WP-Safety

Akismet Anti-spam: Spam Protection Security & Risk Analysis

wordpress.org/plugins/akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M active installs v5.6 PHP 7.2+ WP 5.8+ Updated Nov 12, 2025
anti-spamantispamcommentscontact-formspam
99
A · Safe
CVEs total2
Unpatched0
Last CVEOct 13, 2015
Plugin page Download
Safety Verdict

Is Akismet Anti-spam: Spam Protection Safe to Use in 2026?

Generally Safe

Score 99/100

Akismet Anti-spam: Spam Protection has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 13, 2015Updated 4mo ago
Risk Assessment

Akismet v5.6 demonstrates a generally strong security posture with good practices in place, such as a high percentage of prepared SQL statements and properly escaped outputs. The plugin also has a robust history of addressing vulnerabilities, with no currently unpatched CVEs and the last known vulnerability dating back to 2015, indicating active maintenance and a focus on security. The use of nonces and capability checks further reinforces its defenses.

However, there are areas that warrant attention. The presence of unprotected REST API routes (4 out of 6) represents a significant attack surface that could be exploited if malicious input is not handled appropriately. Additionally, a taint analysis revealing flows with unsanitized paths, even if not classified as critical or high severity, suggests a potential for vulnerabilities that require careful monitoring and remediation. The relatively high number of entry points (9 total, 4 unprotected) contributes to this concern.

In conclusion, Akismet v5.6 is a well-maintained plugin with a history of responsible vulnerability management. Its core security practices are commendable. The primary risks stem from its REST API and the identified unsanitized taint flows, which, while not currently severe, could pose future threats if left unaddressed. Addressing these specific areas will further solidify its security.

Key Concerns

  • Unprotected REST API routes
  • Flows with unsanitized paths
  • Large unprotected attack surface
Vulnerabilities
2

Akismet Anti-spam: Spam Protection Security Vulnerabilities

CVEs by Year

1 CVE in 2007
2007
1 CVE in 2015
2015
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2015-9357medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Akismet <= 3.1.4 - Cross-Site Scripting

Oct 13, 2015 Patched in 3.1.5 (3024d)
CVE-2007-2714medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Akismet Spam Protection < 2.0.2 - Cross-Site Scripting

May 14, 2007 Patched in 2.0.2 (6098d)
Code Analysis
Analyzed Mar 16, 2026

Akismet Anti-spam: Spam Protection Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
26 prepared
Unescaped Output
35
250 escaped
Nonce Checks
8
Capability Checks
9
File Operations
0
External Requests
6
Bundled Libraries
0

SQL Query Safety

81% prepared32 total queries

Output Escaping

88% escaped285 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
display_notice (class.akismet-admin.php:1323)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Akismet Anti-spam: Spam Protection Attack Surface

Entry Points9
Unprotected4

AJAX Handlers 3

authwp_ajax_akismet_recheck_queueclass.akismet-admin.php:76
authwp_ajax_comment_author_deurlclass.akismet-admin.php:77
authwp_ajax_comment_author_reurlclass.akismet-admin.php:78

REST API Routes 6

GET/wp-json/akismet/v1/keyclass.akismet-rest-api.php:13
GET/wp-json/akismet/v1/settings/class.akismet-rest-api.php:43
GET/wp-json/akismet/v1/statsclass.akismet-rest-api.php:72
GET/wp-json/akismet/v1/stats/(?P<interval>[\w+])class.akismet-rest-api.php:91
GET/wp-json/akismet/v1/alertclass.akismet-rest-api.php:109
GET/wp-json/akismet/v1/webhookclass.akismet-rest-api.php:155
WordPress Hooks 59
actioninitakismet.php:55
actionrest_api_initakismet.php:57
actioninitakismet.php:59
actioninitakismet.php:63
actionactivated_pluginclass-akismet-compatible-plugins.php:114
actiondeactivated_pluginclass-akismet-compatible-plugins.php:115
actionadmin_initclass.akismet-admin.php:68
actionadmin_menuclass.akismet-admin.php:69
actionadmin_noticesclass.akismet-admin.php:70
actionadmin_enqueue_scriptsclass.akismet-admin.php:71
actionactivity_box_endclass.akismet-admin.php:72
actionrightnow_endclass.akismet-admin.php:73
actionmanage_comments_navclass.akismet-admin.php:74
actionadmin_action_akismet_recheck_queueclass.akismet-admin.php:75
actionjetpack_auto_activate_akismetclass.akismet-admin.php:79
filterplugin_action_linksclass.akismet-admin.php:81
filtercomment_row_actionsclass.akismet-admin.php:82
filterwxr_export_skip_commentmetaclass.akismet-admin.php:86
filterall_pluginsclass.akismet-admin.php:88
filterwp_privacy_personal_data_erasersclass.akismet-admin.php:91
actionjetpack_admin_menuclass.akismet-admin.php:115
actionwidgets_initclass.akismet-widget.php:177
actionwp_insert_commentclass.akismet.php:72
actionwp_insert_commentclass.akismet.php:73
actionwp_insert_commentclass.akismet.php:74
filterpreprocess_commentclass.akismet.php:76
filterrest_pre_insert_commentclass.akismet.php:77
actioncomment_formclass.akismet.php:79
actiondo_shortcode_tagclass.akismet.php:80
actionakismet_scheduled_deleteclass.akismet.php:82
actionakismet_scheduled_deleteclass.akismet.php:83
actionakismet_scheduled_deleteclass.akismet.php:84
actionakismet_schedule_cron_recheckclass.akismet.php:85
actionakismet_email_fallbackclass.akismet.php:87
actionakismet_approval_fallbackclass.akismet.php:88
actioncomment_formclass.akismet.php:90
actioncomment_formclass.akismet.php:91
filterscript_loader_tagclass.akismet.php:92
filternotify_moderatorclass.akismet.php:94
filternotify_post_authorclass.akismet.php:95
filterpre_comment_approvedclass.akismet.php:97
actiontransition_comment_statusclass.akismet.php:99
actionxmlrpc_callclass.akismet.php:102
filterjetpack_options_whitelistclass.akismet.php:105
filterjetpack_contact_form_htmlclass.akismet.php:106
filterjetpack_contact_form_akismet_valuesclass.akismet.php:107
filtergform_get_form_filterclass.akismet.php:110
filtergform_akismet_fieldsclass.akismet.php:111
filterwpcf7_form_elementsclass.akismet.php:114
filterwpcf7_akismet_parametersclass.akismet.php:115
filterfrm_filter_final_formclass.akismet.php:118
filterfrm_akismet_valuesclass.akismet.php:119
filterfluentform_form_element_startclass.akismet.php:132
filterfluentform_akismet_fieldsclass.akismet.php:133
filterfluentform/form_element_startclass.akismet.php:135
filterfluentform/akismet_fieldsclass.akismet.php:136
actionupdate_option_wordpress_api_keyclass.akismet.php:138
actionadd_option_wordpress_api_keyclass.akismet.php:139
actioncomment_form_afterclass.akismet.php:141

