[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJPNt9ojgjJ6qnkUyGVaVhjDNf3D5cNzOyPdjKRvpGo0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":63,"crawl_stats":37,"alternatives":70,"analysis":171,"fingerprints":480},"cf7-antispam","AntiSpam for Contact Form 7","0.7.4","Erik","https:\u002F\u002Fprofiles.wordpress.org\u002Fcodekraft\u002F","\u003Cp>Are you unsatisfied with your current antispam solution for Contact Form 7? It might be using an ineffective method to combat the specific type of bot attacks you’re facing. Fortunately, I have a solution for you!\u003Cbr \u002F>\nAntispam for Contact Form 7 is a simple yet highly effective plugin that protects your mailbox from bot flooding. Say goodbye to tedious configurations and captchas, which often lead to reduced conversions and inconvenience for genuine users. Our plugin utilizes a combination of on-page and off-page bot traps, along with an auto-learning mechanism powered by a statistical “Bayesian” spam filter called B8.\u003Cbr \u002F>\nCF7-AntiSpam seamlessly integrates with \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fflamingo\u002F\" rel=\"ugc\">Flamingo\u003C\u002Fa> and enhances its functionality. When both plugins are installed, Flamingo gains additional controls, and an extra dashboard widget is enabled.\u003C\u002Fp>\n\u003Ch3>SETUP\u003C\u002Fh3>\n\u003Cp>Basic – Install and go! No configuration, keys, or registrations are required to activate the antispam protection. In this case, some protections, such as fingerprinting, language checks, and honeypots, will be enabled.\u003Cbr \u002F>\nAdvanced – For CF7A to properly analyze the email content using its dictionary, it needs to parse the input message field of your form. To notify the antispam to check this field, you’ll need to add a “marker” to each contact form on your website. Simply add ‘flamingo_message: “[your-message]”‘ in the additional settings panel of each contact form you want to secure. This process follows the same method used with Flamingo. While this step may seem tedious, it is required for advanced text statistical analysis. Without it, the B8 filter cannot be enabled.\u003Cbr \u002F>\nGeoIP – (Optional) If you need to restrict which countries or languages can email you, you can enable this functionality. To enable GeoIP, you’ll need to agree to the GeoLite2 End User License Agreement and sign up for GeoLite2 Downloadable Databases. This will provide you with the required key to download the database. For detailed instructions, please refer to the dedicated section in the cf7-antispam plugin settings.\u003C\u002Fp>\n\u003Ch3>Antispam Available Tests\u003C\u002Fh3>\n\u003Cp>✅ Browser Fingerprinting\u003Cbr \u002F>\n✅ Language checks (Geo-ip, http headers and browser)\u003Cbr \u002F>\n✅ Honeypot\u003Cbr \u002F>\n️🆕 Honeyform*\u003Cbr \u002F>\n✅ Domain Name System Blackhole List (aka DNSBL)\u003Cbr \u002F>\n✅ blocklists (with automatic ban after N failed attempts, user defined ip exclusion list)\u003Cbr \u002F>\n✅ Hidden fields with encrypted unique hash\u003Cbr \u002F>\n✅ Time elapsed (with min\u002Fmax values)\u003Cbr \u002F>\n✅ Prohibited words in message\u002Femail and user agent\u003Cbr \u002F>\n✅ B8 statistical “Bayesian” spam filter\u003Cbr \u002F>\n✅ Identity protection\u003Cbr \u002F>\n✅ Webmail protection\u003C\u002Fp>\n\u003Ch3>Extends Flamingo and turns it into a spam manager!\u003C\u002Fh3>\n\u003Cp>With this plugin, you can now review emails and train B8 to identify spam and legitimate messages. This feature proves useful, especially during the initial stages when some spam emails may slip through.\u003Cbr \u002F>\nAlready using Flamingo? Even better! Just remember to add ‘flamingo_message: “[your-message]”‘ to the advanced settings (similar to other Flamingo labels) before activating the plugin. Alternatively, you can explore the advanced options and select “rebuild dictionary.”\u003Cbr \u002F>\nUpon activating CF7A, all previously collected emails will be parsed, and B8 will learn and develop its vocabulary. This pre-trained algorithm gives you a head start. How cool is that?\u003Cbr \u002F>\nAdditional Notes:\u003Cbr \u002F>\n– A new column has been added to the right side of the Flamingo inbound page, displaying the level of spaminess for each email.