Descripción
Protect against spam, malicious users, attacks like web & port scans, brute force, and others. Zero Spam uses multiple methods to detect & stop threats including an advanced behavior detection engine that integrates with Zero Spam, Stop Forum Spam & Project Honeypot. Integration with popular plugins like WooCommerce, GiveWP, Gravity Forms & more help provides an extra level of protection.
Install, activate, configure, then put your mind at ease!
Worry-free, Powerful Protection
- No captcha, spam isn’t a users’ problem
- No moderation queues, spam isn’t a administrators’ problem
- Behavior detection engine able to dynamically block threats
- Integrates with global IP reputation providers
- Allows admins to block IPs temporarily or permanently
- Geolocation integration to track where threats are coming from
- Block entire countries, regions, zip/postal codes & cities
- Optional disallowed list using splorp’s Comment Blacklist
- Block known disposable & malicious email domains using disposable
- Multiple detection techniques including David Walsh’s solution
But wait, there’s more!
- Protects comments, user registration & login forms
- Protects GiveWP forms & helps prevent testing stolen credit cards
- Protects Gravity Forms, Contact Form 7, WPForms, Formidable Form Builder, Fluent Forms & wpDiscuz forms
- Protects WooCommerce registrations
- Protects Mailchimp for WordPress sign-ups
- and can be integrated into any existing theme or plugin
Expert Support
We have a highly-experienced team of developers to provide incredible support. Ask your questions in the support forum, post a bug or feature request on Github, or contact us directly.
Optional 3rd-party Integrations
Zero Spam allows you to integrate with other services to improve the ability to detect spam and malicious users. These services are optional and not required for Zero Spam to work. Before opting into any of these services, please review their terms of use and/or privacy policies.
- Zero Spam – Sends the visitor’s IP & when available email to check the spam score. Review their Privacy Policy & Terms of Use.
- ipbase.com – Sends the visitor’s IP to gather detailed geolocation information. Review their Privacy Policy & Terms of Use.
- ipinfo.io – Sends the visitor’s IP to gather detailed geolocation information. Review their Privacy Policy & Terms of Use.
- ipstack – Sends the visitor’s IP to gather detailed geolocation information. Review their Privacy Policy & Terms of Use.
- Stop Forum Spam – Sends the visitor’s IP to check if they’ve been reported. Review their Privacy Policy & Terms of Use.
- Project Honeypot – Sends the visitor’s IP to check if they’ve been reported. Review their Privacy Policy & Terms of Use.
- Google Maps – Enables the ability to plot attack locations. Review their Privacy Policy & Terms of Use.
Optionally, you can also help improve Zero Spam by enabling sharing detection information. For more info on what’s shared, see our FAQ
Instalación
- Upload the entire zero-spam folder to the /wp-content/plugins/ directory.
- Activate the plugin through the Plugins screen (Plugins > Installed Plugins).
- Visit the plugin setting to configure as needed (Settings > Zero Spam).
For more information & developer documentation, see the wiki.
Preguntas frecuentes
-
Does Zero Spam for WordPress block user IPs?
-
Not by itself. Zero Spam for WordPress does not block IP addresses by itself. Visitors that are getting blocked have either been manually blocked by the site admin or appear in one of the IP blacklist like Stop Forum Spam, Project Honeypot, or the Zero Spam IP database.
If a legitimate user is getting blocked, check the Log (Admin > Dashboard > Zero Spam > Log) to get further details why they were blocked. You can adjust how strict the 3rd-party blacklist checks are or disable those if you find that your users are prone to being flagged as spam/malicious.
-
Does Zero Spam for WordPress check Jetpack comments?
-
No. Zero Spam for WordPress is unable to integrate Jetpack. For more information, see https://wordpress.org/support/topic/incompatible-with-jetpack-comments.
-
How do I boost performance of Zero Spam for WordPress?
-
Enable caching. Caching is highly recommended and will prevent repeated calls to third-party API and access checks on each page visit.
