The wp-spamshield from wesyah234

=== WP-SpamShield ===
Contributors: RedSand, blackhawkcybersec, rsm-support
Donate link: https://www.redsandmarketing.com/go/donate/wp-spamshield/
Tags: anti-spam, antispam, comments, security, spam
Requires at least: 4.0
Tested up to: 4.8
Requires PHP: 5.3
Stable tag: trunk
License: GPLv2

Powerful and user-friendly WordPress anti-spam defense that prevents spam on blog comments, contact forms, registrations, and everything else.

== Description ==

An exceptionally powerful and user-friendly WordPress anti-spam plugin that *eliminates* comment spam, contact form spam, registration spam, trackback spam, pingback spam, and every other type of WordPress spam.

= The All-in-One Anti-Spam Plugin for WordPress - Without CAPTCHAs =
Leading edge WordPress spam protection, with *NO CAPTCHAs, challenge questions or other inconvenience to site visitors*. This plugin works silently in the background, and *simply makes WordPress spam disappear*.

**Supports: Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms & Comments, BuddyPress, bbPress, WooCommerce, s2Member, WP-Members, Mailchimp, Fast Secure Contact Form, Formidable Forms, *almost all* WordPress forms, and *almost all* WordPress registration forms. *Automatically!***

= NEED HELP? =
**[Plugin Documentation](https://www.redsandmarketing.com/plugins/wp-spamshield/)** | **[Troubleshooting Guide](https://www.redsandmarketing.com/plugins/wp-spamshield/troubleshooting-guide/)** | **[FAQs](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/)** | **[Support Requests](https://www.redsandmarketing.com/plugins/wp-spamshield/support/)**

= How It Works =
Most of the spam hitting your site originates from bots, but quite a bit comes from humans too. This plugin works like a firewall to ensure that your commenters are in fact, human, and that those humans aren't spamming you.

= Two Layers of Spam Blocking =
There are two layers of leading edge anti-spam protection that work together to *block both automated (spambots) and human spam*:

1. The **JavaScript/Cookies Anti-Spam Layer**
2. The **Algorithmic Anti-Spam Layer**

The first anti-spam layer uses a dynamic combination of *JavaScript and cookies* to weed out the humans from spambots, preventing 100% of automated spam from ever getting to your site. Even if bot authors could engineer a way to break through the JavaScript/Cookies Anti-Spam Layer, the *Algorithmic Anti-Spam Layer* would still stop almost all of the spam that the JavaScript Layer blocks, and provides close to a fully redundant backstop. This JavaScript Anti-Spam Layer utilizes multiple randomly generated keys, and is algorithmically enhanced to ensure that spambots won't beat it. The powerful Algorithmic Anti-Spam Layer consists of over 100 advanced filters, and eliminates *trackback spam* and *most human spam as well*. And, it does all that without hindering legitimate comments, trackbacks, contact forms, or registrations.

= No More Wasted Time Sifting Through the Comment Spam Queue =
This type of solution works invisibly in the background, with no inconveniences. You won't have to waste valuable time sifting through a spam queue any more, because there won't be anything there.

WP-SpamShield is different from other anti-spam plugins in that it *BLOCKS* spam at the front door of your site and doesn't allow it into the WordPress database at all. Many other anti-spam plugins simply label a comment as spam, leaving you to sort through a spam queue, which wastes your valuable time. **WP-SpamShield will give you back your time!**

= Improves User-Friendliness of Your Website =
If you want to improve the user-friendliness of your site, this is *THE* anti-spam plugin you want. After all, why should your users have to prove they are human? Since your users won't be inconvenienced by outdated and frustrating anti-spam methods, you will provide a smoother, trouble-free experience for your website users, which leads to improved readership, ad revenue, sales, or other types of conversion, and therefore greater success for your website.

= Improves Security =
Not allowing spam into the database improves security by potentially preventing SQL injection, DDoS, and XSS exploit attacks through automated spam comment submissions. WP-SpamShield fixes the security issues inherent to Pingbacks, and prevents Pingback-based DDoS attacks. As part of the Miscellaneous Form Spam Protection, the plugin protects against XML-RPC brute force amplification attacks. The plugin also has several other features that improve security, such as blocking certain potentially dangerous URLs in spam comment submissions, and limiting comment size to 15kb. (15kb of text is roughly the equivalent of 3 typed pages in Microsoft Word, single-spaced, so that's more than enough for even the longest of comments.) See [this blog post](https://www.redsandmarketing.com/blog/wp-spamshield-protected-users-from-wordpress-0-day-xss-exploit/) for more info.

= Helps Improve Overall Website Performance =
The plugin helps keep your WordPress database slimmer and more efficient (keeping your site running faster in the long term) by not allowing the thousands upon thousands of spam comments into it, which could bloat the database and potentially corrupt it. Keeping your database lean is extremely important, because bloated databases result in much longer query times and increased server load, slowing down a site dramatically even for simple functions. If website performance is important to you, then you definitely want an anti-spam plugin like WP-SpamShield instead of a plugin that uses a spam queue. See [this FAQ](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=15#faqs_15) for more detailed info.

= ZERO False Positives =
It does all this with *ZERO false positives*, because of *the method used to block spam*. Notice we didn't say a "low false positive rate" - we said *ZERO false positives*. If a comment/contact form/registration gets blocked as spam, the user is given instant feedback and has a chance to correct their comment/contact form/registration/etc and try again, which means there cannot be false positives. This leads to fewer frustrated website visitors, and less work for you. We are committed to keeping the promise of zero false positives.

= 100% Pingback/Trackback Validation and Anti-Spam =
The trackback validation contains a filter that compares the client IP address of the incoming trackbacks and pingbacks against the IP address of the server where the link is supposedly coming from. If they don't come from the same server, then it is guaranteed spam, without fail. This alone eliminates more than 99.99% of trackback & pingback spam. Trackback spammers don't send spam out from the same server where their clients' websites reside. There are algorithmic anti-spam filters in place to ensure 100% trackback/pingback spam blocking. You can be confident that only legitimate trackbacks and pingbacks will get through.

