Powerful and user-friendly WordPress anti-spam plugin that prevents spam on blog comments, contact forms, registrations, and everything else.
The All-in-One Anti-Spam Plugin for WordPress – Without CAPTCHAs
Leading edge WordPress spam defense, with NO CAPTCHAs, challenge questions or other inconvenience to site visitors. This plugin works silently in the background, and simply makes WordPress spam disappear.
Supports: Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms & Comments, BuddyPress, bbPress, WooCommerce, s2Member, WP-Members, Mailchimp, Mailpoet, Formidable Forms, all WordPress forms, and all WordPress registration forms. Automatically! 100% GDPR Compliant.
Even before becoming a premium plugin, in just 3.5 years the free version of WP-SpamShield established a rock-solid reputation for providing the best anti-spam protection available, earning its spot as the #2 most popular WordPress anti-spam plugin. It’s also one of the top 20 most downloaded WordPress plugins of all time with over 4 million total downloads, one of the top 100 most popular plugins of all time, and has earned over 1,000 5-star reviews on WordPress.org, with an average rating of 4.8/5.0 stars. Now as a premium plugin, we continue that standard of excellence and remain dedicated to keeping WP-SpamShield at the forefront of WordPress anti-spam protection.
How It Works
Most of the spam hitting your site originates from bots, but quite a bit comes from humans too. This plugin works like a firewall to ensure that your commenters are in fact, human, and that those humans aren’t spamming you.
Two Layers of Spam Blocking
There are two layers of leading edge anti-spam protection that work together to block both automated (spambots) and human spam:
- The Algorithmic Anti-Spam Layer
No More Wasted Time Sifting Through the Comment Spam Queue
This type of solution works invisibly in the background, with no inconveniences. You won’t have to waste valuable time sifting through a spam queue any more, because there won’t be anything there.
WP-SpamShield is different from other anti-spam plugins in that it BLOCKS spam at the front door of your site and doesn’t allow it into the WordPress database at all. Many other anti-spam plugins simply label a comment as spam, leaving you to sort through a spam queue, which wastes your valuable time. WP-SpamShield will give you back your time!
Improves User-Friendliness of Your Website
If you want to improve the user-friendliness of your site, this is THE anti-spam plugin you want. After all, why should your users have to prove they are human? Since your users won’t be inconvenienced by outdated and frustrating anti-spam methods, you will provide a smoother, trouble-free experience for your website users, which leads to improved readership, ad revenue, sales, or other types of conversion, and therefore greater success for your website.
Not allowing spam into the database improves security by potentially preventing SQL injection, DDoS, and XSS exploit attacks through automated spam comment submissions. WP-SpamShield fixes the security issues inherent to Pingbacks, and prevents Pingback-based DDoS attacks. As part of the Miscellaneous Form Spam Protection, the plugin protects against XML-RPC brute force amplification attacks. The plugin also has several other features that improve security, such as blocking certain potentially dangerous URLs in spam comment submissions, and limiting comment size to 15kb. (15kb of text is roughly the equivalent of 3 typed pages in Microsoft Word, single-spaced, so that’s more than enough for even the longest of comments.) See this blog post for more info.
Helps Improve Overall Website Performance
The plugin helps keep your WordPress database slimmer and more efficient (keeping your site running faster in the long term) by not allowing the thousands upon thousands of spam comments into it, which could bloat the database and potentially corrupt it. Keeping your database lean is extremely important, because bloated databases result in much longer query times and increased server load, slowing down a site dramatically even for simple functions. If website performance is important to you, then you definitely want an anti-spam plugin like WP-SpamShield instead of a plugin that uses a spam queue. See this FAQ for more detailed info.
ZERO False Positives
It does all this with ZERO false positives, because of the method used to block spam. Notice we didn’t say a “low false positive rate” – we said ZERO false positives. If a comment/contact form/registration gets blocked as spam, the user is given instant feedback and has a chance to correct their comment/contact form/registration/etc and try again, which means there cannot be false positives. This leads to fewer frustrated website visitors, and less work for you. We are committed to keeping the promise of zero false positives.
100% Pingback/Trackback Validation and Anti-Spam
The trackback validation contains a filter that compares the client IP address of the incoming trackbacks and pingbacks against the IP address of the server where the link is supposedly coming from. If they don’t come from the same server, then it is guaranteed spam, without fail. This alone eliminates more than 99.99% of trackback & pingback spam. Trackback spammers don’t send spam out from the same server where their clients’ websites reside. There are algorithmic anti-spam filters in place to ensure 100% trackback/pingback spam blocking. You can be confident that only legitimate trackbacks and pingbacks will get through.