\u003Cbr \u002F>\n– If you unban an email on the Flamingo “inbound” page, the corresponding IP will be removed from the blocklist. However, marking an email as spam will not blocklist the IP again.\u003Cbr \u002F>\n– Before activating this plugin, please make sure to mark all spam emails as spam in the Flamingo inbound section. This auto-training process will help the B8 algorithm.\u003Cbr \u002F>\n– If you receive a spam message, please avoid deleting it from the “ham” section. Instead, place it in the spam section to teach B8 how to differentiate between spam and legitimate messages.\u003C\u002Fp>\n\u003Ch3>B8 statistical “Bayesian” Filter\u003C\u002Fh3>\n\u003Cp>Originally created by \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FGary_Robinson\" rel=\"nofollow ugc\">Gary Robinson\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.linuxjournal.com\u002Farticle\u002F6467\" rel=\"nofollow ugc\">b8 is a statistical “Bayesian”\u003C\u002Fa> spam filter implemented in PHP.\u003Cbr \u002F>\nThe B8 filter is a foundational example of \u003Cstrong>Machine Learning (ML)\u003C\u002Fstrong> for text classification, representing an early, yet powerful, statistical approach in Natural Language Processing (NLP). This approach precedes feature-weighting methods like \u003Cstrong>TF-IDF\u003C\u002Fstrong>, which in turn paved the way for modern deep learning architectures, such as \u003Cstrong>Transformers\u003C\u002Fstrong> and \u003Cstrong>GPT\u003C\u002Fstrong>.\u003Cbr \u002F>\nThe filter tells you whether a text is spam or not, using statistical text analysis. What it does is: you give b8 a text and it returns a value between 0 and 1, saying it’s ham when it’s near 0 and saying it’s spam when it’s near 1. See \u003Ca href=\"https:\u002F\u002Fnasauber.de\u002Fopensource\u002Fb8\u002Freadme.html#how-does-it-work\" rel=\"nofollow ugc\">How does it work?\u003C\u002Fa> for details about this.\u003Cbr \u002F>\nTo be able to distinguish spam and ham (non-spam), b8 first has to learn some spam and some ham texts. If it makes mistakes when classifying unknown texts or the result is not distinct enough, b8 can be told what the text actually is, getting better with each learned text.\u003Cbr \u002F>\nThis takes place on your own server without relying on third-party services.\u003Cbr \u002F>\nMore info: \u003Ca href=\"https:\u002F\u002Fnasauber.de\u002Fopensource\u002Fb8\u002F\" rel=\"nofollow ugc\">nasauber.de\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Identity protection\u003C\u002Fh3>\n\u003Cp>To fully protect the forms, it may be necessary to enable a couple of additional controls, because bots use the public data of the website to spam on it.\u003Cbr \u002F>\n– The first is user related and denies those who are not logged in the possibility of asking (sensitive) information about the user via wp-api and the protection for the xmlrpc exploit wordpress.\u003Cbr \u002F>\n– The second one is the WordPress protection that will obfuscate sensitive WordPress and server data, adding some headers in order to enhance security against xss and so on.\u003Cbr \u002F>\nWill be hidden the WordPress and WooCommerce version (wp_generator, woo_version), pingback (X-Pingback), server (nginx|apache|…) and php version (X-Powered-By), enabled xss protection headers (X-XSS-Protection), removes rest api link from header (but it will only continue to work if the link is not made public).\u003C\u002Fp>\n\u003Ch3>Mailbox Protection (Multiple Send)\u003C\u002Fh3>\n\u003Cp>Enhance email security by enabling the “Multiple Send” feature, which prevents consecutive email submissions to the user’s mailbox. This measure is effective in thwarting automated spam attempts and ensures a secure communication environment.\u003C\u002Fp>\n\u003Ch3>Security & Privacy: A Local-First Approach\u003C\u002Fh3>\n\u003Cp>AntiSpam for Contact Form 7 is built with your security and privacy as the \u003Cstrong>top priority\u003C\u002Fstrong>. Unlike many modern anti-spam solutions that rely on external cloud services or third-party subscriptions, our plugin is designed to run \u003Cstrong>entirely on your own WordPress installation\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>100% Local Processing:\u003C\u002Fstrong> All anti-spam logic, checks, and data processing are performed directly on your server. \u003Cstrong>No data is ever sent to, or stored by, any external third-party service\u003C\u002Fstrong> (including ours).