Quit forcing users to answer silly questions, read confusing captchas, or take additional steps just to prove they’re not spam. Stop malicious bots & hackers in their tracks before they ever have a chance to infiltrate your site — introducing WordPress Zero Spam.
WordPress Zero Spam uses AI in combination with proven spam detection techniques and a database of known malicious IPs from around the world to detect and block unwanted visitors.
In addition, it integrates with other popular plugins to provide all around protection. Just install, activate, and enjoy a spam-free site!
WordPress Zero Spam features
- Blocks 99.9% of spam submissions
- No captcha, spam isn’t a users’ problem
- No moderation queues, spam isn’t a administrators’ problem
- Multiple spam detection techniques, including honeypot.
- Site security enhancements, no config required
- Blocks malicious IPs from ever seeing your site
- IP blacklist spam checks (Zero Spam, Stop Forum Spam, BotScout)
- Auto-block IPs when a spam detection is triggered
- Manually block IPs either temporarily or permanently
- Whitelist IPs to avoid getting blocked
- Geolocate IP addresses to see where spammers are coming from
- Detailed logging to catch & block recurring spammers
- Charts & statistics for easy to understand spam analytics
- Advanced settings for complete control over spammers
- Developer-friendly, integrate with any theme, plugin or form
WordPress Zero Spam also protects
WordPress Zero Spam is great at blocking spam — as a site owner there’s more you can do to stop WordPress spam in its tracks.
We’ve integrated multi language support within the framework of our plugin, so you get a translated dashboard out of the box, and developer options to add even more languages. Contribute new languages via translate.wordpress.org.
WordPress Zero Spam is free and open source. It’s the perfect solution to stopping spam and can be extended and integrated further. It was created and developed with the developer in mind, and we have already seen some truly remarkable addons already developed.
To help you get started and learn just how to integrate with WordPress Zero Spam, visit the plugin’s documentation.
Help test & contribute to WordPress Zero Spam
WordPress Zero Spam can only stay up-to-date and bug-free with the help of contributors and testers. You can help test upcoming releases and contribute by forking the project on GitHub.
WordPress Zero Spam needs your support
WordPress Zero Spam is free — completely free & always will be. It’s hard to continue development and provide support without contributions. If you find using WordPress Zero Spam useful, please consider making a donation. Your donation will help encourage and support the plugin’s continued development and user support.
- Upload the entire wordpress-zero-spam folder to the /wp-content/plugins/ directory.
- Activate the plugin through the Plugins screen (Plugins > Installed Plugins).
- Visit the plugin setting to configure as needed (Settings > WP Zero Spam).
For more information & developer documentation, see the plugin’s website.
Does WordPress Zero Spam check Ninja Forms submissions?
Does this mean WPZP won’t do you any good? Absolutely not. WPZS employs other techniques and IP blacklist checks that will help prevent malicious IP and spambots from ever seeing your site. You will still get all of the benefits of this plugin, it just won’t provide the extra check on Ninja Form submissions.
Does WordPress Zero Spam check Gravity Form submissions?
No. As of v4.9.9, WordPress Zero Spam no longer checks Gravity Form submissions. Support was dropped due the numerous addon plugins that can be installed & alter GF submissions. These addons will often conflict with how WPZS validates submissions. In addition, Gravity Forms already has a spam detection option that works similar to how this plugin detects forms. You can enable it by going to the form settings and checking the Enable anti-spam honeypot option. For more information, see Gravity Forms documentation.
Does this mean WPZP won’t do you any good? Absolutely not. WPZS employs other techniques and IP blacklist checks that will help prevent malicious IP and spambots from ever seeing your site. You will still get all of the benefits of this plugin, it just won’t provide the extra check on Gravity Form submissions.
Does WordPress Zero Spam check Jetpack comments?
No. WordPress Zero Spam is unable to integrate Jetpack. For more information, see https://wordpress.org/support/topic/incompatible-with-jetpack-comments.
Spam coments are still getting through, help!
WordPress Zero Spam relies on the default core form id (
#commentform) in order to check comment submissions. Verify your comment forms have this ID or add the class
wpzerospam to enable it on your site.
All registrations are marked as spam, help!
This is most likely due to a plugin or theme overriding the default markup of the registration form. Verify the form has an id of
registerform or add the
wpzerospam class to it.
<form name="registerform" id="registerform" action="https://yourdomain.local/login/?action=register" method="post" novalidate="novalidate">
<form name="registerform" class="wpzerospam" action="https://yourdomain.local/login/?action=register" method="post" novalidate="novalidate">
If you need help, please don’t hesitate to reach out.
How do I integrate this into another plugin or theme?
It’s easy as adding the class
wpzerospam to the
form element, then adding a check in the form processor that the
wpzerospam_key post value matches the option value in the database using the
wpzerospam_key_check() helper function. See the plugin’s documentation for more information on available hooks & functions.
- Added composer. See #150.
- Temporarily disabled sharing spam detection information.
- Update to comply with the GDPR/CCPA. See #216.
- Fix – PHP notice
Warning: array_merge(): Expected parameter 2 to be an array, bool given in /wp-content/plugins/zero-spam/classes/class-wordpress-zero-spam.php on line 532. See https://wordpress.org/support/topic/warning-array_merge-14/#post-13319702.
- Fix – StopForumSpam & BotScout being queried even if the options are disabled. See https://wordpress.org/support/topic/api-timeout/#post-13323551.
- Enhancement – Moved the security functions into the new
- Enhancement – General code clean-up & documentation.
- Enhancement – Various performance improvements & caching added.
- Enhancement – Easier to use class methods for integrating Zero Spam into any plugin or theme.