Scheduled Events 8

akismet_schedule_cron_recheck
akismet_scheduled_delete
akismet_email_fallback
akismet_approval_fallback
akismet_schedule_cron_recheck
akismet_schedule_cron_recheck
akismet_schedule_cron_recheck
akismet_schedule_cron_recheck
Maintenance & Trust

Akismet Anti-spam: Spam Protection Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedNov 12, 2025
PHP min version7.2
Downloads386.4M

Community Trust

Rating94/100
Number of ratings1,173
Active installs6.0M
Alternatives

Akismet Anti-spam: Spam Protection Alternatives

Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
Spam protection, Honeypot, Anti-Spam by CleanTalk

Spam protection, Honeypot, Anti-Spam by CleanTalk

cleantalk-spam-protect

B
76

Blocks spam comments, fake users, contact form spam and more. No impact on SEO. Privacy focused. CAPTCHA free, premium Antispam plugin.

200K 13 CVEs
Spam Destroyer

Spam Destroyer

spam-destroyer

A
100

Kills spam dead in it's tracks. Be gone evil demon spam!

6K No CVEs
La Sentinelle antispam

La Sentinelle antispam

la-sentinelle-antispam

A
100

Feel safe knowing that your website is safe from spam. La Sentinelle will guard your WordPress website against spam in a simple and effective way.

3K No CVEs
Antispam

Antispam

antispam

A
85

Anti-spam check the robots by behavior. No captcha. Antispam let robots do so as a human can't do.

400 No CVEs
Developer Profile

Akismet Anti-spam: Spam Protection Developer Profile

Automattic

213 plugins · 19.2M total installs

73
trust score
Avg Security Score
92/100
Avg Patch Time
1384 days
View full developer profile
Detection Fingerprints

How We Detect Akismet Anti-spam: Spam Protection

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/akismet/admin.css/wp-content/plugins/akismet/form.js/wp-content/plugins/akismet/link-checker.js/wp-content/plugins/akismet/sub-sub-sub-directory.js/wp-content/plugins/akismet/akismet.js/wp-content/plugins/akismet/widget.js/wp-content/plugins/akismet/wp-admin.css/wp-content/plugins/akismet/legacy-support.js+3 more
Script Paths
/wp-content/plugins/akismet/admin.css/wp-content/plugins/akismet/form.js/wp-content/plugins/akismet/link-checker.js/wp-content/plugins/akismet/sub-sub-sub-directory.js/wp-content/plugins/akismet/akismet.js/wp-content/plugins/akismet/widget.js+5 more
Version Parameters
akismet/admin.css?ver=akismet/form.js?ver=akismet/link-checker.js?ver=akismet/sub-sub-sub-directory.js?ver=akismet/akismet.js?ver=akismet/widget.js?ver=akismet/wp-admin.css?ver=akismet/legacy-support.js?ver=akismet/external-compat.js?ver=akismet/compatibility-notes.js?ver=akismet/email-notifications.js?ver=

HTML / DOM Fingerprints

CSS Classes
akismet-statusakismet-noticeakismet-configuration-wrapakismet-settingsakismet-formakismet-key-inputakismet-comments-wrapakismet-comment-stats
HTML Comments
<!-- WordPress Privacy Policy content --><!-- Akismet comment meta box --><!-- Akismet dashboard stats --><!-- Akismet settings page -->
Data Attributes
data-akismet-keydata-akismet-noncedata-akismet-user-id
JS Globals
AkismetAkismet_Adminakismet_nonceakismet_user_idakismet_api_key_urlakismet_save_button_text+1 more
REST Endpoints
/wp-json/akismet/v1/api-key
FAQ

Frequently Asked Questions about Akismet Anti-spam: Spam Protection