Description

Protection against spam & malicious users using cutting-edge AI. Features a highly-configurable firewall, real-time monitoring, integrates with popular blacklists & plugins like WooCommerce, GiveWP & more.

Install, activate, configure, then put your mind at ease!

Worry-free, Powerful Protection

No captcha, spam isn’t a users’ problem
No moderation queues, spam isn’t a administrators’ problem
Zero Spam, Stop Forum Spam & Project Honeypot integration
Automatically & manually block IPs temporarily or permanently
Geolocate IP addresses to see where offenders are coming from
Block entire countries, regions, zip/postal codes & cities
Optional disallowed list using splorp’s Comment Blacklist
Block known disposable & malicious email domains using disposable
Multiple detection techniques including David Walsh’s solution

But wait, there’s more!

Protects comments, user registration & login forms
Protects GiveWP forms & helps prevent testing stolen credit cards
Protects Contact Form 7 form submissions
Protects Contact Form 7, WPForms, Formidable Form Builder & Fluent Forms forms
Protects MemberPress & WooCommerce registrations
Protects Mailchimp for WordPress sign-ups
and can be integrated into any existing theme or plugin

Expert Support

We have a highly-experienced team of developers to provide incredible support. Ask your questions in the support forum, post a bug or feature request on Github, or contact us directly.

Optional 3rd-party Integrations

Zero Spam allows you to integrate with other services to improve the ability to detect spam and malicious users. These services are optional and not required for Zero Spam to work. Before opting into any of these services, please review their terms of use and/or privacy policies.

Zero Spam – Sends the visitor’s IP & when available email to check the spam score. Review their Privacy Policy & Terms of Use.
Stop Forum Spam – Sends the visitor’s IP to check if they’ve been reported. Review their Privacy Policy & Terms of Use.
Project Honeypot – Sends the visitor’s IP to check if they’ve been reported. Review their Privacy Policy & Terms of Use.
ipinfo.io – Sends the visitor’s IP to gather detailed geolocation information. Review their Privacy Policy & Terms of Use.
ipstack – Sends the visitor’s IP to gather detailed geolocation information. Review their Privacy Policy & Terms of Use.
Google Maps – Enables the ability to plot attack locations. Review their Privacy Policy & Terms of Use.

Optionally, you can also help improve Zero Spam by enabling sharing detection information. For more info on what’s shared, see our FAQ

Screenshots

Zero Spam for WordPress dashboard
Zero Spam for WordPress detections log
Zero Spam for WordPress blocked IPs
Zero Spam for WordPress blacklisted IPs
Zero Spam for WordPress settings

Installation

Upload the entire zero-spam folder to the /wp-content/plugins/ directory.
Activate the plugin through the Plugins screen (Plugins > Installed Plugins).
Visit the plugin setting to configure as needed (Settings > Zero Spam).

For more information & developer documentation, see the wiki.

FAQ

Does Zero Spam for WordPress block user IPs?

Not by itself. Zero Spam for WordPress does not block IP addresses by itself. Visitors that are getting blocked have either been manually blocked by the site admin or appear in one of the IP blacklist like Stop Forum Spam, Project Honeypot, or the Zero Spam IP database.

If a legitimate user is getting blocked, check the Log (Admin > Dashboard > Zero Spam > Log) to get further details why they were blocked. You can adjust how strict the 3rd-party blacklist checks are or disable those if you find that your users are prone to being flagged as spam/malicious.

Does Zero Spam for WordPress check Jetpack comments?

No. Zero Spam for WordPress is unable to integrate Jetpack. For more information, see https://wordpress.org/support/topic/incompatible-with-jetpack-comments.

How do I boost performance of Zero Spam for WordPress?

Enabled caching. Caching is highly recommended and will prevent repeated calls to third-party API and access checks on each page visit.

You can also adjust the cache and API timeout settings in admin depending on your server and specific needs.

Does Zero Spam support WP-CLI commands?

wp zerospam autoconfigure — Auto-configures with recommended settings.
wp zerospam settings — Displays all plugin settings.
wp zerospam set --[SETTING_KEY]=[VALUE] — Updates a plugin setting.

Are you getting a `ftp_fget` PHP warning?

Some hosts have issues with they way they access files. If you’re seeing a ftp_fget PHP notice, setting the FS_METHOD constant to direct in wp-config.php above the line /* That's all, stop editing! Happy Pressing. */ should solve the problem:

define('FS_METHOD', 'direct');

If hosting with Pantheon, see their known issues page for more information and what to do to resolve it with their $_ENV['PANTHEON_ENVIRONMENT'] variable check.