= Includes a Spam-Free Contact Form, and Anti-Spam for Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, and Most Other Forms =
Includes drop-in spam-free contact form, with easy one-click installation. Easy to use - no configuration necessary, but you can configure it if you like. (See [Installation](https://wordpress.org/plugins/wp-spamshield/installation/) for info.) WP-SpamShield also includes automatic anti-spam protection for Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, Fast Secure Contact Forms, Formidable Forms, and more. (You don't have to do a thing...just add your Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, or other forms to your site, and they will automatically be protected.) It will automatically protect *most forms* on your WordPress site from automated spam, even if they are not listed here.

= WordPress Registration Anti-Spam =
The plugin also includes powerful protection from user registration spam. Once you install WP-SpamShield, you don't have to worry about bots or spammy users signing up any more. (Note: This protects *almost all* registration forms, including the WordPress default registration form, and registration forms for bbPress, BuddyPress, WooCommerce, s2Member, WP-Members, and many more. See [this FAQ](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=13#faqs_13) for more info.

= Stops Email Harvesters =
The plugin has a feature to thwart email harvesting bots and keep them from scraping your site for email addresses. (Which helps reduce spam in your email inbox.) The plugin automatically obfuscates plain text email addresses and `mailto` links in your website content by encoding them into HTML entities (hexadecimal and decimal character codes that look like gibberish to harvesters, but render the email addresses perfectly in a browser). It protects email addresses on pages, posts, comments, excerpts, and text widgets.

= Why Not Just Use a CAPTCHA-Based Anti-Spam Method? =
The concept of using a CAPTCHA as an anti-spam solution in this modern day and age is flawed for several reasons:

1. It's an *outdated concept* that has far outlived its usefulness, and was originally developed before user-friendliness was a high priority.
2. It goes in the *exact opposite direction of user-friendly design principles*. Think about it. Users of your website have to type in numbers and letters obscured by squiggly lines and symbols, only to be told they are wrong several times, even after typing in the correct answer. This is proven to hurt website business and revenue because of the negative feelings it causes. *People simply don't like CAPTCHAs.*
3. It is not the user's responsibility to separate humans from bots, or to stop spam; it's *the web developer's responsibility*. Even if the CAPTCHA is simple, and all the user has to do is click a button, it is still annoying and unnecessary. It's one extra step that you are putting between your user and their end goal.
4. CAPTCHAs can be defeated. In fact, bots have been cracking CAPTCHAs since 2008. The only benefit of a CAPTCHA *was* that it was considered to be unbeatable by bots. That day is long past.
5. Why use a CAPTCHA when *there are better solutions* that don't inconvenience your website users?

= Optimized and Scalable - Won't Slow Down Your Site =
This plugin has an extremely low overhead and won't slow down your site, unlike some other anti-spam plugins. Each of the filters in the plugin have been benchmarked, and when processing comments for spam, the fastest filters are put at the front of the stack. Once a comment tests positive for spam, the testing process terminates and will not engage the remaining filters. Additionally, as mentioned above, by keeping spam out of the WordPress database altogether, WP-SpamShield helps keep your database slimmer and more efficient, which in turn helps keep your site running faster. This efficiency helps keep the server load down, and helps improve the overall performance of your site. WP-SpamShield is optimized to work well with *all* major caching plugins.

= Faster than the Cloud =
Speaking of scalability, WP-SpamShield can kill spam faster than any cloud-based anti-spam solution. Cloud-based anti-spam plugins are inherently slower at processing spam because they have to connect to an external server to check the spam status, which in turn *will increase your site's server load*. With WP-SpamShield, all anti-spam processing happens directly on your website's server, with lightning speed.

= Free for Commercial and Personal Websites =
No cost, no hidden fees. This powerful anti-spam plugin is **free** for **both Commercial and Personal** use. If you find that WP-SpamShield benefits you, and you're so inclined, then feel free to [make a donation](https://www.redsandmarketing.com/go/donate/wp-spamshield/).

= Responsive and Helpful Tech Support =
If you have any issues with the plugin, we are here to help. Simply submit a support request at the [WP-SpamShield Support Page](https://www.redsandmarketing.com/plugins/wp-spamshield/support/), and we'll help you diagnose and fix the issue quickly. Don't take our word for it though - look through our plugin ratings/reviews and notice the high percentage of resolved support threads and satisfied users.

= Additional Features =
1. WP-SpamShield provides *automatic anti-spam protection* for: Contact Form 7 forms, Gravity Forms, Ninja Forms, JetPack Contact Forms; BuddyPress, bbPress and WooCommerce registration forms; Mailchimp signup forms; *almost all* other WordPress forms; and *almost all* registration forms!
2. As of version 1.9.2, WP-SpamShield protects JetPack Comments from spam. (Making it one of the few anti-spam plugins that works with JetPack Comments.)
3. A counter on your dashboard to keep track of all the spam it's blocking. The numbers will show how effective this plugin is.
4. See what's been blocked with "Blocked Comment Logging Mode", a temporary diagnostic mode that logs blocked spam (comments, trackbacks, registrations, and contact form submissions) for 7 days, then turns off automatically. If you want to see what spam has been blocked, or verify that everything is working, turn this on and see what WP-SpamShield is protecting your site from.
5. Multiple languages available and more on the way. Currently includes Dutch (nl_NL), French (fr_FR), German (de_DE), Indonesian (id_ID), Italian (it_IT), Serbian (sr_RS), and Swedish (sv_SE) translations. Ready for translation into other languages. Want to help translate? Join [the project!](https://translate.wordpress.org/projects/wp-plugins/wp-spamshield)
6. Easy to install - truly plug and play. Just upload and activate. (*Installation Status* on the plugin admin page to let you know if plugin is installed correctly.)
7. Compatible with, and optimized for *all* major cache plugins, including WP Super Cache and many others. Not all anti-spam plugins can say that.
8. Display your blocked spam stats on your site. Customizable widgets for graphic counters to display spam stats, in multiple colors, sizes and options.
9. Works in WordPress Multisite as well. (See the related [FAQ](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=3#faqs_3) for details.)
10. Enhanced Comment Blacklist option. Instead of just sending comments to moderation as with WordPress's default Comment Blacklist functionality, with this turned on, anything that matches a string in the blacklist will be **completely blocked**. Block specific human spammers by IP, email address, or a number of other options. The Enhanced Comment Blacklist has some improvements over the default WordPress blacklist functionality, and adds a link in the comment & contact form notification emails that will let you blacklist a spammer's IP with one click. It also provides some advanced custom options for blocking spam on everything else that WP-SpamShield protects.
11. WP-SpamShield Whitelist option. Allows you to specify certain users who you want to let bypass the antispam filters.
12. This plugin is legal to use in Germany and the EU, and does not violate European privacy laws. It does not use any type of cloud-based service, spam data is not transmitted from your server to any other server, and all anti-spam processing happens directly on your website's server.

