[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f9Wof-FRQ1g-GcL05iPfqkNdsx03UkNjM8EJNgq7sehU":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":40,"analysis":136,"fingerprints":238},"block-comment-spam-bots","Block Comment Spam Bots","2.62","Rick Hellewell","https:\u002F\u002Fprofiles.wordpress.org\u002Frhellewellgmailcom\u002F","\u003Cp>Professional spammers use programs to automate their spamming. The ‘Block Comment Spam Bots’ (BCSB) plugin efficiently blocks their process. No more comment spam!\u003C\u002Fp>\n\u003Cp>As no legitimate user will use the professional spammer’s automated process which relies on cURL and WGET commands, real users will never notice the BCSB plugin at work. There are no CAPTCHAS for your visitors to interact with. No silly questions. Just the comment form as designed in any theme.\u003C\u002Fp>\n\u003Cp>On the admin side, there are no blacklists, special keys (like Askimet), overloaded spam queues, or overworked databases that store spam comments until you manually delete them.\u003C\u002Fp>\n\u003Cp>Install the plugin and that’s it. Invisible, to you and your visitors. The only change you will notice is in your admin area. The list of comments now has a green check next to them. That way you know that comment was made on your website by a real person and was not bypassed by hacking spammers connecting directly to your server.\u003C\u002Fp>\n\u003Cp>All that remains is comments made by real people, and while real people can spam, it takes them time and effort. The amount of spam from real people is a lot more manageable than the tsunami from automated spammers, saving you time to concentrate on the important things in life, like your readers, and making connections.\u003C\u002Fp>\n\u003Cp>We’ve tested it on multiple websites and it wipes out automated spam completely. If it doesn’t on your site, please let us know.\u003C\u002Fp>\n\u003Cp>** Geeky Stuff **\u003Cbr \u002F>\n…in case you are interested in how it works…\u003C\u002Fp>\n\u003Cp>tl;dr – \u003Cstrong>This provides a total and easy solution to comment spam from spam bots.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Comments are processed by the WordPress wp-post-comments.php file. Automated spammers (‘spam bots’) can provide (‘post’) data directly to that page, bypassing any comment processing, by using CURL\u002FWGET commands.\u003C\u002Fp>\n\u003Cp>Bypassing the comment form by posting directly (via CURL or WGET commands), is quite easy. Just send the post ID number, and the bot’s fake name and email, and the spammy content. Boom! Comment spam is on your site!\u003C\u002Fp>\n\u003Cp>The result is comment spam – and that is not always caught by other comment spam checkers. Even if it is caught by programs such as Akismet, processing that spam takes some server resources, including writing to the database.\u003C\u002Fp>\n\u003Cp>This plugin uses several techniques to ‘sense’ a spambot. There are hidden fields that are changed after a delay. There is a delay in displaying the submit button. And it blocks direct access to the WordPress post\u002Fprocessing functions.\u003C\u002Fp>\n\u003Cp>The techniques, also used in our standalone “FormSpemmerTrap” (FST) program, and our other anti-spam plugins (like FormSpammerTrap for Comments), are very effective. They use a bit of JavaScript to block spambots – since automated processes via CURL\u002FWGET\u002Fetc cannot process JS code.\u003C\u002Fp>\n\u003Cp>It’s simple: you install this plugin, activate it, and bot comments will stop. Immediately.\u003C\u002Fp>\n\u003Cp>And it doesn’t add any visual impediments to your comments. No reCaptcha things (which many see as a pain). No silly questions (‘what is 2+8’) on the form. Your comment form does not change. Regular users will not notice a difference. But you will. No more spam comments for you!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This is the best solution to block comment spam.\u003C\u002Fstrong> We’ve tested it on a site that had 20-40 spam comments a day. With this plugin enabled, the spam comment stopped. Immediately. And there have been none since installing this plugin. ** Not one. Zero.**\u003C\u002Fp>\n\u003Cp>The Admin, Comments list page is modified to show a column with a green checkmark icon if the comment was entered by a real person and not a bot. This is an assurance that the comment was not entered via an automated CURL\u002FWGET to the wp-comments-post.php file. A comment that is on the list that does not show the checkmark was done by a bot. But you won’t see those blocked comments with this plugin enabled. They never get into your database. You can hover over the checkmark icon to see the GUID value indicating a person entered the comment.