Reviews

divishop August 9, 2022

Plugin keeps telling me to upgrade even after I dismiss the notice.

krakenupkrafts May 12, 2022

This is a must-install plugin. Didn't take a hit on performance and the obnoxious barrage of spam has STOPPED! So much frustration out of my life since install.

robinleysen May 10, 2022

Since there is a paying version, the free version let through significantly more spam, in my opinion. The spammy banner urging you to pay, has a dismiss link. It does not dismiss the banner, but takes you to the settings page to update to a paid account. The banner consistently returns, nagging you into paid account. Are there alternatives?

malver32 April 27, 2022

I was getting hundreds of spam registration, comments all day long, and fraudulent credit card submissions in WPGive. I installed Zero Spam and it came to a stop! LOVE this plugin!

chris_c April 21, 2022

Firstly, I get it. Plugin developers want to get paid, and where they have a premium add-on it's reasonable to make sure that website owners can be prompted to upgrade. Sadly this plugin has gone down the route of adding an overly threatening sales message that is not dismissible. My website is not at risk if I don't subscribe to your service. You're providing an optional layer of security. If I click "dismiss" I expect the notice to go away, not to be take away from *my* dashboard to your sales page.

RCarlos April 20, 2022

Add their ads to your site. Handles 2 out of 5 points.

Read all 131 reviews

Contributors & Developers

“Zero Spam for WordPress” is open source software. The following people have contributed to this plugin.

Ben Marshall

“Zero Spam for WordPress” has been translated into 1 locale. Thank you to the translators for their contributions.

Translate “Zero Spam for WordPress” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

v5.3.9

fix(admin): fix issue with admin notice not dismissing properly, resolves #319

v5.3.8

chore(zero spam api): updated the zero spam api to v2

v5.3.7

chore(readme): documentation updates

v5.3.6

fix(admin): fix for admin notice not getting dismissed when clicked, resolves #318

v5.3.5

chore(readme): added 3rd-party service integration documentation to the readme
chore(admin): revised the admin message that’s displayed with zero spam enhanced protection is enabled, but a valid api key is not provided

v5.3.4

fix(notice): removed dismiss button on intial install to ensure plugin settings are configured before use

v5.3.3

feat(zero spam settings): displays dismissible notices for enhanced protection and invalid license keys
feat(dates): updated the admin tables to display dates based on the site settings, resolves #305
fix(ukraine): removed the ukraine banner

v5.3.2

feat(zero spam api): now reports spam and malicious email addresses

v5.3.1

fix(zero spam api): update to limit number of requests when sharing data

v5.3.0

fix(woocommerce): fix for spam getting triggered during woo checkout with create account checked, resolves #313
refactor(zero spam api): performance improvements when sharing detections

v5.2.15

feat(ukraine): we’ll no longer provide protection for .ru, .su, and .by domains & will display a banner of support for the ukrainian people on those sites – united with ukraine

v5.2.14

fix(woocommerce): fixes issues with woocommerce login not working, resolves #310

v5.2.13

feat(woocommerce): added support for woocommerce registrations, resolves #306
fix(admin): fix for displaying & adding blocked ip addresses, resolves #308

v5.2.12

refactor(wordpress coding standards): misc updates to conform to wordpress coding standards

= v5.2.11

fix(security): fixes the missing orderby parameter sanitization in the admin dashboard
fix(admin settings): fixed whitespace issue in textarea setting fields, resolves #303
fix(admin log): updated date column to use the local setting date & time format, resolves #305

v5.2.10

fix(security): fixes the missing parameter sanitization in the admin dashboard, resolves #301

v5.2.9

feat(zero spam): you can now define your zero spam license key in wp-config.php using the constant ZEROSPAM_LICENSE_KEY, resolves #298
fix(admin): fix for setting action buttons not doing anything, resolves #295
fix(admin): fixes php notice for in_array in class-utilities, resolves #299

v5.2.8

feat(memberpress): resolves #286, added support for the memberpress login page
fix(memberpress): updated memberpress sign-up hook priority to ensure it runs
refactor(admin): now using nonces to process zero spam admin actions

v5.2.7

perf(settings): performance improvement to settings being loaded
style(admin): added check for zero spam license key when enabled
style(admin): misc. admin interface improvements

v5.2.6

fix(undefined method): fix for undefined types method

v5.2.5

feat(givewp): now checks submitted emails against the blocked email domains list
perf(everything): refactoring of code for a boost in performance
docs(readme): misc. readme file updates
fix(admin): fix for error log not clearing

v5.2.4

feat(memberpress): resolves #283, now supports memberpress registration forms
feat(mailchimp4wp): resolves #121, now supports mailchimp4wp forms
refactor(misc): misc. updates to comply with wordpress coding standards.
style(admin): misc. admin interface improvements

v5.2.3

feat(givewp): now support givewp donation forms
style(notices): minor update to default detection notice

v5.2.2

fix(db): resolves #281, fixes db update error for multisite installations
fix(db): fix for unsanitized db log entries
style(admin): new cf7 icon added for blocked log

v5.2.1

fix(woocommerce): resolves #280, fixes login integration breaking woocommerce login form