Includes a Spam-Free Contact Form, and Anti-Spam for Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, and Most Other Forms
Includes drop-in spam-free contact form, with easy one-click installation. Easy to use – no configuration necessary, but you can configure it if you like. (See Installation for info.) WP-SpamShield also includes automatic anti-spam protection for Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, Fast Secure Contact Forms, Formidable Forms, and more. (You don’t have to do a thing…just add your Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, or other forms to your site, and they will automatically be protected.) It will automatically protect most forms on your WordPress site from automated spam, even if they are not listed here.
WordPress Registration Anti-Spam
The plugin also includes powerful protection from user registration spam. Once you install WP-SpamShield, you don’t have to worry about bots or spammy users signing up any more. (Note: This protects almost all registration forms, including the WordPress default registration form, and registration forms for bbPress, BuddyPress, WooCommerce, s2Member, WP-Members, and many more. See this FAQ for more info.
Stops Email Harvesters
The plugin has a feature to thwart email harvesting bots and keep them from scraping your site for email addresses. (Which helps reduce spam in your email inbox.) The plugin automatically obfuscates plain text email addresses and mailto links in your website content by encoding them into HTML entities (hexadecimal and decimal character codes that look like gibberish to harvesters, but render the email addresses perfectly in a browser). It protects email addresses on pages, posts, comments, excerpts, and text widgets.
Why Not Just Use a CAPTCHA-Based Anti-Spam Method?
The concept of using a CAPTCHA as an anti-spam solution in this modern day and age is flawed for several reasons:
- It’s an outdated concept that has far outlived its usefulness, and was originally developed before user-friendliness was a high priority.
- It goes in the exact opposite direction of user-friendly design principles. Think about it. Users of your website have to type in numbers and letters obscured by squiggly lines and symbols, only to be told they are wrong several times, even after typing in the correct answer. This is proven to hurt website business and revenue because of the negative feelings it causes. People simply don’t like CAPTCHAs.
- It is not the user’s responsibility to separate humans from bots, or to stop spam; it’s the web developer’s responsibility. Even if the CAPTCHA is simple, and all the user has to do is click a button, it is still annoying and unnecessary. It’s one extra step that you are putting between your user and their end goal.
- CAPTCHAs can be defeated. In fact, bots have been cracking CAPTCHAs since 2008. The only benefit of a CAPTCHA was that it was considered to be unbeatable by bots. That day is long past.
- Why use a CAPTCHA when there are better solutions that don’t inconvenience your website users?
Optimized and Scalable – Won’t Slow Down Your Site
This plugin has an extremely low overhead and won’t slow down your site, unlike some other anti-spam plugins. Each of the filters in the plugin have been benchmarked, and when processing comments for spam, the fastest filters are put at the front of the stack. Once a comment tests positive for spam, the testing process terminates and will not engage the remaining filters. Additionally, as mentioned above, by keeping spam out of the WordPress database altogether, WP-SpamShield helps keep your database slimmer and more efficient, which in turn helps keep your site running faster. This efficiency helps keep the server load down, and helps improve the overall performance of your site. WP-SpamShield is optimized to work well with all major caching plugins.
Faster than the Cloud
Speaking of scalability, WP-SpamShield can kill spam faster than any cloud-based anti-spam solution. Cloud-based anti-spam plugins are inherently slower at processing spam because they have to connect to an external server to check the spam status, which in turn will increase your site’s server load. With WP-SpamShield, all anti-spam processing happens directly on your website’s server, with lightning speed.
Responsive and Helpful Tech Support
If you have any issues with the plugin, we are here to help. Simply submit a support request at the WP-SpamShield Support Page, and we’ll help you diagnose and fix the issue quickly.
- WP-SpamShield provides automatic anti-spam protection for: Contact Form 7 forms, Gravity Forms, Ninja Forms, JetPack Contact Forms; BuddyPress, bbPress and WooCommerce registration forms; Mailchimp signup forms; almost all other WordPress forms; and almost all registration forms!
- As of version 1.9.2, WP-SpamShield protects JetPack Comments from spam. (Making it one of the few anti-spam plugins that works with JetPack Comments.)
- A counter on your dashboard to keep track of all the spam it’s blocking. The numbers will show how effective this plugin is.
- See what’s been blocked with “Blocked Comment Logging Mode”, a temporary diagnostic mode that logs blocked spam (comments, trackbacks, registrations, and contact form submissions) for 7 days, then turns off automatically. If you want to see what spam has been blocked, or verify that everything is working, turn this on and see what WP-SpamShield is protecting your site from.