\u003C\u002Fp>\n\u003Cp>The plugins ‘Settings’ screen has no settings. You don’t even need to look at the Settings screen. If you do, you’ll see information about the plugin. And there is a CURL command you can use to test the effectiveness of blocking (or not blocking) direct access to the wp-comments-post.php file.\u003C\u002Fp>\n\u003Cp>The plugin also adds the hidden GUID field to the comment form after a delay to help block bots that are using the comment form to submit. If the hidden field is not submitted then a bot tried to bypass the comment form. And a short delay happens before the comment submit button is displayed – another bot protection.\u003C\u002Fp>\n","A simple to use plugin that stops automated spam. Install and forget, and any automated spam targeting your native WordPress comments is immediately t …",800,6808,100,4,"2024-04-10T22:16:00.000Z","6.5.8","4.9","5.4",[20,21,22,23,24],"automated-spam","blocking","bots","comments","spam","https:\u002F\u002Fwww.cellarweb.com\u002Fwordpress-plugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-comment-spam-bots.zip",92,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":36,"avg_patch_time_days":37,"trust_score":38,"computed_at":39},"rhellewellgmailcom",16,1040,91,30,88,"2026-04-04T06:50:38.259Z",[41,61,78,95,112],{"slug":42,"name":43,"version":44,"author":45,"author_profile":46,"description":47,"short_description":48,"active_installs":49,"downloaded":50,"rating":28,"num_ratings":28,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":58,"download_link":59,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-simple-spamcheck","WP Simple SpamCheck","1.2","sdesalas","https:\u002F\u002Fprofiles.wordpress.org\u002Fsdesalas\u002F","\u003Cp>This plugin allows WordPress to block over 95% of spam comments using a time-based hash.\u003C\u002Fp>\n\u003Cp>This allows for a minimum sanity check and yet should remove almost all spam comments\u003Cbr \u002F>\nwithout the need to sign up to any third party APIs.\u003C\u002Fp>\n\u003Cp>The plugin has been tested in real world conditions for around 12 months. It will not block\u003Cbr \u002F>\nreal comments and it is pretty effective against spam, however it only uses a very simple\u003Cbr \u002F>\nalgorithm and for that reason some spam comments may still make it through.\u003C\u002Fp>\n","This plugin allows WordPress to block over 95% of spam comments using a time-based hash.",200,8639,"2012-07-11T22:28:00.000Z","3.4.2","2.0","",[22,56,23,57,24],"check","prevent","http:\u002F\u002Fdesalasworks.com\u002Fwp-simple-spamcheck\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-simple-spamcheck.zip",85,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":13,"downloaded":69,"rating":13,"num_ratings":70,"last_updated":71,"tested_up_to":72,"requires_at_least":54,"requires_php":54,"tags":73,"homepage":76,"download_link":77,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"spam-ip-blocker","Spam IP Blocker","0.9.2","Aleksei Znaev","https:\u002F\u002Fprofiles.wordpress.org\u002Fznaeff\u002F","\u003Cp>This is a spam IP blocker. It is free. It marks any new comment as spam automatically when commenter’s IP exists in at least one of ‘.zen.spamhaus.org’ & ‘.bl.spamcop.net’.\u003Cbr \u002F>\nPlugin is based on public DNSBL class.\u003Cbr \u002F>\n\u003Ca href=\"http:\u002F\u002Fwww.phpclasses.org\u002Fpackage\u002F6994-PHP-Check-spam-IP-address-in-DNS-black-lists.html\" title=\"DNSBL class on PHPClasses.org\" rel=\"nofollow ugc\">Official page of DNSBL class on PHPClasses.org\u003C\u002Fa>\u003C\u002Fp>\n","Free spam IP blocker according to public DNSBL bases.",7789,1,"2011-06-27T07:32:00.000Z","3.1.4",[21,23,74,24,75],"dnsbl","spamhaus","http:\u002F\u002Fwordpress.org\u002Fextend\u002Fplugins\u002Fspam-ip-blocker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fspam-ip-blocker.0.9.2.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":28,"num_ratings":28,"last_updated":88,"tested_up_to":89,"requires_at_least":90,"requires_php":54,"tags":91,"homepage":93,"download_link":94,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"block-spammers","Block Spammers","0.3","sander85","https:\u002F\u002Fprofiles.wordpress.org\u002Fsander85\u002F","\u003Cp>This plugin allows to block spammers with the following options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Block spammers by IPs (supports wildcards).