= Languages Available =

* English
* Dutch (nl_NL)
* French (fr_FR)
* German (de_DE)
* Indonesian (id_ID)
* Italian (it_IT)
* Serbian (sr_RS)
* Swedish (sv_SE)

If you would like to help translate, please [get in touch with us](https://www.redsandmarketing.com/contact/).

= Minimum Requirements =

* **WordPress 4.0+** (Recommended: WordPress 4.5 or higher)
* **PHP 5.3+** (Recommended: PHP 5.6 or higher) [PHP 7 Compatible: YES - 100%]
* **Your server must be configured to allow the use of an `.htaccess` file.** (This is enabled by default on the vast majority of servers.)

Please see the plugin documentation's [minimum requirements section](https://www.redsandmarketing.com/plugins/wp-spamshield/?wpss=requirements#wpss_requirements) for more information.

To find web hosts that meet and exceed the requirements, [see our list of recommended web hosts](https://www.redsandmarketing.com/recommended-web-hosts/).

> #### **WordPress Without Spam**
> How does it feel to run a WordPress site without being bombarded by blog comment spam, trackback spam, contact form spam, and registration spam? If you're happy with the WP-SpamShield WordPress anti-spam plugin, let others know by [reviewing the plugin!](https://wordpress.org/support/plugin/wp-spamshield/reviews/#new-post)

== Installation ==

= Installation Instructions =

**Option 1:** Install the plugin directly through the WordPress Admin Dashboard (Recommended)

1. Go to *Plugins* -> *Add New*.

2. Type *WP-SpamShield* into the Search box, and click *Search Plugins*.

3. When the results are displayed, click *Install Now*.

4. When it says the plugin has successfully installed, click **Activate Plugin** to activate the plugin (or you can do this on the Plugins page).

**Option 2:** Install .zip file through WordPress Admin Dashboard

1. Go to *Plugins* -> *Add New* -> *Upload*.

2. Click *Choose File* and find `wp-spamshield.zip` on your computer's hard drive.

3. Click *Install Now*.

4. Click **Activate Plugin** to activate the plugin (or you can do this on the Plugins page).

**Option 3:** Install .zip file through an FTP Client (Recommended for Advanced Users Only)

1. After downloading, unzip file and use an FTP client to upload the enclosed `wp-spamshield` directory to your WordPress plugins directory (usually `/wp-content/plugins/`) on your web server.

2. Go to your Plugins page in the WordPress Admin Dashboard, and find this plugin in the list.

3. Click **Activate** to activate the plugin.

= Next Steps After Installation =

1. Check to make sure the plugin is installed properly. Many support requests for this plugin originate from improper installation and can be easily prevented. To check proper installation status, go to the WP-SpamShield page in your Admin. It's a sub-menu link under the *Settings*. Go the the 'Installation Status' area near the top and it will tell you if the plugin is installed correctly. If it tells you that the plugin is not installed correctly, please double-check what directory you have installed WP-SpamShield in, delete any WP-SpamShield files you have uploaded to your server, re-read the Installation Instructions, and start the Installation process over. If it is installed correctly, then move on to the next step.

2. Select the desired plugin configuration options. Take a look at the WP-SpamShield Settings page in your WordPress site, and familiarize yourself with the different settings available. Many times when users have an issue, they simply haven't checked the settings to see if they can enable or disable a certain feature.

3. If you are using front-end anti-spam plugins (CAPTCHAs, challenge questions, etc), be sure they are *disabled* since there's no longer a need for them, and these could likely conflict. (Back-end antispam plugins like Akismet are fine, although unnecessary.)

4. Install a contact form if you like. (See "Adding a Contact Form to Your Blog" below)

5. If you'd like to test if everything is working, please see the beginning section of the [Troubleshooting Guide](https://www.redsandmarketing.com/plugins/wp-spamshield/troubleshooting-guide/) for more info.

6. If you are using an e-commerce plugin on your site, run a test transaction to make sure everything runs smoothly. If you have any issue with a payment gateway getting blocked, simply go to your WP-SpamShield settings and use the option "Disable anti-spam for miscellaneous forms", and it will take care of the issue. (We have made every effort to whitelist all of these on major plugins, but in some rare occasions a problem will arise.) If you do have any issues, please [submit a support request](https://www.redsandmarketing.com/plugins/wp-spamshield/support/) and we will be happy to help.

**You're done! Sit back and see what it feels like to live without blog comment spam, trackback spam, contact form spam, and registration spam!**

**NOTE: If you're using a caching plugin, you should clear the plugin's cache after you install WP-SpamShield. It's a good practice to clear the cache after adding/removing/updating plugins as well. WP-SpamShield will automatically clear the cache for a number of popular cache plugins.**

= Displaying Stats on Your Blog =
Want to show off your blocked spam stats on your site and tell others about WP-SpamShield? **It's easy, just add a widget and drag and drop it where you like, in several color and size options.** You have a choice of the regular size counters in 5 colors, the small counter in 5 colors, or the *End Blog Spam* graphic. ( `</BLOGSPAM>` )

There is also a customizable widget that has a number of color and style options, including a custom color chooser.