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Not a Software as a Service (SaaS):\u003C\u002Fstrong> This plugin is a standalone, self-contained software solution, not an interface to a paid or subscription-based external service. Once installed, it works autonomously.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced Security:\u003C\u002Fstrong> Since there is \u003Cstrong>no central server or external API endpoint\u003C\u002Fstrong> to communicate with, your website is immune to potential risks associated with centralized services, such as Single Point of Failure or data breach risks.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>You retain complete control and ownership over the security of your Contact Form 7 submissions.\u003C\u002Fp>\n\u003Ch3>Privacy Notices\u003C\u002Fh3>\n\u003Cp>AntiSpam for Contact Form 7 only processes the IP but doesn’t store any personal data directly from the user input. However, it creates a dictionary of spam and ham (non-spam) words in the WordPress database.\u003Cbr \u002F>\nThis dictionary is built from words found in the submitted messages, meaning it \u003Cstrong>may contain words that were part of the user’s e-mail message or personal data\u003C\u002Fstrong>. This data is “degenerated,” which means the words might be normalized or altered before being stored.\u003Cbr \u002F>\nThe sole purpose of this word collecting is to build a dictionary used for local, decentralized spam detection.\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Community support: via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fcontact-form-7-antispam\u002F\" rel=\"ugc\">support forums\u003C\u002Fa> on wordpress.org\u003Cbr \u002F>\nBug reporting (preferred): file an issue on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ferikyo\u002Fcontact-form-7-antispam\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>We love your input! We want to make contributing to this project as easy and transparent as possible, whether it’s:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Reporting a bug\u003C\u002Fli>\n\u003Cli>Testing the plugin with different user agent and report fingerprinting failures\u003C\u002Fli>\n\u003Cli>Discussing the current state, features, improvements\u003C\u002Fli>\n\u003Cli>Submitting a fix or a new feature\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>We use GitHub to host code, to track issues and feature requests, as well as accept pull requests.\u003Cbr \u002F>\nBy contributing, you agree that your contributions will be licensed under its GPLv2 License.\u003C\u002Fp>\n\u003Cp>My goal is to create an antispam that protects cf7 definitively without relying on external services. And free for everyone.\u003Cbr \u002F>\nif you want to help me, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ferikyo\u002Fcontact-form-7-antispam\" rel=\"nofollow ugc\">GitHub\u003C\u002Fa> is the right place 😉\u003C\u002Fp>\n\u003Ch3>copyright\u003C\u002Fh3>\n\u003Cp>AntiSpam for Contact Form 7, Copyright 2021 Codekraft Studio\u003Cbr \u002F>\nAntiSpam for Contact Form 7 is distributed under the terms of the GNU GPL\u003C\u002Fp>\n\u003Cp>This program is free software: you can redistribute it and\u002For modify\u003Cbr \u002F>\nit under the terms of the GNU General Public License as published by\u003Cbr \u002F>\nthe Free Software Foundation, either version 3 of the License, or\u003Cbr \u002F>\n(at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful,\u003Cbr \u002F>\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\u003Cbr \u002F>\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\u003Cbr \u002F>\nSee the LICENSE file for more details.