WordPress Zero Spam

WordPress Zero Spam makes blocking spam & malicious visitors a cinch. Just install, activate and…

Quit forcing users to answer silly questions, read confusing captchas, or take additional steps just to prove they’re not spam. Stop malicious bots & hackers in their tracks before they ever have a chance to infiltrate your site — introducing WordPress Zero Spam.

WordPress Zero Spam uses AI in combination with proven spam detection techniques and a database of known malicious IPs from around the world to detect and block unwanted visitors.

In addition, it integrates with other popular plugins to provide all around protection. Just install, activate, and enjoy a spam-free site!

WordPress Zero Spam features

  • Site security enhancements, no config required
  • No captcha, spam isn’t a users’ problem
  • No moderation queues, spam isn’t a administrators’ problem
  • Blocks 99.9% of spam submissions
  • Blocks malicious IPs from ever seeing your site
  • IP blacklist spam checks (Zero Spam, Stop Forum Spam, BotScout)
  • Auto-block IPs when a spam detection is triggered
  • Manually block IPs either temporarily or permanently
  • Developer-friendly, integrate with any theme, plugin or form
  • Detailed logging to catch & block recurring spammers
  • Geolocate IP addresses to see where spammers are coming from
  • Whitelist IPs to avoid getting blocked
  • Advanced settings for complete control over spammers
  • Charts & statistics for easy to understand spam analytics

WordPress Zero Spam also protects

WordPress Zero Spam is great at blocking spam — as a site owner there’s more you can do to stop WordPress spam in its tracks.

Issues/Feature Requests

Something not working as expected? I wanna hear about it. Have an idea on how to improve the plugin? I’m all ears.

Show Your Support

WordPress Zero Spam is free — completely free & always will be. No premium versions or addons you’ve gotta buy to access additional features. Help support it’s development by donating today.

  1. Upload the entire wordpress-zero-spam folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins screen (Plugins > Installed Plugins).
  3. Visit the plugin setting to configure as needed (Settings > WP Zero Spam).

For more information & developer documentation, see the plugin’s website.

Does WordPress Zero Spam check Ninja Forms submissions?

No. As of v4.10.0, WordPress Zero Spam no longer checks Ninja Form submissions. Support was dropped due its requirement of JavaScript and how it submits forms. JavaScript is one of the techniques WordPress Zero Spam uses to determine if a submission is spam. Ninja Forms employs a similar method and has its own spam detection feature.

Does WordPress Zero Spam check Jetpack comments?

No. WordPress Zero Spam is unable to integrate Jetpack. For more information, see https://wordpress.org/support/topic/incompatible-with-jetpack-comments.

Spam coments are still getting through, help!

WordPress Zero Spam relies on the default core form id (#commentform) in order to check comment submissions. Verify your comment forms have this ID or add the class wpzerospam to enable it on your site.

All registrations are marked as spam, help!

This is most likely due to a plugin or theme overriding the default markup of the registration form. Verify the form has an id of registerform or add the wpzerospam class to it.

Example with registerform id:

<form name="registerform" id="registerform" action="https://yourdomain.local/login/?action=register" method="post" novalidate="novalidate">

Example with wpzerospam class:

<form name="registerform" class="wpzerospam" action="https://yourdomain.local/login/?action=register" method="post" novalidate="novalidate">

If you need help, please don’t hesitate to reach out.

How do I integrate this into another plugin or theme?

It’s easy as adding the class wpzerospam to the form element, then adding a check in the form processor that the wpzerospam_key post value matches the option value in the database using the wpzerospam_key_check() helper function. See the plugin’s documentation for more information on available hooks & functions.

Is JavaScript required to check form submissions?

Yes. One of the many techniques WordPress Zero Spam employs requires JavaScript be enabled to work properly.

Does WordPress Zero Spam use cookies?

Yes. It does not store any kind of personally identifiable information. Only one cookie is stored (wpzerospam_api_blacklist) to log the last time the site queried the blacklist APIs. This is used to boost performance so each page visit doesn’t trigger an API call. The expiration can be set in Admin > WP Zero Spam > Settings


  • Fix – Fix for a reporting issue during detections.


  • Enhancement – Added enhanced site security features (no configuration required)
  • Enhancement – Added plugin version to the information shared to Zero Spam (optional).
  • Optimization – Misc. code clean-up


  • Fix – Gravity Forms not catching spam.