- Enhancement – New
WordPress_Zero_Spam class added.
- Enhancement – IPs are now checked against known, safe hosts and user agents (i.e. search engine crawlers).
- Enhancement – Added advanced debugging functionality.
- Fix – PHP notices for comment options #209
- Enhancement – Added support for the French & Italian languages. See #207.
- Enhancement – Strengthened spam detection for registrations using a ‘honeypot’ field.
- Enhancement – Strengthened spam detection for Contact Form 7 using a ‘honeypot’ field.
- Fix – Fix for Contact Form 7 protection not firing.
- Optimization – Converted the WPZS JS to be a jQuery plugin to initialize and manage easier.
- Fix – Fix for WPZS failing when the Autoptimize plugin is set to aggregate JS files. See #205.
- Enhancement – Strengthened spam detection for comment submission using a ‘honeypot’ field.
- Enhancement – Added a ‘honeypot’ helper functions (
wpzerospam_get_honeypot()) to allow other forms, plugins, and themes to easily integrate a ‘honeypot’ check into submissions.
- Enhancement – IP lookup links integrated in the admin dashboard and tables.
- Deprecation – Gravity Forms is no longer supported — for the time being. See the plugin FAQs for more information.
- Fix – Fix for a reporting issue during detections.
- Enhancement – Added enhanced site security features (no configuration required)
- Enhancement – Added plugin version to the information shared to Zero Spam (optional).
- Optimization – Misc. code clean-up
- Fix – Gravity Forms not catching spam.
- Enhancement – Added the BotScout Count Minimum field in settings to allow sites to control when a BotScout result should be marked spam/malicious. See BotScout’s documentation for more information.
- Enhancement – Improved performance by only querying the blacklist API once every X number of days (set in the admin settings).
- Fix – Removed double slashes in some required PHP & JS paths.
- Fixed issued with BuddyPress checks not running.
- Added a confidence threshold for Stop Form Spam checks. See #202;
- Added an API timeout field to adjust how long a response is allowed to take.
- Restructred several functions which fixed some interment bugs users were experiencing.
- Added ability to delete all entries from a table.
- This update will delete all exisiting blacklisted IPs to ensure visitors aren’t getting blocked when that shouldn’t be.
- Removed Ninja Form submission support. See FAQs for more details.
- Fix for PHP notice on the log page in the view details modal.
- Fix for double slashes in the JS URLs.
- Fix for BotScout not checking IPs
- Fix for table not found notice on activation
Fix for PHP notice on the modals for spam detections
- Added support for Formidable Forms. See #112.
- Added additional country regions
- UI enhancments to the admin tables
- Added a spam detection world map to the dashboard
- Fix for admin table paging keeping set filters
- Fix for charts not showing up in the dashboard
- Added filter & seach options to admin tables
- Various performance enhancements
- Added ability to whitelist IP addresses
- Update to the WP Zero Spam API
- Various performance enhancements
- Updates to the admin tables
- Improved UI
- Added functionality & option to permanently auto-block after X spam detections
- Added ability to share spam detections with WordPress Zero Spam to strengthen it’s ability to detect spammers
- Added option to strip links from comments
- Added option to strip & disable the comment author website field
- Added integration with the BotScout blacklist API
- Added integration with the Stop Forum Spam known spammy IPs
- Fixed issue with Gravity Forms not being enabled by default
- Fix for Gravity Forms not submitting
- Misc. code clean-up
- Added support for the Fluent Forms plugin
- Updated get_plugin_data calls to use a constant. See #196
- Added additional country regions for geolocation lookup
- Renamed ‘addons’ to ‘integrations’
- Fixed issue with WPForm spam detections
- Fix for plugin deactivation from v3 to v4 upgrade
- Fix for
Notice: Undefined index: verify_ninja_form. See #195
- Fix for
Call to undefined function wpzerospam_tables() error
- Optimized scripts & when they get loaded (only when needed)
- Fixed bug with incrementing spam detections in the blocked IPs log
- Added a check for the
is_plugin_active functions to ensure they’re available before calling it
- Fix for
Uncaught Error: Call to undefined function get_plugin_data(). See #193.
- Fixed issue with adding/updating IP addresses manually
- Fixed PHP notice for missing submission data on the log chart
- Fixed PHP notice for “Undefined index: log_blocked_ips”. See #191
- Updated the admin scripts to only login on the plugin admin pages
- Fixed an issue with default add-on plugin options being disabled on first save. See #192
- Fix for
REFERRER_ANALYTICS unknown constant
- Fix for Gravity Forms PHP notice. See #188
- Add more stats & charts. See #184
- Added the ability to manually add blocked IPs. See #185
- Fixed the ignored start & end date of blocked IPs
- Added the ability to auto-block an IP when spam is detected. See #185
- Added raw data to spammer log table
- Added the ability to uninstall options on Multisite. See #187
- Re-implemented logging & added admin pages to prepare for charts & statistics. See #181
- Fixed JS errors for some 3rd-party plugins. See #178
- Fixed caching conflicts issue relating to using cookies to set & get keys. See #177
- When plugin is uninstalled, plugin-related data is now deleted. See #179
- Added an option in the plugin settings to determine how spam detections are handled. See #180
- Fixed issue with plugin settings not saving. See #176.
- Fixed some PHP notices. See #175.
- Fixed missing JS for new 3rd-party plugin support
- A complete rewrite of the original plugin
WordPress Zero Spam dashboard
WordPress Zero Spam detections log
WordPress Zero Spam blocked IPs
WordPress Zero Spam blacklisted IPs
WordPress Zero Spam settings