- Multiple languages available and more on the way. Currently includes Dutch (nl_NL), French (fr_FR), German (de_DE), Indonesian (id_ID), Italian (it_IT), Serbian (sr_RS), and Swedish (sv_SE) translations. Ready for translation into other languages.
- Easy to install – truly plug and play. Just upload and activate. (Installation Status on the plugin admin page to let you know if plugin is installed correctly.)
- Compatible with, and optimized for all major cache plugins, including WP Super Cache, WP Fastest Cache, and many others. Not all anti-spam plugins can say that.
- Display your blocked spam stats on your site. Customizable widgets for graphic counters to display spam stats, in multiple colors, sizes and options.
- Works in WordPress Multisite as well. (See the related FAQ for details.)
- Enhanced Comment Blacklist option. Instead of just sending comments to moderation as with WordPress’s default Comment Blacklist functionality, with this turned on, anything that matches a string in the blacklist will be completely blocked. Block specific human spammers by IP, email address, or a number of other options. The Enhanced Comment Blacklist has some improvements over the default WordPress blacklist functionality, and adds a link in the comment & contact form notification emails that will let you blacklist a spammer’s IP with one click. It also provides some advanced custom options for blocking spam on everything else that WP-SpamShield protects.
- WP-SpamShield Whitelist option. Allows you to specify certain users who you want to let bypass the antispam filters.
- WP-SpamShield complies with even the strictest European Data Protection and Privacy Laws, and is 100% GDPR compliant. For more info, see this FAQ.
- Dutch (nl_NL)
- French (fr_FR)
- German (de_DE)
- Indonesian (id_ID)
- Italian (it_IT)
- Serbian (sr_RS)
- Swedish (sv_SE)
If you would like to help translate, please get in touch with us.
- WordPress 4.0+ (Recommended: WordPress 4.5 or higher)
- PHP 5.3+ (Recommended: PHP 5.6 or higher) [PHP 7 Compatible: YES – 100%]
- Your server must be configured to allow the use of an .htaccess file. The vast majority of users will have no issue here, because most web hosts allow this by default. However, if yours does not, you will need to contact them and ask them to enable it on your site. If they won’t, then it’s time to get a better web host. WordPress loses a lot of functionality if you don’t have use of .htaccess enabled, so this is important for full functionality of WordPress and other plugins as well.) Note: By definition, a standalone Nginx server would not meet this requirement, but an Apache/Nginx hybrid setup would. (Nginx is setup as a reverse-proxy in front of Apache. This type of setup offers high-performance and is recommended.)
Please see the plugin documentation’s minimum requirements section for more information.
To find web hosts that meet and exceed the requirements, see our list of recommended web hosts.
WordPress Security and Software Piracy Warning
WP-SpamShield is a premium WordPress anti-spam plugin. This software requires a paid license to use, and it can only be legally acquired by purchasing it from CodeCanyon.net, at this URL: https://codecanyon.net/item/wpspamshield/21067720. If you have downloaded it from any other website, then your copy is not legitimate and is not safe to use.
Sometimes people try to get premium WordPress plugins for free (or at extreme discounts), by downloading them from “warez”, “nulled”, or “discounted” plugin sites. These are not legitimate copies, and this is software piracy. Using software from these sites is extremely dangerous for your website’s security, and it is illegal. These warez/nulled/discount websites provide a dangerous hacked version of the plugin that includes malware code and backdoors that will allow hackers to compromise the security of your website. These websites try to claim that what they doing is legal, and that they are only distributing software under the GPL license. This is absolutely false, but unfortunately people fall victim to this scam. One variation of these sites offers extremely discounted “licenses” for the plugin. These are fraudulent “licenses”, and these copies are just as dangerous as the “free” ones. These are just another type of warez/nulled site, but they may seem slightly more legitimate because you have to pay something.
Please keep in mind that using pirated software is theft and it hurts the plugin developers, which makes it more difficult and expensive to provide high-quality software. This ends up hurting everyone. While it may seem like you are getting something for free and that no one is getting hurt, using pirated software has a high cost, for everyone. Just don’t do it.
If you want to get the WP-SpamShield plugin for free, consider joining our Affiliate Program. If you refer even 4 people, you have effectively gotten the plugin for free, and are already making a profit. That is a much better option than using a pirated/hacked copy of the plugin, and it helps everyone. Not only do you get the plugin for free, but you make money as well. No “free” plugin can offer you that. Win-win!
If you find this information on any website other than CodeCanyon.net, then this content has been illegally copied, and you are likely visiting a software piracy website. To get a legal (and safe) copy of the plugin, buy WP-SpamShield from CodeCanyon, or visit WP-SpamShield’s documentation and homepage at Red Sand Media Group’s website.