\u003C\u002Fp>\n\u003Ch4>Resources\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Contact Form 7 and Flamingo © 2021 Takayuki Miyoshi,\u003Ca href=\"https:\u002F\u002Fit.wordpress.org\u002Fplugins\u002Fcontact-form-7\u002F\" rel=\"nofollow ugc\">LGPLv3 or later\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>B8 https:\u002F\u002Fnasauber.de\u002Fopensource\u002Fb8\u002F, © 2021 Tobias Leupold, \u003Ca href=\"https:\u002F\u002Fgitlab.com\u002Fl3u\u002Fb8\u002F-\u002Ftree\u002Fab26daa6b293e6aa059d24ce7cf77af6c8b9b052\u002FLICENSES\" rel=\"nofollow ugc\">LGPLv3 or later\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>GeoLite2 \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Fgeolite2\u002Feula\" rel=\"nofollow ugc\">license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>GeoIP2 PHP API \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmaxmind\u002FGeoIP2-php\" rel=\"nofollow ugc\">GeoIP2-php\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>chart.js https:\u002F\u002Fwww.chartjs.org\u002F, © 2021 Chart.js \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchartjs\u002FChart.js\u002Fgraphs\u002Fcontributors\" rel=\"nofollow ugc\">contributors\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fchartjs\u002FChart.js\u002Fblob\u002Fmaster\u002FLICENSE.md\" rel=\"nofollow ugc\">MIT\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Sudden Shower in the Summer, Public domain, Wikimedia Commons https:\u002F\u002Fcommons.wikimedia.org\u002Fwiki\u002FFile:Sudden_Shower_in_the_Summer_(5759500422).jpg\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Contibutions\u003C\u002Fh3>\n\u003Cp>Mirek Długosz – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ferikyo\u002Fcf7-antispam\u002Fpull\u002F30\" rel=\"nofollow ugc\">#30\u003C\u002Fa> fixes a crash that occurred when analysing flamingo metadata\u003Cbr \u002F>\nMeliEve – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-blocks\u002Fcf7-antispam\u002Fpull\u002F42\" rel=\"nofollow ugc\">#42\u003C\u002Fa> Fix “internal_server_error” when message is empty\u003Cbr \u002F>\nMeliEve – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-blocks\u002Fcf7-antispam\u002Fpull\u002F61\" rel=\"nofollow ugc\">#61\u003C\u002Fa>  Handle deferrer script loading\u003Cbr \u002F>\nZodiac1978 – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-blocks\u002Fcf7-antispam\u002Fpull\u002F67\" rel=\"nofollow ugc\">#67\u003C\u002Fa> Remove warning for unsafe email configuration w\u002Fo protection\u003Cbr \u002F>\nJohnHooks – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-blocks\u002Fcf7-antispam\u002Fpull\u002F61\" rel=\"nofollow ugc\">#66\u003C\u002Fa> Readme + plugin env\u003Cbr \u002F>\nsdellenb – \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fwp-blocks\u002Fcf7-antispam\u002Fpull\u002F163\" rel=\"nofollow ugc\">#66\u003C\u002Fa> Fix $reason parameter for calling cf7a_ban_by_ip\u003C\u002Fp>\n\u003Ch3>Special thanks\u003C\u002Fh3>\n\u003Cp>This project is tested with BrowserStack. \u003Ca href=\"https:\u002F\u002Fwww.browserstack.com\u002F\" rel=\"nofollow ugc\">Browserstack\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>MaxMind GeoIP2\u003C\u002Fh3>\n\u003Cp>This plugin on demand can enable GeoLite2 created by MaxMind, available from \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.maxmind.com\u003C\u002Fa>\u003Cbr \u002F>\nWhile enabled you may \u003Cstrong>have to mention it in the privacy policy\u003C\u002Fstrong> of your site, depending on the law regulating privacy in your state!\u003Cbr \u002F>\n* GeoIP2 databases \u003Ca href=\"https:\u002F\u002Fwww.maxmind.com\u002Fen\u002Faccounts\u002Fcurrent\u002Fgeoip\u002Fdownloads\" rel=\"nofollow ugc\">GeoLite2 Country\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>DNSBL servers privacy policies\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>dnsbl-1.uceprotect.net \u003Ca href=\"http:\u002F\u002Fwww.uceprotect.net\u002Fen\u002Findex.php?m=13&s=0\" rel=\"nofollow ugc\">www.uceprotect.net license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>dnsbl-2.uceprotect.net \u003Ca href=\"http:\u002F\u002Fwww.uceprotect.net\u002Fen\u002Findex.php?m=13&s=0\" rel=\"nofollow ugc\">www.uceprotect.net license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>dnsbl-3.uceprotect.net \u003Ca href=\"http:\u002F\u002Fwww.uceprotect.net\u002Fen\u002Findex.php?m=13&s=0\" rel=\"nofollow ugc\">www.uceprotect.net license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>dnsbl.sorbs.net \u003Ca href=\"http:\u002F\u002Fwww.sorbs.net\u002Finformation\u002Ffaq\u002F\" rel=\"nofollow