Now you can show spam stats on your blog without knowing any code.

Go to your **WordPress Admin** -> **Appearance** -> **Widgets**. Choose one of the following WP-SpamShield Widgets and choose your options:

* **WP-SpamShield Counter - Custom**: Show how much spam is being blocked by WP-SpamShield. This is a very customizable widget with options for color and style, including a custom color chooser.
* **WP-SpamShield Counter - Graphic**: Show how much spam is being blocked by WP-SpamShield. This widget provides a spam counter graphic that lets you choose what color and size you prefer.
* **End Blog Spam**: Let others know how they can help end blog spam. ( `</BLOGSPAM>` )

There are a few visual examples of the widgets on the [Screenshots page](https://wordpress.org/plugins/wp-spamshield/screenshots/).

You can also add shortcodes to your pages and posts, and PHP code to your theme. For more info see the plugin documentation section on [Displaying Spam Stats on Your Blog](https://www.redsandmarketing.com/plugins/wp-spamshield/displaying-stats/).

= Adding a Contact Form to Your Blog =
First create a distinct *page* (not *post*) where you want to have your contact form. Then, go into the editor and click the tab for the "Text" editor (not "Visual" editor). Then click the button that says **"WPSS Contact Form"**. It's that easy. You can also manually insert the following shortcode if you prefer: `[spamshieldcontact]`

The page you place the contact form on should have its own URL, and not be used on the homepage of your site. It also cannot be implemented as part of a widget or theme element, such as a footer, sidebar, etc.

There is no need to configure the form. It allows you to simply drop it into the page you want to install it on. However, there are a few basic configuration options. You can choose whether or not to include Phone and Website fields, whether they should be required, add a drop down menu with up to 10 options, set the width and height of the Message box, set the minimum message length, set the form recipient, enter a custom message to be displayed upon successful contact form submission, and choose whether or not to include user technical data in the email.

**As of version 1.8.9.9 WP-SpamShield also includes *automatic anti-spam protection* for Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, Fast Secure Contact Forms, Formidable Forms, Mailchimp, and most others. (You don't have to do anything...just add your Contact Form 7, Gravity Forms, Ninja Forms, JetPack Contact Forms, Mailchimp signup, and other forms to your site, and they will *automatically* be protected from spam.) It will now *automatically* protect most forms on your WordPress site from spam, even if they are not specifically listed here.**

Please visit the plugin documentation for more info on [contact form installation and use](https://www.redsandmarketing.com/plugins/wp-spamshield/installing-contact-form/).

= Configuration Information =

Please visit the plugin documentation for detailed [configuration information](https://www.redsandmarketing.com/plugins/wp-spamshield/configuration-information/).

== Frequently Asked Questions ==

We've put together a list of [Frequently Asked Questions (FAQs)](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/) that will answer many of the questions out there. If you have an issue, please read these first.

Also, see the [Troubleshooting Guide](https://www.redsandmarketing.com/plugins/wp-spamshield/troubleshooting-guide/) as it solves over 90% of support issues.

If you have any further questions, please submit them on the main [WP-SpamShield Support Page](https://www.redsandmarketing.com/plugins/wp-spamshield/support/) (our main support channel) and we will be happy to help you out.

= FAQ 1 - Q: Where did all the spam go, and can I check it? =

**A:** In the admin options page for the plugin, under "General Options", turn on "Blocked Comment Logging Mode" (aka "Blocked Spam Logging Mode"), a temporary diagnostic mode that logs blocked comments and contact form submissions for 7 days, then turns off automatically... *[Continue reading FAQ 1 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=1#faqs_1)*

= FAQ 2 - Q: How is it possible to have no false positives? =

**A:** WP-SpamShield doesn't have false positives because it uses a different method that can't have false positives. Other spam plugins label a comment as spam, and aren't always accurate... *[Continue reading FAQ 2 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=2#faqs_2)*

= FAQ 3 - Q: Does WP-SpamShield work on WordPress Multisite? =

**A:** Yes it does. It's one of the few free spam blockers out there for WordPress Multisite. However, there are some limitations... *[Continue reading FAQ 3 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=3#faqs_3)*

= FAQ 4 - Q: The contact form emails, new user notification emails, or comment notification emails never seem to reach my inbox. What might be causing this? =

**A:** It's most likely the problem is not with the plugin. You may need to check your spam filters, as well as who is set to be the contact form email recipient. Be sure to check your spam folder in your email. On some email systems... *[Continue reading FAQ 4 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=4#faqs_4)*

= FAQ 5 - Q: I have "Blocked Comment Logging Mode" (aka "Blocked Spam Logging Mode") turned on and the spam counter is going up, but I'm getting a blank log file. How can I fix this? =

**A:** If you're getting a blank log file, the file may be cached by your browser. Clear your browser's cache (or "temporary files"), clear your server cache, and then try to view the log file again. (You may need to manually reload the page.) If you are using CloudFlare... *[Continue reading FAQ 5 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=5#faqs_5)*

= FAQ 6 - Q: Why should I use WP-SpamShield instead of CAPTCHA-based anti-spam solutions? =

**A:** For several reasons, but here are two specific ones. Before creating this plugin, we did a lot of market research to see how people felt about current blog spam solutions being used. Statistics show conclusively that people hate CAPTCHA's. They end up frustrating... *[Continue reading FAQ 6 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=6#faqs_6)*

= FAQ 7 - Q: Will WP-SpamShield Be Available in My Language? =

**A:** Since the popularity of this plugin has spread across the world, there are now a lot of users whose native language isn't English. We have started the process of making WP-SpamShield accessible to users in every language. Currently several languages are... *[Continue reading FAQ 7 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=7#faqs_7)*