You can also adjust the cache and API timeout settings in admin depending on your server and specific needs.
-
Does Zero Spam support WP-CLI commands?
-
wp zerospam autoconfigure
— Auto-configures with recommended settings.wp zerospam settings
— Displays all plugin settings.wp zerospam set --[SETTING_KEY]=[VALUE]
— Updates a plugin setting.
-
Are you getting a `ftp_fget` PHP warning?
-
Some hosts have issues with they way they access files. If you’re seeing a
ftp_fget
PHP notice, setting theFS_METHOD
constant todirect
inwp-config.php
above the line/* That's all, stop editing! Happy Pressing. */
should solve the problem:define('FS_METHOD', 'direct');
If hosting with Pantheon, see their known issues page for more information and what to do to resolve it with their
$_ENV['PANTHEON_ENVIRONMENT']
variable check.
Reseñas
Colaboradores y desarrolladores
Este software es de código abierto. Las siguientes personas han contribuido a este plugin.
Colaboradores"Zero Spam for WordPress" ha sido traducido a 1 idioma local. Gracias a los traductores por sus contribuciones.
Traduce "Zero Spam for WordPress" a tu idioma.
¿Interesado en el desarrollo?
Revisa el código, echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.
Registro de cambios
v5.4.4
- refactor(project honeypot): resolves #344, added additional check & debug info for ip type support
- fix(wpforms): resolves #343, fix for jquery dependency
- fix(registration): resolves #342, fix for failed registration output
- fix(php8): resolves #341, fix for php8+ compatibility issue
v5.4.3
- fix(emojis): fix for fatal error when emojis are disabled
v5.4.2
- feat(ipbase): added support for ipbase.com
- feat(security): added additional advanced security protections
v5.4.1
- feat(dashboard): dashboard ui enhancements
- perf(sharing): performance improvements when sharing data
- fix(memberpress): removed memberpress support, they made fundamental changes to their plugin that’s ganna require a rework
- fix(uninstall): fix issue where the plugin couldn’t be deleted
- fix(cli): resolves #33
- chore(charts): updated chart.js to 3.9.1
v5.4.0
- chore(admin): updated the after-activation message
- chore(spam): updated splorp’s wordpress comment blacklist
- feat(givewp): enhanced security using the david walsh method on legacy forms
- feat(admin): major ui enhancements
- feat(gravityforms): adds support for gravity forms
- feat(reports): improved error logs
- feat(wpdiscuz): resolves #327, added support for wpdiscuz
- feat(wpforms): now supports checking blocked email addresses
- feat(email): enhanced email security checks
- fix(double requests): issue with double checks being performed per page visit
- fix(blocks): fix for blocked ips not getting properly blocked
- fix(locations): fix for blocked locations not getting added/updated
- fix(comments): fix for valid comment submissions being flagged
- fix(admin): missing country flag in ip details modal
- fix(woocommerce): fix for login woocommerce registrations fixed
- fix(david walsh): fix for flagged submissions when using the david walsh technique
- perf(misc): misc performance improvements related to 3rd-party api queries
v5.3.9
- fix(admin): fix issue with admin notice not dismissing properly, resolves #319
v5.3.8
- chore(zero spam api): updated the zero spam api to v2
v5.3.7
- chore(readme): documentation updates
v5.3.6
- fix(admin): fix for admin notice not getting dismissed when clicked, resolves #318
v5.3.5
- chore(readme): added 3rd-party service integration documentation to the readme
- chore(admin): revised the admin message that’s displayed with zero spam enhanced protection is enabled, but a valid api key is not provided
v5.3.4
- fix(notice): removed dismiss button on intial install to ensure plugin settings are configured before use
v5.3.3
- feat(zero spam settings): displays dismissible notices for enhanced protection and invalid license keys
- feat(dates): updated the admin tables to display dates based on the site settings, resolves #305
- fix(ukraine): removed the ukraine banner
v5.3.2
- feat(zero spam api): now reports spam and malicious email addresses