ugc\">sorbs.net license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>zen.spamhaus.org \u003Ca href=\"https:\u002F\u002Fwww.spamhaus.org\u002Forganization\u002Fdnsblusage\u002F\" rel=\"nofollow ugc\">spamhaus.org license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>bl.spamcop.net \u003Ca href=\"https:\u002F\u002Fwww.spamcop.net\u002Ffom-serve\u002Fcache\u002F297.html\" rel=\"nofollow ugc\">spamcop.net license\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>b.barracudacentral.org \u003Ca href=\"https:\u002F\u002Fwww.barracuda.com\u002Fcompany\u002Flegal\u002Ftrust-center\u002Fdata-privacy\u002Fprivacy-policy\" rel=\"nofollow ugc\">barracudacentral.org privacy-policy\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>dnsbl.dronebl.org \u003Ca href=\"https:\u002F\u002Fdronebl.org\u002Fdocs\u002Ffaq\" rel=\"nofollow ugc\">dronebl.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>all.spamrats.com \u003Ca href=\"https:\u002F\u002Fspamrats.com\u002Ftos.php\" rel=\"nofollow ugc\">spamrats.com tos\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>bl.ipv6.spameatingmonkey.net \u003Ca href=\"https:\u002F\u002Fspameatingmonkey.com\u002Ffaq\" rel=\"nofollow ugc\">spameatingmonkey.net\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Inspirations, links\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Nikolai Tschacher \u003Ca href=\"https:\u002F\u002Fincolumitas.com\u002Fpages\u002FBotOrNot\u002F\" rel=\"nofollow ugc\">incolumitas.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Antoine Vastel \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fantoinevastel\u002Ffpscanner\" rel=\"nofollow ugc\">fp-scanner\u003C\u002Fa>\u002F\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fantoinevastel\u002Ffp-collect\" rel=\"nofollow ugc\">fp-collect\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Niespodd \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fniespodd\u002Fbrowser-fingerprinting\" rel=\"nofollow ugc\">niespodd\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Thomas Breuss \u003Ca href=\"https:\u002F\u002Fgist.github.com\u002Ftbreuss\u002F74da96ff5f976ce770e6628badbd7dfc\" rel=\"nofollow ugc\">tbreuss\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Domain Name System-based blackhole list \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FDomain_Name_System-based_blackhole_list\" rel=\"nofollow ugc\">wiki\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>dnsbl list \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FComparison_of_DNS_blacklists\" rel=\"nofollow ugc\">wiki\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","A trustworthy antispam plugin for Contact Form 7. Wave goodbye to spam and keep your inbox clean!",10000,81497,84,12,"2026-01-30T21:39:00.000Z","6.9.4","6.2","7.4",[20,21,22,23],"antispam","geoip","honeypot","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcf7-antispam.0.7.4.zip",98,2,0,"2025-07-16 00:00:00","2026-03-15T15:16:48.613Z",[32,48],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2025-54020","antispam-for-contact-form-7-cross-site-request-forgery","AntiSpam for Contact Form 7 \u003C= 0.6.3 - Cross-Site Request Forgery","The AntiSpam for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action granted they can trick a site administrator into performing an action such as clicking on a link.",null,"\u003C=0.6.3","0.6.4","medium",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2025-07-21 21:12:10",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd97c19d6-511f-459a-9880-cdc1fe137205?source=api-prod",6,{"id":49,"url_slug":50,"title":51,"description":52,"plugin_slug":4,"theme_slug":37,"affected_versions":53,"patched_in_version":54,"severity":40,"cvss_score":55,"cvss_vector":56,"vuln_type":57,"published_date":58,"updated_date":59,"references":60,"days_to_patch":62},"CVE-2024-27961","antispam-for-contact-form-7-reflected-cross-site-scripting","AntiSpam for Contact Form 7 \u003C= 0.6.0 - Reflected Cross-Site Scripting","The AntiSpam for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 0.