v5.2.0

feat(login): now protects user login attempts
feat(project honeypot): resolves #201, project honeypot ip checks now integrated
perf(sharing): blocked ips are no longer shared with zerospam.org
perf(database): doesn’t log .ico requests anymore that normally resulted in 2 entries per detection
style(admin): misc admin interface improvements
refactor(misc): cleaning up code & wordpress coding standards updates
refactor(zero spam api): updated version on the zero spam api endpoint

v5.1.7

fix(php notice): fix for some hosts firing a php notice when unable to retrieve the list of recommended blocked email domains

v5.1.6

feat(fluent forms): resolves #276, fluent forms is now supported
fix(php notice): resolves #277, fix for array_intersect(): Argument #2 must be of type array, bool

v5.1.5

feat(dashboard widget): resolves #275, added the ability to control the dashboard widget visibility
feat(settings): button to quickly override and update settings to zero spam’s recommended
feat(email domains): resolves #246, ability to block disposable and malicious email domains
perf(sharing): sharing detections optimized
perf(disallowed list): removed the unused cron to sync disallowed words
chore(disallowed list): updated to the lastest splorp’s disallowed list
docs(htaccess): added a notice & recommended max number of blocked ips when using .htaccess
fix(ipinfo): fix for uncaught ipinfo exception

v5.1.4

fix(htaccess): resolves #274, fix for newer apache versions and option to select the method ips are blocked

v5.1.3

perf(blocked ips): moved blocked ips to .htacess for improved performance
refactor(woocommerce): woocommerce registration forms support dropped in place of 3rd-party IP checks
docs(admin): misc updates to admin interface

v5.1.2

perf(geolocation): improved performance for geolocation and data sharing
docs(readme): updated readme file
refactor(misc): added some functionality to make debugging easier
fix(ipinfo): resolves #273, loads the ipinfo library only if enabled

v5.1.1

feat(geolocation): resolves #270, added support for ipinfo geolocation
feat(cli): resolves #271, added WP CLI support
feat(admin): resolves #237, new admin dashboard widget
refactor(admin): wordpress coding standards fixes
refactor(settings): minor update to settings section title
docs(readme): updated readme file

v5.1.0

feat(ipstack): ipstack errors are logged to the zerospam.log file in the uploads directory
feat(cloudflare): resolves #267, checks http_cf_ipcountry against blocked countries
feat(admin): resolves #264, adds ability to export & import settings
perf(davidwalsh): resolves #266, only loads the david walsh script on pages that are needed
fix(caching): resolves #258, added no-cache header to the blocked page output
refactor(stopforumspam): increased the default confidence score for stop forum spam to help prevent false positives
docs(faq): added common question about how to boost performance of the plugin

v5.0.13

fix(updates): resolves #262, sanitized & escaped variables
fix(standards): resolved #261, sanitized & escaped variables
fix(cron jobs): resolves #260, removed the remote call to splorp’s blacklist on Github

v5.0.12

Fixed issue with WPForms AJAX forms not getting validated by Zero Spam for WordPress #238
David Walsh detection technique applied to WPForms & CF7
Miscellaneous admin UI improvements
Added ability to disable syncing WP’s Disallowed Comment Keys

v5.0.11

Improved protection for comments, CF7, Formidbale, registrations, WooCommerce and WPForms submissions.
David Walsh detection technique applied to core WP registration forms.

v5.0.10

PHP notice fix

v5.0.9

Performance enhancements
Various admin UI improvements
Strengthened comment & registration spam detections

v5.0.8

Fix for admin first-time config notice

v5.0.7

Added first-time configuration notice & auto-configure recommended settings functionality
Added the ability to regenerate the honeypot ID
Various admin UI improvements
WP Disallowed Comment Keys are automatically updated weekly using https://github.com/splorp/wordpress-comment-blacklist
Strengthened comment spam detections using WP core disallowed list
David Walsh’s spam technique is back! https://github.com/bmarshall511/wordpress-zero-spam/issues/247

v5.0.6

Various admin UI improvements
Strengthened comment spam detections

v5.0.5

Fix autoloader compatibility with Windows paths (https://github.com/bmarshall511/wordpress-zero-spam/pull/236)
Various admin UI improvements

v5.0.4

Fix for when checks should be preformed

v5.0.3

Added support for Formidable Form Builder
Fixed PHP error related to a blacklist call

v5.0.2

Admin UI enhancements
Added support for WooCommerce
Added Cloudflare IP address support (https://github.com/bmarshall511/wordpress-zero-spam/issues/220)
Update to data sharing option
Added ability to block individual locations (country, region, zip & city)
Added support for WPForms

v5.0.1

Updated readme file & documentation
Can now be installed via composer
Updated the required PHP version

v5.0.0

Initial v5.0.0 release
Huge performance enhancements
More control over settings to fine-tune functionality
Lots of bug fixes & improvements