Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant
| Developer | MatthiasNordwig |
|---|---|
| Update Time | June 2, 2025, 6:13 p.m. |
| Donation URL: | donation |
| PHP Version: | 5.6 + |
| WordPress Version: | 6.8 |
| Copyright: | GPLv3 |
| Copyright URL: | Copyright Information |
Tag
Download
2.2.2
2.1.3
1.1.1
4.1
3.6.4
2.1.4
4.1.1
3.6.5
1.0.1
1.1.0
3.6.9
3.8
3.8.1
4.0
3.5.7
1.3
1.4.1
1.4.2
2.0.3
2.0.4
2.0.5
2.1.1
2.1.2
2.1.0
2.0.2
2.1.5
2.3.2
2.3.3
3.5.2
2.4
2.4.1
2.5.1
3.0
3.0.1
3.0.2
3.0.3
3.0.5
3.0.7
3.0.8
3.1
3.2
3.3
3.4
3.5
3.5.1
1.2.1
2.2.1
2.5
3.5.4
3.5.5
3.5.6
3.5.8
1.0.0
1.4
2.5.2
3.6
2.0
3.0.4
1.2.0
2.0.1
3.7.2
3.7.3
3.0.6
3.5.3
3.6.3
3.6.6
3.6.7
3.6.8
1.4.3
3.6.10
2.3
3.7
1.0.2
2.2.0
2.3.1
3.6.1
3.6.2
3.7.1
4.1.2
Description:
Protect all your forms and logins against spam and brute-force attacks. The plugin is invisible and compliant to GDPR (RGPD, DSGVO).
It has a lot of options on the one hand and comes with a well balanced default configuration. Thus it starts working very well, as soon as it is activated.
Installation:
- Watch the setup video
- Install & activate the plugin via the WordPress Plugins page
- Check if all forms are correctly recognized by the spam protection system
- Manually add missing actions/patterns for any unrecognized forms using direct analysis mode
- (Optional) Adjust settings to block, flag, or save spam submissions
FAQs:
Submissions are incorrectly treated as spam
- The problem occasionally occurs right after installation due to caching. In such cases, the necessary JavaScript for proof-of-work isn't loaded as intended. To resolve this, clear the cache on your webserver (WordPress caching is typically managed by plugins, which offer an option to clear the cache) and in your browser.
- JavaScript might crash due to incompatibility between this plugin and another one you're using. If you notice this, please report it to me. I usually address such issues within the same day. Additionally, it's crucial to ensure that JavaScript is functioning correctly on all your pages, even without this plugin. In most browsers, you can identify JavaScript errors by pressing F12 on your page and navigating to the console. Here, you can observe what's happening on your page.
Neither messages, nore spam is shown in the inbox
- Activate the Analysis mode 🔍,
- Submit the form and look for the message that has been saved for the new submission in the Analytic Box
- Open the message and enhance the scope of the spam to this type of message
- If the message doesn't appear here, or is already in scope, please give me a note
Problems with Borlabs Script Blocker
When you use the Borlabs Script Blocker to scan for JavaScripts, the scan doesn't work properly, as it doesn't show any JavaScripts. Just deactivate this plugin for the scan and activate it again after the scan.
Can't get my problems fixed
- Important messages could be shown in browser console (F12) on problematic page
- Whenever you post something to the support forum, try to hand over all details
- If the recaptcha doesn't work on any form, give me a notice and I will try to fix that
How to disable this plugin?
- Use standard WordPress plugins page for deactivation and deletion of the plugin
- When deactivating the plugin you will be asked for the reason. If you face any problems I would be glad if you report to it me as detailed as possible. Usually I will fix them quickly. If you give me contcat details, I may inform you as soon as it is fixed.
Changelog:
4.1.2
- CSRF vulnerability fixed
- Improved Pattern recognition
- Solved: Warning for usage of empty keys
- Fail2Ban-Support added
- Problems with Thrive Comments and json-based submissions fixed
- The automatic mode has been removed. From now on, all form types require manual configuration of associated patterns and actions to ensure the spam protection functions correctly.
- During plugin installation, the appropriate actions and patterns for major form builders will be automatically added to the scope—provided the respective form builder is installed.
- Adding new form types to the spam protection, which are not yet included by default, can still be done via the analysis mode or direct analysis mode.
- If important patterns or actions are missing, I appreciate any feedback and suggestions for improvements.
- This update ensures targeted spam protection configuration while still allowing automatic detection of widely used form builders.
- Fixed: Erroneous error handling for file-uploads (i.e. Fancy Product Designer)
- Fixed: Problems with IP-Forwarding and load-balancing led to always false-positives
- SQL-Bug during installation routine fixed
- Optimized symbols in the settings menu
- Fixed: Bug with empty field "Skip fields from saving"
- Highly recommended security feature "Skip fields from saving" on the tab "Saving Messages" on the plugins options page added. This feature is intended to exclude fields (i.e. password fields) from beeing saved with messages. Background: The plugin is identifying password fields on the form and skips them from beeing saved already. But in the case of the event that JavaScript is crashing, the identification process may fail and thus the password will be saved nevertheless. Therefore this option shall be used to define password fields manually that shall be skipped from saving.
- Fixed: Bug with hiding the menu in initial state of the settings menu
- Fixed: Bug with the new feature to stop logging logins
- New feature: The admin area is turned to red as long as the simulation mode is on
- New feature: The messages inbox can be hidden, by setting its position to -1
- New feature: The logging of login-messages can be switched off
- Fixed: Variables that where not initialized caused warnings on higher debug-levels
- Problem with forminator and possibly other form builders too fixed: Bots where able to bypassed the pattern matching and thus the spam check too.
- Fixed: A dedicated spam-check for WordPRess-standard-requests was introduced, in order to treat them differently from other post-requests. It turned out that some spam showed up after the last release. This should not happen anymore
- Fixed: In v.3.5.5 the plugin was changed to apply the spam check always on WordPress standard submissions such as comments. Even in explicit mode. This behaviour is changed now, in a way that even for WordPress standard submission types patterns have to match, before they are checked for spam.
- This means: If you are using WordPress standard submission-types such as comments and posts, from now on you need to add the respective patterns for them, as for any other type of submission, in order to make the spam check work for them.
- Fixed Bug with Inboxes
- Improved performance administration area and inboxes
- Bug with empty pages for inboxes solved
- Loading error for Direct Analysis Mode fixed
- "Direct analysis mode" introduced: This mode allows easier administration of the explicit mode, as froms and submission-types now now can be added directly and life from the forms
- Settings page devided into tabs