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=0.6.0","0.6.1",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-03-13 00:00:00","2024-03-20 18:54:24",[61],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fe6b289c2-0e04-43b1-baf1-6a594cc47ea0?source=api-prod",8,{"slug":64,"display_name":7,"profile_url":8,"plugin_count":47,"total_installs":65,"avg_security_score":66,"avg_patch_time_days":67,"trust_score":68,"computed_at":69},"codekraft",11250,90,7,93,"2026-04-04T05:26:14.455Z",[71,91,112,129,152],{"slug":72,"name":73,"version":74,"author":75,"author_profile":76,"description":77,"short_description":78,"active_installs":11,"downloaded":79,"rating":80,"num_ratings":14,"last_updated":81,"tested_up_to":82,"requires_at_least":83,"requires_php":84,"tags":85,"homepage":88,"download_link":89,"security_score":90,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"honeypot-antispam","Honeypot Anti-Spam","1.0.5","RaiolaNetworks","https:\u002F\u002Fprofiles.wordpress.org\u002Fraiolanetworks\u002F","\u003Cul>\n\u003Cli>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fraiolanetworks.com\u002Fblog\u002Fanti-spam-wordpress\u002F\" title=\"Información y soporte\" rel=\"nofollow ugc\">Información\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Honeypot Anti-Spam es un plugin antispam para WordPress que te permite proteger los formularios de comentarios mediante la técnica honeypot.\u003C\u002Fp>\n\u003Cp>El uso de la técnica honeypot implica que, si instalas Honeypot Anti-Spam, no necesitarás incluir un molesto captcha en tu WordPress. El motivo es que honeypot es completamente invisible para el visitante.\u003C\u002Fp>\n\u003Cp>La técnica antispam honeypot consiste en un campo oculto que se introduce mediante javascript en los formularios. Un visitante legítimo nunca llega a ver este campo ni, por lo tanto, a rellenarlo. En cambio, los spam bots lo detectan y lo rellenan, por lo que el comentario o envío se clasifica como SPAM de manera inmediata.\u003C\u002Fp>\n\u003Cp>Honeypot Anti-Spam NO tiene opciones ni configuración. Para hacer que empiece a funcionar solo tienes que instalar y activar. Nada más.\u003C\u002Fp>\n\u003Ch3>Instalación\u003C\u002Fh3>\n\u003Col>\n\u003Cli>Instalar y activar el plugin desde el dahsboard de WordPress.\u003C\u002Fli>\n\u003Cli>¡Ya está! No tienes que hacer nada más.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>Preguntas frecuentes\u003C\u002Fh3>\n\u003Ch4>¿Es efectiva la técnica honeypot para el spam?\u003C\u002Fh4>\n\u003Cp>Sí, es efectiva contra bots, aunque NO funciona contra el spam manual. De todas formas, en el 99,99% de los casos, el spam se realiza de forma automática mediante bots.\u003C\u002Fp>\n\u003Ch4>¿Afectará en algo a mi WordPress?\u003C\u002Fh4>\n\u003Cp>No, el sistema es completamente automático y no afecta al funcionamiento normal de WordPress: es transparente.\u003Cbr \u002F>\nEn casos muy raros, algún plugin puede dar problemas con el javascript usado para insertar el campo honeypot, pero ocurre muy pocas veces.\u003C\u002Fp>\n\u003Ch4>¿Puedo usar Honeypot Anti-Spam con Disqus o wpDisquz?\u003C\u002Fh4>\n\u003Cp>No, Honeypot Anti-Spam no es compatible con otros sistemas de comentarios que no sean los de WordPress.\u003C\u002Fp>\n\u003Ch3>Incluido por defecto en:\u003C\u002Fh3>\n\u003Cp>Servicio de hosting para WordPress de Raiola Networks.\u003C\u002Fp>\n","Protege WordPress del SPAM mediante honeypot.",67253,94,"2024-08-01T15:32:00.000Z","6.6.5","3.3","5.6",[20,86,22,23,87],"comment","spam","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fhoneypot-antispam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhoneypot-antispam.1.0.5.zip",92,{"slug":92,"name":93,"version":94,"author":95,"author_profile":96,"description":97,"short_description":98,"active_installs":99,"downloaded":100,"rating":101,"num_ratings":27,"last_updated":102,"tested_up_to":103,"requires_at_least":24,"requires_php":84,"tags":104,"homepage":24,"download_link":110,"security_score":111,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"honeypot-woocommerce-wp-antispam","Honeypot WooCommerce – WordPress AntiSpam","1.3.7","Camilo","https:\u002F\u002Fprofiles.wordpress.org\u002Fcamilo517\u002F","\u003Cp>This plugin activates a honeypot (Anti-Spam and anti-bot) in the following sites:\u003Cbr \u002F>\n-WooCommerce login form\u003Cbr \u002F>\n-WooCommerce registration form\u003Cbr \u002F>\n-Comments box of the post\u003Cbr \u002F>\n-WordPress