information, see [https://wordpress.org/support/topic/incompatible-with-jetpack-comments](https://wordpress.org/support/topic/incompatible-with-jetpack-comments). = How do I boost performance of Zero Spam for WordPress? = **Enabled caching.** Caching is highly recommended and will prevent repeated calls to third-party API and access checks on each page visit. You can also adjust the cache and API timeout settings in admin depending on your server and specific needs. = What Zero Spam for WordPress WP-CLI commands are available? = * `wp zerospam autoconfigure` — Auto-configures with recommended settings. * `wp zerospam settings` — Displays all plugin settings. * `wp zerospam set --[SETTING_KEY]=[VALUE]` — Updates a plugin setting. = Are you getting a `ftp_fget` PHP warning? = Some hosts have issues with they way they access files. If you're seeing a `ftp_fget` PHP notice, setting the `FS_METHOD` constant to `direct` in `wp-config.php` above the line `/* That's all, stop editing! Happy Pressing. */` should solve the problem: `define('FS_METHOD', 'direct');` If hosting with Pantheon, see their [known issues page](https://pantheon.io/docs/plugins-known-issues#define-fs_method) for more information and what to do to resolve it with their `$_ENV['PANTHEON_ENVIRONMENT']` variable check. == Screenshots == 1. Zero Spam for WordPress dashboard 2. Zero Spam for WordPress detections log 3. Zero Spam for WordPress blocked IPs 4. Zero Spam for WordPress blacklisted IPs 5. Zero Spam for WordPress settings == Changelog == = v5.2.13 = * feat(woocommerce): added support for woocommerce registrations, resolves #306 * fix(admin): fix for displaying & adding blocked ip addresses, resolves #308 = v5.2.12 = * refactor(wordpress coding standards): misc updates to conform to wordpress coding standards = v5.2.11 * fix(security): fixes the missing orderby parameter sanitization in the admin dashboard * fix(admin settings): fixed whitespace issue in textarea setting fields, resolves #303 * fix(admin log): updated date column to use the local setting date & time format, resolves #305 = v5.2.10 = * fix(security): fixes the missing parameter sanitization in the admin dashboard, resolves #301 = v5.2.9 = * feat(zero spam): you can now define your zero spam license key in wp-config.php using the constant ZEROSPAM_LICENSE_KEY, resolves #298 * fix(admin): fix for setting action buttons not doing anything, resolves #295 * fix(admin): fixes php notice for in_array in class-utilities, resolves #299 = v5.2.8 = * feat(memberpress): resolves #286, added support for the memberpress login page * fix(memberpress): updated memberpress sign-up hook priority to ensure it runs * refactor(admin): now using nonces to process zero spam admin actions = v5.2.7 = * perf(settings): performance improvement to settings being loaded * style(admin): added check for zero spam license key when enabled * style(admin): misc. admin interface improvements = v5.2.6 = * fix(undefined method): fix for undefined types method = v5.2.5 = * feat(givewp): now checks submitted emails against the blocked email domains list * perf(everything): refactoring of code for a boost in performance * docs(readme): misc. readme file updates * fix(admin): fix for error log not clearing = v5.2.4 = * feat(memberpress): resolves #283, now supports memberpress registration forms * feat(mailchimp4wp): resolves #121, now supports mailchimp4wp forms * refactor(misc): misc. updates to comply with wordpress coding standards. * style(admin): misc. admin interface improvements = v5.2.3 = * feat(givewp): now support givewp donation forms * style(notices): minor update to default detection notice = v5.2.2 = * fix(db): resolves #281, fixes db update error for multisite installations * fix(db): fix for unsanitized db log entries * style(admin): new cf7 icon added for blocked log = v5.2.1 = * fix(woocommerce): resolves #280, fixes login integration breaking woocommerce login form = v5.2.0 = * feat(login): now protects user login attempts * feat(project honeypot): resolves #201, project honeypot ip checks now integrated * perf(sharing): blocked ips are no longer shared with zerospam.org * perf(database): doesn't log .ico requests anymore that normally resulted in 2 entries per detection * style(admin): misc admin interface improvements * refactor(misc): cleaning up code & wordpress coding standards updates * refactor(zero spam api): updated version on the zero spam api endpoint = v5.1.7 = * fix(php notice): fix for some hosts firing a php notice when unable to retrieve the list of recommended blocked email domains = v5.1.6 = * feat(fluent forms): resolves #276, fluent forms is now supported * fix(php notice): resolves #277, fix for array_intersect(): Argument #2 must be of type array, bool = v5.1.5 = * feat(dashboard widget): resolves #275, added the ability to control the dashboard widget visibility * feat(settings): button to quickly override and update settings to zero spam's recommended * feat(email domains): resolves #246, ability to block disposable and malicious email domains * perf(sharing): sharing detections optimized * perf(disallowed list): removed the unused cron to sync disallowed words * chore(disallowed list): updated to the lastest splorp's disallowed list * docs(htaccess): added a notice & recommended max number of blocked ips when using .htaccess * fix(ipinfo): fix for uncaught ipinfo exception = v5.1.4 = * fix(htaccess): resolves #274, fix for newer apache versions and option to select the method ips are blocked = v5.1.3 = * perf(blocked ips): moved blocked ips to .htacess for improved performance * refactor(woocommerce): woocommerce registration forms support dropped in place of 3rd-party IP checks * docs(admin): misc updates to admin interface = v5.1.2 = * perf(geolocation): improved performance for geolocation and data sharing * docs(readme): updated readme file * refactor(misc): added some functionality to make debugging easier * fix(ipinfo): resolves #273, loads the ipinfo library only if enabled = v5.1.1 = * feat(geolocation): resolves #270, added support for ipinfo geolocation * feat(cli): resolves #271, added WP CLI support * feat(admin): resolves #237, new admin dashboard widget * refactor(admin): wordpress coding standards fixes * refactor(settings): minor update to settings section title * docs(readme): updated readme file = v5.1.0 = * feat(ipstack): ipstack errors are logged to the zerospam.log file in the uploads directory * feat(cloudflare): resolves #267, checks http_cf_ipcountry against blocked countries * feat(admin): resolves #264, adds ability to export & import settings * perf(davidwalsh): resolves #266, only loads the david walsh script on pages that are needed * fix(caching): resolves #258, added no-cache header to the blocked page output * refactor(stopforumspam): increased the default confidence score for stop forum spam to help prevent false positives * docs(faq): added common question about how to boost performance of the plugin = v5.0.13 = * fix(updates): resolves #262, sanitized & escaped variables * fix(standards): resolved #261, sanitized & escaped variables * fix(cron jobs): resolves #260, removed the remote call to splorp's blacklist on Github = v5.0.12 = * Fixed issue with WPForms AJAX forms not getting validated by Zero Spam for WordPress [#238](https://github.com/bmarshall511/wordpress-zero-spam/issues/238) * David Walsh detection technique applied to WPForms & CF7 * Miscellaneous admin UI improvements * Added ability to disable syncing WP's Disallowed Comment Keys = v5.0.11 = * Improved protection for comments, CF7, Formidbale, registrations, WooCommerce and WPForms submissions. * David Walsh detection technique applied to core WP registration forms. = v5.0.10 = * PHP notice fix = v5.0.9 = * Performance enhancements * Various admin UI improvements * Strengthened comment & registration spam detections = v5.0.8 = * Fix for admin first-time config notice = v5.0.7 = * Added first-time configuration notice & auto-configure recommended settings functionality * Added the ability to regenerate the honeypot ID * Various admin UI improvements * WP Disallowed Comment Keys are automatically updated weekly using https://github.com/splorp/wordpress-comment-blacklist * Strengthened comment spam detections using WP core disallowed list * [David Walsh's spam technique](https://davidwalsh.name/wordpress-comment-spam#utm_source=wordpresszerospam&utm_medium=admin_link&utm_campaign=wordpresszerospam) is back! https://github.com/bmarshall511/wordpress-zero-spam/issues/247 = v5.0.6 = * Various admin UI improvements * Strengthened comment spam detections = v5.0.5 = * Fix autoloader compatibility with Windows paths (https://github.com/bmarshall511/wordpress-zero-spam/pull/236) * Various admin UI improvements = v5.0.4 = * Fix for when checks should be preformed = v5.0.3 = * Added support for Formidable Form Builder * Fixed PHP error related to a blacklist call = v5.0.2 = * Admin UI enhancements * Added support for WooCommerce * Added Cloudflare IP address support (https://github.com/bmarshall511/wordpress-zero-spam/issues/220) * Update to data sharing option * Added ability to block individual locations (country, region, zip & city) * Added support for WPForms = v5.0.1 = * Updated readme file & documentation * Can now be installed via composer * Updated the required PHP version = v5.0.0 = * Initial v5.0.0 release * Huge performance enhancements * More control over settings to fine-tune functionality * Lots of bug fixes & improvements