= FAQ 8 - Q: Does WP-SpamShield Work on a Microsoft Windows IIS Server? =

**A:** Yes, but with IIS, it is absolutely essential that it is configured correctly for WordPress, otherwise there may be issues, as PHP and Apache do not run natively on IIS. Some key PHP features and functions are often disabled by... *[Continue reading FAQ 8 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=8#faqs_8)*

= FAQ 9 - Q: I think a legitimate user, comment, contact form, registration, or other submission may have been blocked. What's going on here and what do I do? =

**A:** There are a few things that may have happened... *[Continue reading FAQ 9 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=9#faqs_9)*

= FAQ 10 - Q: How do I upgrade from WP-SpamFree to WP-SpamShield? =

**A:** WP-SpamShield is a newer, far more advanced, speedier, more efficient, more secure, and more powerful fork of WP-SpamFree... *[Continue reading FAQ 10 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=10#faqs_10)*

= FAQ 11 - Q: Exactly what blocked spam is included in the counter on my WordPress dashboard? =

**A:** WP-SpamShield blocks multiple types of spam, and all of these are counted in the dashboard counter... *[Continue reading FAQ 11 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=11#faqs_11)*

= FAQ 12 - Q: The registration anti-spam protection feature adds 3 extra fields to WordPress registration forms. Is there a way to remove these? =

**A:** The only way to remove these three fields is to disable registration anti-spam protection. If you really need to do this, in your WP-SpamShield settings, use the option... *[Continue reading FAQ 12 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=12#faqs_12)*

= FAQ 13 - Q: What does the registration anti-spam protection cover, and does it protect other plugins' registration forms, like BuddyPress? =

**A:** The registration anti-spam feature protects you from spam signups on most registration forms out there for WordPress. As of version 1.8.9.9, WP-SpamShield protects the WordPress registration form, and registration forms for... *[Continue reading FAQ 13 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=13#faqs_13)*

= FAQ 14 - Q: I'm trying to optimize my site for speed, and Google PageSpeed and/or Yahoo YSlow are telling me I should move the
`wp-spamshield/js/jscripts.php` file to the footer. (aka "render-blocking JavaScript") Should I be concerned about this script slowing down my page? =

**A:** You can safely ignore that. That file is integral to the functioning of the plugin, and it will not slow down your site in any way. We develop other plugins that improve Google PageSpeed and Yahoo YSlow scores and page performance... *[Continue reading FAQ 14 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=14#faqs_14)*

= FAQ 15 - Q: Will WP-SpamShield slow down my site, and is there anything I can do to optimize my site for it? =

**A:** WP-SpamShield will not slow down your site, and no further optimization is necessary. It is a very efficient plugin and has been optimized to use a very light server load. Because it keeps spam out of the WordPress database... *[Continue reading FAQ 15 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=15#faqs_15)*

= FAQ 16 - Q: Can WP-SpamShield do Automatic Updates? =

**A:** WP-SpamShield can perform automatic updates using the WordPress plugin update API. Being that WP-SpamShield is an anti-spam and security plugin, just like an anti-virus, anti-malware or other security program on your computer, automatic updates are extremely important... *[Continue reading FAQ 16 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=16#faqs_16)*

= FAQ 17 - Q: Is WP-SpamShield Compatible with, or Does WP-SpamShield Support this Particular Plugin _____________? (Fill in the blank) =

**A:** The short answer: If a plugin is not on our Known Conflicts list, then YES, it is compatible! Regarding support for forms, similarly if it is not on our Known Conflicts list, every kind of WordPress form is supported. The long answer... *[Continue reading FAQ 17 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=17#faqs_17)*

= FAQ 18 - Q: Is WP-SpamShield Compliant with European Cookie and Privacy Laws? =

**A:** The short answer: Yes! WP-SpamShield is 100% compliant with European Cookie and Privacy Laws. The long answer... *[Continue reading FAQ 18 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=18#faqs_18)*

= FAQ 19 - Q: I'm a web developer, and something does not seem to be working right in my local testing environment. What might be causing this? =

**A:** When something does not seem to work properly in a local testing environment, but works without issue on a live site, almost 100% of the time it is due to... *[Continue reading FAQ 19 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=19#faqs_19)*

= FAQ 20 - Q: How do I upgrade my site's PHP version? =

**A:** Upgrading PHP is not hard at all. Please see this... *[Continue reading FAQ 20 »](https://www.redsandmarketing.com/plugins/wp-spamshield/faqs/?faqs=20#faqs_20)*

== Screenshots ==

1. WP-SpamShield Settings page
2. Blocked spam stats on the main Dashboard page
3. The WordPress spam queue after installing WP-SpamShield. Empty.
4. Widget - End Blog Spam
5. Widget - WP-SpamShield Counter - Custom: Style 1, Base Color 17
8. Widget - WP-SpamShield Counter - Custom: Style 1, Base Color 6
6. Widget - WP-SpamShield Counter - Custom: Style 2, Base Color 14
7. Widget - WP-SpamShield Counter - Custom: Style 2, Base Color 3
9. Widget - WP-SpamShield Counter - Graphic: Style 3
10. Widget - WP-SpamShield Counter - Graphic: Style 9

== Changelog ==

= 1.9.21 =
*released 10/27/17*

* Made various code enhancements and improvements.
* Removed "Plugin Organizer" from the anti-malware module, since it was updated and removed the malware code in version 9.2.4.

= 1.9.20 =
*released 10/27/17*

* Added an anti-malware module to prevent the "Plugin Organizer" malware plugin from disabling WP-SpamShield, and to scan for and remove the fake malware plugin "X-WP-SPAM-SHIELD-PRO" (which is in no way associated with the real WP-SpamShield). We recommend that WordPress site owners remove the WordPress plugin called "Plugin Organizer". As of version 9.2.3 it has added malware code that intentionally disables WP-SpamShield, and prevents site owners from re-activating it, even when "Plugin Organizer" is deactivated, leaving sites unprotected. [More information »](https://www.redsandmarketing.com/blog/malware-alert-plugin-organizer-wordpress/)

= 1.9.19 =
*released 10/25/17*

* Added an enhancement to ensure functional integrity and prevent other plugins from disabling or modifying essential functionality.