v5.3.1
- fix(zero spam api): update to limit number of requests when sharing data
v5.3.0
- fix(woocommerce): fix for spam getting triggered during woo checkout with create account checked, resolves #313
- refactor(zero spam api): performance improvements when sharing detections
v5.2.15
- feat(ukraine): we’ll no longer provide protection for .ru, .su, and .by domains & will display a banner of support for the ukrainian people on those sites – united with ukraine
v5.2.14
- fix(woocommerce): fixes issues with woocommerce login not working, resolves #310
v5.2.13
- feat(woocommerce): added support for woocommerce registrations, resolves #306
- fix(admin): fix for displaying & adding blocked ip addresses, resolves #308
v5.2.12
- refactor(wordpress coding standards): misc updates to conform to wordpress coding standards
= v5.2.11
- fix(security): fixes the missing orderby parameter sanitization in the admin dashboard
- fix(admin settings): fixed whitespace issue in textarea setting fields, resolves #303
- fix(admin log): updated date column to use the local setting date & time format, resolves #305
v5.2.10
- fix(security): fixes the missing parameter sanitization in the admin dashboard, resolves #301
v5.2.9
- feat(zero spam): you can now define your zero spam license key in wp-config.php using the constant ZEROSPAM_LICENSE_KEY, resolves #298
- fix(admin): fix for setting action buttons not doing anything, resolves #295
- fix(admin): fixes php notice for in_array in class-utilities, resolves #299
v5.2.8
- feat(memberpress): resolves #286, added support for the memberpress login page
- fix(memberpress): updated memberpress sign-up hook priority to ensure it runs
- refactor(admin): now using nonces to process zero spam admin actions
v5.2.7
- perf(settings): performance improvement to settings being loaded
- style(admin): added check for zero spam license key when enabled
- style(admin): misc. admin interface improvements
v5.2.6
- fix(undefined method): fix for undefined types method
v5.2.5
- feat(givewp): now checks submitted emails against the blocked email domains list
- perf(everything): refactoring of code for a boost in performance
- docs(readme): misc. readme file updates
- fix(admin): fix for error log not clearing
v5.2.4
- feat(memberpress): resolves #283, now supports memberpress registration forms
- feat(mailchimp4wp): resolves #121, now supports mailchimp4wp forms
- refactor(misc): misc. updates to comply with wordpress coding standards.
- style(admin): misc. admin interface improvements
v5.2.3
- feat(givewp): now support givewp donation forms
- style(notices): minor update to default detection notice
v5.2.2
- fix(db): resolves #281, fixes db update error for multisite installations
- fix(db): fix for unsanitized db log entries
- style(admin): new cf7 icon added for blocked log
v5.2.1
- fix(woocommerce): resolves #280, fixes login integration breaking woocommerce login form
v5.2.0
- feat(login): now protects user login attempts
- feat(project honeypot): resolves #201, project honeypot ip checks now integrated
- perf(sharing): blocked ips are no longer shared with zerospam.org
- perf(database): doesn’t log .ico requests anymore that normally resulted in 2 entries per detection
- style(admin): misc admin interface improvements
- refactor(misc): cleaning up code & wordpress coding standards updates
- refactor(zero spam api): updated version on the zero spam api endpoint
v5.1.7
- fix(php notice): fix for some hosts firing a php notice when unable to retrieve the list of recommended blocked email domains
v5.1.6
- feat(fluent forms): resolves #276, fluent forms is now supported
- fix(php notice): resolves #277, fix for array_intersect(): Argument #2 must be of type array, bool
v5.1.5
- feat(dashboard widget): resolves #275, added the ability to control the dashboard widget visibility
- feat(settings): button to quickly override and update settings to zero spam’s recommended
- feat(email domains): resolves #246, ability to block disposable and malicious email domains
- perf(sharing): sharing detections optimized