\u003C\u002Fli>\n\u003Cli>Block IPs that have posted comments marked as spam.\u003C\u002Fli>\n\u003Cli>Block comments that contain bad words.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Additional options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If comment contains bad words, add the spammers IP into the blacklist.\u003C\u002Fli>\n\u003Cli>When deleting spam, add IPs of spam comments into the blacklist.\u003C\u002Fli>\n\u003Cli>Similar entries in the blacklist are merged automatically.\u003C\u002Fli>\n\u003C\u002Ful>\n","Block spammers from submitting comments, by IPs or by bad words.",40,3157,"2018-10-25T20:44:00.000Z","5.0.25","3.5.1",[21,23,92,24],"ip","https:\u002F\u002Fgithub.com\u002Fsander85\u002Fblock-spammers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fblock-spammers.zip",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":103,"downloaded":104,"rating":28,"num_ratings":28,"last_updated":105,"tested_up_to":106,"requires_at_least":90,"requires_php":54,"tags":107,"homepage":110,"download_link":111,"security_score":60,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"no-spam","No Spam","1.0.2","Pierre Sylvestre","https:\u002F\u002Fprofiles.wordpress.org\u002Fstrategio\u002F","\u003Cp>\u003Cstrong>No Spam\u003C\u002Fstrong> is a simple, lightweight and efficient anti-spam plugin.\u003C\u002Fp>\n\u003Cp>It relies on differences between \u003Cstrong>humans\u003C\u002Fstrong> and \u003Cstrong>robots\u003C\u002Fstrong> when they visit (or crawl) a page.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>Most of human visitors clients are javascript enabled and most of spam bot are not. Then the No Spam plugin adds an input field in the comment form using javascript. After submission, the plugin check if this field exists.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>As spam bots usually don’t kown which fields are required and which are not, they use to fill all the fields. The plugin adds a extra field (with empty value) in the comment form and hide it with CSS styling. After submission, the plugin check if the field is still empty.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n","A simple and efficient anti-spam plugin",10,9706,"2014-06-23T14:47:00.000Z","3.9.40",[108,23,24,109],"anti-spam","spam-bots","http:\u002F\u002Fnospam.strategio.fr\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fno-spam.1.0.3.zip",{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":122,"num_ratings":123,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":127,"tags":128,"homepage":131,"download_link":132,"security_score":133,"vuln_count":134,"unpatched_count":28,"last_vuln_date":135,"fetched_at":30},"akismet","Akismet Anti-spam: Spam Protection","5.6","Automattic","https:\u002F\u002Fprofiles.wordpress.org\u002Fautomattic\u002F","\u003Cp>The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.\u003C\u002Fp>\n\u003Cp>Akismet checks your comments and contact form submissions against our global database of spam to prevent your site from publishing malicious content. You can review the comment spam it catches on your blog’s “Comments” admin screen.\u003C\u002Fp>\n\u003Cp>Major features in Akismet include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Automatically checks all comments and filters out the ones that look like spam.\u003C\u002Fli>\n\u003Cli>Each comment has a status history, so you can easily see which comments were caught or cleared by Akismet and which were spammed or unspammed by a moderator.\u003C\u002Fli>\n\u003Cli>URLs are shown in the comment body to reveal hidden or misleading links.\u003C\u002Fli>\n\u003Cli>Moderators can see the number of approved comments for each user.\u003C\u002Fli>\n\u003Cli>A discard feature that outright blocks the worst spam, saving you disk space and speeding up your site.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>PS: You’ll be prompted to get an Akismet.com API key to use it, once activated. Keys are free for personal blogs; paid subscriptions are available for businesses and commercial sites.\u003C\u002Fp>\n","The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.",6000000,386405930,94,1173,"2025-11-12T16:31:00.000Z","6.9.4","5.8","7.2",[108,129,23,130,24],"antispam","contact-form","https:\u002F\u002Fakismet.