= 1.9.18 =
*released 10/14/17*

* Made various code enhancements and improvements.
* Maintenance: Updated existing spam filters.

= 1.9.17 =
*released 07/17/17*

* Made various code enhancements and improvements.
* Removed the French (fr_FR) translation from the plugin package since the language pack is now used instead.
* Improved some of the spam filters for the built-in WP-SpamShield contact form.
* Maintenance: Updated existing spam filters.

= 1.9.16 =
*released 07/11/17*

* Made various code enhancements and improvements.
* Fixed a compatibility issue with JetPack Comments.
* Fixed a compatibility issue with certain WooCommerce Payment Gateways.
* Maintenance: Updated existing spam filters.

= 1.9.15 =
*released 06/30/17*

* Made various code enhancements and improvements.
* Fixed a compatibility issue with the Easy Digital Downloads plugin.
* Maintenance: Updated existing spam filters.

= 1.9.14 =
*released 06/16/17*

* Made various code enhancements and improvements.
* Maintenance: Updated existing spam filters.

= 1.9.13 =
*released 06/08/17*

* Made various code enhancements and improvements.
* Maintenance: Updated existing spam filters.

= 1.9.12 =
*released 06/03/17*

* Made various code enhancements and improvements.
* Compatibility fix for a new issue starting in Contact Form 7 version 4.8. In CF7 version 4.8, some changes were made to the form processing and now the REST API is used. This release fixes the issue while maintaining backwards compatibility with previous versions of CF7.
* Added an improved automatic cache purge feature. When plugins are activated, deactivated, or updated, WP-SpamShield automatically purges the page cache for a number of caching plugins, including WP Super Cache, WP Fastest Cache, Autoptimize, and more. This ensures the smooth operation and anti-spam functionality.
* Improved some filters in the anti-spam algorithm.
* Maintenance: Updated existing spam filters.

= 1.9.11 =
*released 05/20/17*

* Made various code enhancements and improvements.
* Maintenance: Updated existing spam filters.

= 1.9.10 =
*released 05/17/17*

* Made various code enhancements and improvements.
* Improved some filters in the anti-spam algorithm.
* Maintenance: Updated existing spam filters.

= 1.9.9.9.9 =
*released 05/14/17*

* Made various code enhancements and improvements.
* Added mitigation for CVE-2017-8295, the zero-day exploit that affects *all versions of WordPress to date*, including version 4.7.5 and earlier. **Now, all WP-SpamShield users are protected from this threat.** More information is available in [this blog post](https://www.redsandmarketing.com/blog/wp-spamshield-stops-wordpress-exploit-cve-2017-8295/).
* Added a number of preemptive security enhancements.
* Added a note with clarification to the WP-SpamShield Security Alerts: *"Security alert provided by WP-SpamShield. Data provided by WPScan Vulnerability Database."*
* Removed support for CommentLuv plugin as it is an abandoned plugin.
* Added new spam filters to the algorithm.
* Improved some filters in the anti-spam algorithm.
* Maintenance: Updated existing spam filters.

= 1.9.9.9.8 =
*released 04/21/17*

* Made various code enhancements and improvements.
* Compatibility fix for a new issue starting in WooCommerce 3.0 that affected new user registration on the My Account page. In WooCommerce 3.0, some changes were made to the functionality of the WooCommerce registration form. This prevented the new user registrations from validating properly when WP-SpamShield was active. This release fixes the issue while maintaining backwards compatibility with previous versions of WooCommerce.
* Maintenance: Updated the spam filters.

= 1.9.9.9.7 =
*released 04/17/17*

* Made various code enhancements and improvements.
* Added a compatibility improvement for WooCommerce AJAX requests.
* Added new spam filters to the algorithm.
* Improved some filters in the anti-spam algorithm.
* Maintenance: Updated the spam filters.

= 1.9.9.9.5 =
*released 03/27/17*

* Fixed a bug that caused a compatibility issue with the Slim Stat Analytics plugin and certain plugins making AJAX POST requests to the `/wp-admin/admin-ajax.php` file.
* Made various code enhancements and improvements.
* Maintenance: Updated the spam filters.

= 1.9.9.9.4 =
*released 03/24/17*

* Made various code enhancements and improvements.
* Maintenance: Updated the spam filters.

= 1.9.9.9.3 =
*released 03/17/17*

* Added a compatibility improvement for browsers with aggressive caching.
* Maintenance: Updated the spam filters.

= 1.9.9.9.2 =
*released 03/15/17*

* Fixed a JavaScript bug in the `jscripts.php` file that affected certain sites.
* Maintenance: Updated the spam filters.

= 1.9.9.9.1 =
*released 03/13/17*

* Made various minor code enhancements and improvements.
* Maintenance: Updated the spam filters.

= 1.9.9.9 =
*released 02/09/17*

* Made some improvements to the whitelisting functionality.
* Made some improvements to the widgets, and made some tweaks to make them fully compatible with the customizer. It was necessary to remove the custom color option and color picker on the "WP-SpamShield Counter - Custom" widget to make this possible. We may look into re-adding these in the future.
* Made various code enhancements and improvements.
* Improved some filters in the anti-spam algorithm.

= 1.9.9.8.9 =
*released 01/31/17*

* Made various code enhancements and improvements.
* Maintenance: Updated the spam filters.

= 1.9.9.8.8 =
*released 01/28/17*

* Made various code enhancements and improvements.
* Added new spam filters to the algorithm.
* Improved some filters in the anti-spam algorithm.
* Maintenance: Updated the spam filters.

= 1.9.9.8.7 =
*released 01/22/17*

* Fixed a bug affecting certain server configurations.
* Made various code enhancements and improvements.