  • Enhancement – Added the BotScout Count Minimum field in settings to allow sites to control when a BotScout result should be marked spam/malicious. See BotScout’s documentation for more information.
  • Enhancement – Improved performance by only querying the blacklist API once every X number of days (set in the admin settings).
  • Fix – Removed double slashes in some required PHP & JS paths.


  • Fixed issued with BuddyPress checks not running.


  • Added a confidence threshold for Stop Form Spam checks. See #202;
  • Added an API timeout field to adjust how long a response is allowed to take.
  • Restructred several functions which fixed some interment bugs users were experiencing.
  • Added ability to delete all entries from a table.
  • This update will delete all exisiting blacklisted IPs to ensure visitors aren’t getting blocked when that shouldn’t be.


  • Removed Ninja Form submission support. See FAQs for more details.
  • Fix for PHP notice on the log page in the view details modal.
  • Fix for double slashes in the JS URLs.
  • Fix for BotScout not checking IPs
  • Fix for table not found notice on activation


Fix for PHP notice on the modals for spam detections


  • Added support for Formidable Forms. See #112.
  • Added additional country regions
  • UI enhancments to the admin tables
  • Added a spam detection world map to the dashboard


  • Fix for admin table paging keeping set filters


  • Fix for charts not showing up in the dashboard


  • Added filter & seach options to admin tables
  • Various performance enhancements
  • Added ability to whitelist IP addresses


  • Update to the WP Zero Spam API


  • Various performance enhancements
  • Updates to the admin tables
  • Improved UI
  • Added functionality & option to permanently auto-block after X spam detections
  • Added ability to share spam detections with WordPress Zero Spam to strengthen it’s ability to detect spammers


  • Added option to strip links from comments
  • Added option to strip & disable the comment author website field
  • Added integration with the BotScout blacklist API


  • Added integration with the Stop Forum Spam known spammy IPs
  • Fixed issue with Gravity Forms not being enabled by default


  • Fix for Gravity Forms not submitting


  • Misc. code clean-up
  • Added support for the Fluent Forms plugin


  • Updated get_plugin_data calls to use a constant. See #196
  • Added additional country regions for geolocation lookup
  • Renamed ‘addons’ to ‘integrations’
  • Fixed issue with WPForm spam detections
  • Fix for plugin deactivation from v3 to v4 upgrade


  • Fix for Notice: Undefined index: verify_ninja_form. See #195


  • Fix for Call to undefined function wpzerospam_tables() error


  • Optimized scripts & when they get loaded (only when needed)
  • Fixed bug with incrementing spam detections in the blocked IPs log


  • Added a check for the is_plugin_active functions to ensure they’re available before calling it


  • Fix for Uncaught Error: Call to undefined function get_plugin_data(). See #193.


  • Fixed issue with adding/updating IP addresses manually
  • Fixed PHP notice for missing submission data on the log chart
  • Fixed PHP notice for “Undefined index: log_blocked_ips”. See #191
  • Updated the admin scripts to only login on the plugin admin pages
  • Fixed an issue with default add-on plugin options being disabled on first save. See #192


  • Fix for REFERRER_ANALYTICS unknown constant


  • Fix for Gravity Forms PHP notice. See #188
  • Add more stats & charts. See #184


  • Fixing plugin version


  • Added the ability to manually add blocked IPs. See #185
  • Fixed the ignored start & end date of blocked IPs
  • Added the ability to auto-block an IP when spam is detected. See #185
  • Added raw data to spammer log table
  • Added the ability to uninstall options on Multisite. See #187


  • Re-implemented logging & added admin pages to prepare for charts & statistics. See #181


  • Fixed JS errors for some 3rd-party plugins. See #178
  • Fixed caching conflicts issue relating to using cookies to set & get keys. See #177
  • When plugin is uninstalled, plugin-related data is now deleted. See #179
  • Added an option in the plugin settings to determine how spam detections are handled. See #180


  • Fixed issue with plugin settings not saving. See #176.
  • Fixed some PHP notices. See #175.


  • Fixed missing JS for new 3rd-party plugin support



  • A complete rewrite of the original plugin
  1. WordPress Zero Spam dashboard

    WordPress Zero Spam dashboard

  2. WordPress Zero Spam detections log

    WordPress Zero Spam detections log

  3. WordPress Zero Spam blocked IPs

    WordPress Zero Spam blocked IPs

  4. WordPress Zero Spam blacklisted IPs

    WordPress Zero Spam blacklisted IPs

  5. WordPress Zero Spam settings

    WordPress Zero Spam settings