- perf(disallowed list): removed the unused cron to sync disallowed words
- chore(disallowed list): updated to the lastest splorp’s disallowed list
- docs(htaccess): added a notice & recommended max number of blocked ips when using .htaccess
- fix(ipinfo): fix for uncaught ipinfo exception
v5.1.4
- fix(htaccess): resolves #274, fix for newer apache versions and option to select the method ips are blocked
v5.1.3
- perf(blocked ips): moved blocked ips to .htacess for improved performance
- refactor(woocommerce): woocommerce registration forms support dropped in place of 3rd-party IP checks
- docs(admin): misc updates to admin interface
v5.1.2
- perf(geolocation): improved performance for geolocation and data sharing
- docs(readme): updated readme file
- refactor(misc): added some functionality to make debugging easier
- fix(ipinfo): resolves #273, loads the ipinfo library only if enabled
v5.1.1
- feat(geolocation): resolves #270, added support for ipinfo geolocation
- feat(cli): resolves #271, added WP CLI support
- feat(admin): resolves #237, new admin dashboard widget
- refactor(admin): wordpress coding standards fixes
- refactor(settings): minor update to settings section title
- docs(readme): updated readme file
v5.1.0
- feat(ipstack): ipstack errors are logged to the zerospam.log file in the uploads directory
- feat(cloudflare): resolves #267, checks http_cf_ipcountry against blocked countries
- feat(admin): resolves #264, adds ability to export & import settings
- perf(davidwalsh): resolves #266, only loads the david walsh script on pages that are needed
- fix(caching): resolves #258, added no-cache header to the blocked page output
- refactor(stopforumspam): increased the default confidence score for stop forum spam to help prevent false positives
- docs(faq): added common question about how to boost performance of the plugin
v5.0.13
- fix(updates): resolves #262, sanitized & escaped variables
- fix(standards): resolved #261, sanitized & escaped variables
- fix(cron jobs): resolves #260, removed the remote call to splorp’s blacklist on Github
v5.0.12
- Fixed issue with WPForms AJAX forms not getting validated by Zero Spam for WordPress #238
- David Walsh detection technique applied to WPForms & CF7
- Miscellaneous admin UI improvements
- Added ability to disable syncing WP’s Disallowed Comment Keys
v5.0.11
- Improved protection for comments, CF7, Formidbale, registrations, WooCommerce and WPForms submissions.
- David Walsh detection technique applied to core WP registration forms.
v5.0.10
- PHP notice fix
v5.0.9
- Performance enhancements
- Various admin UI improvements
- Strengthened comment & registration spam detections
v5.0.8
- Fix for admin first-time config notice
v5.0.7
- Added first-time configuration notice & auto-configure recommended settings functionality
- Added the ability to regenerate the honeypot ID
- Various admin UI improvements
- WP Disallowed Comment Keys are automatically updated weekly using https://github.com/splorp/wordpress-comment-blacklist
- Strengthened comment spam detections using WP core disallowed list
- David Walsh’s spam technique is back! https://github.com/bmarshall511/wordpress-zero-spam/issues/247
v5.0.6
- Various admin UI improvements
- Strengthened comment spam detections
v5.0.5
- Fix autoloader compatibility with Windows paths (https://github.com/bmarshall511/wordpress-zero-spam/pull/236)
- Various admin UI improvements
v5.0.4
- Fix for when checks should be preformed
v5.0.3
- Added support for Formidable Form Builder
- Fixed PHP error related to a blacklist call
v5.0.2
- Admin UI enhancements
- Added support for WooCommerce
- Added Cloudflare IP address support (https://github.com/bmarshall511/wordpress-zero-spam/issues/220)
- Update to data sharing option
- Added ability to block individual locations (country, region, zip & city)
- Added support for WPForms
v5.0.1
- Updated readme file & documentation
- Can now be installed via composer
- Updated the required PHP version
v5.0.0
- Initial v5.0.0 release
- Huge performance enhancements
- More control over settings to fine-tune functionality
- Lots of bug fixes & improvements