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fakismet.5.6.zip",99,2,"2015-10-13 00:00:00",{"attackSurface":137,"codeSignals":196,"taintFlows":230,"riskAssessment":231,"analyzedAt":237},{"hooks":138,"ajaxHandlers":192,"restRoutes":193,"shortcodes":194,"cronEvents":195,"entryPointCount":28,"unprotectedCount":28},[139,145,149,152,156,161,165,168,172,176,180,184,188],{"type":140,"name":141,"callback":142,"priority":143,"file":144,"line":86},"action","wp_footer","bcsb_change_guid",20,"block-comment-spam-bots.php",{"type":140,"name":146,"callback":147,"file":144,"line":148},"comment_form_logged_in_after","bcsb_add_hidden_field",47,{"type":140,"name":150,"callback":147,"file":144,"line":151},"comment_form_after_fields",48,{"type":140,"name":153,"callback":154,"priority":13,"file":144,"line":155},"wp_head","bcsb_hide_submit",53,{"type":157,"name":158,"callback":159,"file":144,"line":160},"filter","preprocess_comment","bcsb_verify_hidden_field",81,{"type":140,"name":162,"callback":163,"file":144,"line":164},"comment_post","bcsb_save_comment_meta_data",95,{"type":140,"name":166,"callback":167,"file":144,"line":13},"add_meta_boxes_comment","bcsb_comment_add_meta_box",{"type":140,"name":169,"callback":170,"file":144,"line":171},"edit_comment","bcsb_comment_edit_bcsb",122,{"type":140,"name":173,"callback":174,"file":144,"line":175},"load_edit_comments.php","bcsb_load",133,{"type":157,"name":177,"callback":178,"file":144,"line":179},"manage_edit-comments_columns","bcsb_comment_columns",144,{"type":157,"name":181,"callback":182,"priority":103,"file":144,"line":183},"manage_comments_custom_column","bcsb_comment_column",153,{"type":140,"name":185,"callback":186,"file":144,"line":187},"admin_menu","bcsb_add_plugin_page",185,{"type":140,"name":189,"callback":190,"file":144,"line":191},"init","bcsb_init",335,[],[],[],[],{"dangerousFunctions":197,"sqlUsage":198,"outputEscaping":200,"fileOperations":28,"externalRequests":28,"nonceChecks":70,"capabilityChecks":70,"bundledLibraries":229},[],{"prepared":28,"raw":28,"locations":199},[],{"escaped":201,"rawEcho":202,"locations":203},3,12,[204,207,209,211,213,215,217,219,221,223,225,227],{"file":144,"line":205,"context":206},38,"raw output",{"file":144,"line":208,"context":206},158,{"file":144,"line":210,"context":206},204,{"file":144,"line":212,"context":206},207,{"file":144,"line":214,"context":206},273,{"file":144,"line":216,"context":206},281,{"file":144,"line":218,"context":206},283,{"file":144,"line":220,"context":206},285,{"file":144,"line":222,"context":206},314,{"file":144,"line":224,"context":206},384,{"file":144,"line":226,"context":206},394,{"file":144,"line":228,"context":206},412,[],[],{"summary":232,"deductions":233},"The 'block-comment-spam-bots' plugin v2.62 exhibits a generally strong security posture based on the provided static analysis. The plugin demonstrates excellent practices by having no identifiable entry points like AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests, along with 100% of SQL queries utilizing prepared statements, are significant strengths. The presence of nonce and capability checks, even with a limited attack surface, indicates an awareness of basic security principles.\n\nHowever, a notable concern arises from the output escaping, where only 20% of the 15 total outputs are properly escaped. This leaves a significant portion of potential output vulnerable to cross-site scripting (XSS) attacks if any user-supplied data is outputted without proper sanitization. The taint analysis showing zero flows with unsanitized paths is positive, but it may be limited by the scope of the analysis or the plugin's limited interaction points. The plugin's vulnerability history is completely clean, with no recorded CVEs, which is a very positive indicator of past security diligence and potentially good development practices.\n\nIn conclusion, the plugin is well-designed from an attack surface and core functionality perspective, with no evident vulnerabilities in its exposed interfaces or data handling for SQL. The primary weakness lies in the insufficient output escaping, which represents a direct risk of XSS vulnerabilities. The lack of any past vulnerabilities is a strong positive, suggesting a low probability of latent issues, but the output escaping flaw needs immediate attention to maintain its strong security reputation.",[234],{"reason":235,"points":236},"Insufficient output escaping",6,"2026-03-16T19:17:00.351Z",{"wat":239,"direct":245},{"assetPaths":240,"generatorPatterns":242,"scriptPaths":243,"versionParams":244},[241],"\u002Fwp-content\u002Fplugins\u002Fblock-comment-spam-bots\u002Fassets\u002Ficons8-check-mark-48.png",[],[],[],{"cssClasses":246,"htmlComments":247,"htmlAttributes":248,"restEndpoints":252,"jsGlobals":253,"shortcodeOutput":254},[],[],[249,250,251,250],"id=\"bcsb_hidden_guid\"","name=\"bcsb_hidden_guid\"","id=\"bcsb_hidden_title\"",[],[],[]]