= 1.9.9.8.6 =
*released 01/21/17*

* Made various code enhancements and improvements.
* Added an option to disable automatic plugin updates.
* Maintenance: Updated the spam filters.

= 1.9.9.8.5 =
*released 01/19/17*

* Fixed a bug causing PHP Notices/Warnings.
* Made various code enhancements and improvements.
* Maintenance: Updated the spam filters.

= 1.9.9.8.4 =
*released 01/18/17*

* Fixed a bug in the web host detection function. The error was caused by new functionality imported from our RS System Diagnostic plugin in version 1.9.9.8.2 and has now been fixed.

= 1.9.9.8.3 =
*released 01/18/17*

* Fixed a fatal error introduced in version 1.9.9.8.2 that affected Wordfence users.

= 1.9.9.8.2 =
*released 01/18/17*

* Added robust detection for over 90 web hosting services to further improve compatibility with various server setups and edge cases. We developed this functionality for our RS System Diagnostic plugin and imported it to WP-SpamShield.
* Added robust detection for web proxy/WAF/CDN services such as Cloudflare, Incapsula, and Sucuri CloudProxy. We developed this functionality for our RS System Diagnostic plugin and imported it to WP-SpamShield.
* Improved support for Varnish and other server-side caching systems.
* Added functionality to enforce existing [plugin Minimum Requirement #3](https://www.redsandmarketing.com/plugins/wp-spamshield/?wpss=requirements#wpss_requirements), "Your server must be configured to allow the use of an .htaccess file." Accordingly, if a standalone Nginx server is detected, the plugin will deactivate. Standalone Nginx servers have never been supported by the plugin, and this has always been explained in the plugin Minimum Requirements, but unfortunately despite existing warnings in the admin, not everyone pays attention, and this became necessary.
* Made various code enhancements and improvements.
* Improved some filters in the anti-spam algorithm.
* Maintenance: Updated existing spam filters.

= 1.9.9.8.1 =
*released 12/23/16*

* Maintenance: Updated the spam filters.

= 1.9.9.8 =
*released 11/27/16*

* Fixed a bug that caused a comments without a website entry to be incorrectly blocked.
* Maintenance: Updated existing spam filters.

= 1.9.9.7 =
*released 11/26/16*

* Fixed a bug that caused a compatibility issue with the CloudFlare plugin (version 3.0+).
* Made various code enhancements and improvements.
* Added new spam filters to the algorithm.
* Improved some filters in the anti-spam algorithm.
* Maintenance: Updated existing spam filters.

= 1.9.9.6 =
*released 11/19/16*

* Fixed an issue affecting the Contact Form button in the WordPress editor, due to TinyMCE updates and other changes to the WordPress Editor in version 4.6. The new implementation ensures backwards compatibility.
* Maintenance: Updated the spam filters.

= 1.9.9.5 =
*released 11/11/16*

* Improved support for Varnish and other server-side caching systems.
* Added support for secure cookie handling. On sites with HTTPS enabled, WP-SpamShield will now serve PHP cookies securely.
* Made various code enhancements and improvements.
* Improved some filters in the anti-spam algorithm.
* Maintenance: Updated the spam filters.

= 1.9.9.4 =
*released 10/22/16*

* Fixed a bug in the contact form settings.
* Fixed a text capitalization error on localized registration form translations.
* Fixed a bug in the blocked spam logging expiration time.
* Added improved support for localized WooCommerce registration pages.
* Made various code enhancements and improvements.
* Added new spam filters to the algorithm.
* Improved some filters in the anti-spam algorithm.
* Maintenance: Updated existing spam filters.

= 1.9.9.3 =
*released 10/08/16*

* Made various code enhancements and improvements.
* Updated the spam filters.

= 1.9.9.2 =
*released 08/29/16*

* Fixed a bug in the `jscripts.php` file that affected PHP versions 5.4 and below.
* Updated the spam filters.

= 1.9.9.1 =
*released 08/28/16*

* Made various code enhancements and improvements.
* Updated the anti spam filters.

= 1.9.9 =
*released 08/14/16*

* Made various code enhancements and improvements.
* Tested and confirmed compatibility with WordPress 4.6.
* Updated the anti spam filters.

= 1.9.8.9 =
*released 07/12/16*

* Made various code enhancements and improvements.
* Improved some of the filters in the anti-spam algorithm.
* Updated the anti spam filters.

= 1.9.8.8 =
*released 06/20/16*

* Made various code enhancements and improvements.
* Improved Whitelist functionality. Expanded the functionality of the Whitelist to allow not only email addresses, but *IP addresses* as well. Also, the Whitelist now affects all form/POST submission channels that the plugin protects. Previously it only applied to comments and contact forms.
* Added protection against XML-RPC brute force amplification attacks. Added a filter to the Miscellaneous Form Spam Protection to block XML-RPC and REST requests from servers using spoofed Reverse DNS entries (ie. non-existant servers), a common element of these attacks used to mask an attacker's identity. By doing a simple check to ensure that the server is real, all XML-RPC requests will have to originate from properly configured servers. For example, hackers will often use spoofed Reverse DNS entries (fake servers) when trying to brute-force your login passwords using the `system.multicall` function in XML-RPC (aka brute force amplification attacks). The plugin also employs a number of other methods to block these types of attacks. Stopping these attacks improves the security of your site.
* Improved some of the filters in the anti-spam algorithm.
* Updated the anti spam filters.

= 1.9.8.7 =
*released 06/12/16*

* Made various code enhancements and improvements.
* Improved some of the filters in the anti-spam algorithm.
* Updated the anti spam filters.

= 1.9.8.6 =
*released 06/08/16*

* Made various code enhancements and improvements.
* Fixed a couple bugs: Fixed a bug with the "Blacklist the IP Address" link in email notifications, and fixed a bug affecting certain AJAX requests.
* Added an option to encode the body content of emails generated by the built-in contact form.
* Improved some of the filters in the anti-spam algorithm.
* Updated the anti spam filters.

= 1.9.8.5 =
*released 06/04/16*

* Made various code enhancements and improvements.
* Made various performance and speed optimization improvements.
* Added an early-firing Pingback spam filter that STOPS pingback-based DDoS attacks. **This filter fixes the security issue inherent to Pingbacks.** It preempts WordPress' slower Pingback validation with a *very, very fast* pre-check filter that eliminates 99.9% of pingback spam and saves a TON of bandwidth and server load. The plugin previously still blocked Pingback spam, but it fired *after* WordPress processed the Pingback. By adding the pre-check filter to the *front of the stack* in the processing queue, it prevents your site's XML-RPC functionality from being abused for use in Pingback-based DDoS attacks against other sites, it prevents your site from *being the victim* of Pingback-based DDoS attacks, it takes a huge load off of WordPress by catching and blocking 99.9% of spam *before* processing, which speeds up your site and improves scalability.
* Made some improvements to the log formatting.
* Updated the anti spam filters.

= 1.9.8.4 =
*released 05/30/16*

* Made various code enhancements and improvements.
* Preemptive security enhancements.
* Updated the anti spam filters.

= 1.9.8.3 =
*released 05/22/16*

* Made various code enhancements and improvements.
* Updated the anti spam filters.

= 1.9.8.2 =
*released 05/17/16*

* Made various code enhancements and improvements.
* Improved some of the filters in the anti-spam algorithm.
* Updated the anti spam filters.

= 1.9.8.1 =
*released 05/10/16*

* Made various code enhancements and improvements.
* Improved some of the filters in the anti-spam algorithm.
* Updated the anti spam filters.

= 1.9.8 =
*released 05/01/16*

* Updated the anti spam filters.

= 1.9.7.9 =
*released 04/27/16*

* Fixed a bug affecting pingback and trackback validation.
* Improved some of the filters in the anti-spam algorithm.

= 1.9.7.8 =
*released 04/26/16*

* Added detection and security warning notices for old versions of WordPress with known security vulnerabilities. The plugin will now periodically check the installed WordPress version against the [WPScan Vulnerability Database](https://wpvulndb.com/) for any known vulnerabilities.
* Made some improvements to the built-in contact form and email formatting.
* Added improved support for payment gateways and webhooks.
* Added detection for more ecommerce plugins.
* Extended the Enhanced Comment Blacklist (ECBL) protection from only comments and the built-in contact form, to now full protection of everything else WP-SpamShield protects: Contact Form 7, Gravity Forms, all miscellaneous 3rd party forms, and registration forms. Now, if you have a user who you want to block from signing up, you can block them by IP address or email, by enabling ECBL in the settings and entering that info into the blacklist.
* Made various code enhancements and improvements.
* Improved some of the filters in the anti-spam algorithm.
* Updated the anti spam filters.

= 1.9.7.7 =
*released 03/25/16*

* Fixed 2 minor bugs.
* Updated the anti spam filters.

= 1.9.7.6 =
*released 03/23/16*

* Fixed a bug affecting ecommerce compatibility.
* Updated the anti spam filters.

= 1.9.7.5 =
*released 03/21/16*

* Fixed a bug in the translations.
* Added detection for more ecommerce and cache plugins.
* More compatibility improvements for surrogates (gateway caches/reverse proxies, see RFC 3040).
* Made various code improvements.
* Updated the anti spam filters.

= 1.9.7.4 =
*released 03/11/16*

* Fixed a backwards compatibility issue with new user notification emails on old WordPress versions (lower than 4.3).
* Minor translation improvements. Switched some of the translation strings to use WordPress' built in translations in order to not duplicate efforts. This will allow some of the documentation and text to be translated even if the plugin doesn't have a translation for that language yet. For example, registration forms will now be fully translated in every language that WordPress has a translation for.
* Compatibility improvements for surrogates (gateway caches/reverse proxies, see RFC 3040).
* Preemptive security enhancements.
* Updated the anti spam filters.

= 1.9.7.3 =
*released 03/06/16*

* Fixed a compatibility issue affecting multisite setups with domain mapping.
* Made some improvements to the Autoptimize compatibility fix.
* Made various minor code improvements.
* Updated the anti spam filters.

= 1.9.7.2 =
*released 02/18/16*

* Fixed an error detection bug that affected site owners who enable `FORCE_SSL_ADMIN` in `wp-config.php`.
* Made various minor code improvements.
* Updated the anti spam filters.

= 1.9.7.1 =
*released 02/17/16*

* Added compatibility improvements for surrogates (gateway caches/reverse proxies, see RFC 3040).
* Added detection for certain WordPress configuration errors that can prevent the plugin from working.
* Made various code improvements.
* Updated the anti spam filters.

= 1.9.7 =
*released 02/15/16*

* Increased minimum required required PHP version to 5.3.21. We will eventually be phasing out support for PHP 5.3, as it reached end of life (EOL) 1.5 years ago in 2014. We recommend running at least PHP 5.5 or 5.6 on your server. It's extremely important that users stay up to date with the most recent version of WordPress (currently 4.4.2) and a reasonably up-to-date version of PHP for security, functionality, and website performance. See [PHP Unsupported Branches](http://php.net/eol.php) for more info.
* Improved some of the anti spam filters for the built-in WP-SpamShield contact form.
* Made various code improvements.
* Updated the anti spam filters.

= 1.9.6.9 =
*released 01/18/16*

* Made some improvements to the Autoptimize compatibility fix. Autoptimize added some new features in version 2.0, and we've been working with the author, Frank Goosens, on streamlining plugin compatibility.
* Updated the anti-spam filters.

= 1.9.6.8 =
*released 12/22/15*

* Increased minimum required WordPress version to 4.0. It's extremely important that users stay up to date with the most recent version of WordPress (currently 4.4) for security and functionality.
* Updated the anti-spam filters.

= 1.9.6.7 =
*released 12/08/15*