registration form\u003Cbr \u002F>\n-WordPress login form\u003C\u002Fp>\n\u003Cp>It is highly optimized, so that the performance of your website is not affected\u003C\u002Fp>\n","This plugin activates a honeypot (Anti-Spam and anti-bot) in the following sites:",200,4193,100,"2020-08-24T23:20:00.000Z","5.5.18",[105,106,107,108,109],"antispam-woocommerce","antispam-wordpress","honeypot-woocommerce","security-woocommerce","seguridad","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhoneypot-woocommerce-wp-antispam.1.3.7.zip",85,{"slug":113,"name":114,"version":115,"author":116,"author_profile":117,"description":118,"short_description":119,"active_installs":120,"downloaded":121,"rating":28,"num_ratings":28,"last_updated":122,"tested_up_to":16,"requires_at_least":123,"requires_php":18,"tags":124,"homepage":127,"download_link":128,"security_score":101,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"honeypot-guard-silent-anti-spam","Honeypot Guard – Silent Anti-Spam","2.1.0","MDigital","https:\u002F\u002Fprofiles.wordpress.org\u002Fmantasdigital\u002F","\u003Cp>\u003Cstrong>Honeypot Guard\u003C\u002Fstrong> is a powerful, privacy-focused anti-spam solution that protects your WordPress forms without annoying your visitors with CAPTCHAs. Using invisible detection techniques, it blocks spam bots while maintaining a seamless user experience.\u003C\u002Fp>\n\u003Ch4>Why Choose Honeypot Guard?\u003C\u002Fh4>\n\u003Cp>Unlike CAPTCHA-based solutions that frustrate users and hurt conversions (studies show CAPTCHAs reduce form submissions by 10-40%), Honeypot Guard provides \u003Cstrong>superior spam protection\u003C\u002Fstrong> with \u003Cstrong>zero user friction\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch4>How It Works\u003C\u002Fh4>\n\u003Cp>Honeypot Guard uses multiple layers of intelligent detection to catch spam automatically:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Invisible Honeypot Fields\u003C\u002Fstrong> – Hidden fields that real users never see, but bots fill out automatically\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Dynamic Field Rotation\u003C\u002Fstrong> – Constantly changing field names make it harder for sophisticated bots to adapt\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Timestamp Validation\u003C\u002Fstrong> – Detects instant submissions (bots can’t read like humans)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Intelligent Gibberish Detection\u003C\u002Fstrong> – Catches keyboard mashing and random text patterns\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Heuristic Analysis\u003C\u002Fstrong> – Pattern-based detection of common spam characteristics\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Character Script Filtering\u003C\u002Fstrong> – Optionally block submissions containing specific character scripts (Cyrillic, Chinese, etc.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cookie Verification\u003C\u002Fstrong> – Proves JavaScript execution in a real browser environment\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Zero User Friction\u003C\u002Fstrong> – Completely invisible protection, no annoying puzzles\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy-Focused\u003C\u002Fstrong> – All processing on your server, no third-party tracking by default\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Granular Blacklisting\u003C\u002Fstrong> – Block by email, domain, IP address, or keywords\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Rate Limiting\u003C\u002Fstrong> – Prevent spam floods with configurable submission limits\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Detailed Spam Logs\u003C\u002Fstrong> – View blocked submissions with one-click IP blocking\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multi-Language Admin\u003C\u002Fstrong> – Available in 9 languages (English, German, Spanish, Italian, Lithuanian, Swedish, Polish, Estonian, Spanish-Mexico)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>GDPR Compliant\u003C\u002Fstrong> – No data sent to external services (unless you enable optional AI detection)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Works Automatically\u003C\u002Fstrong> – Integrates seamlessly with popular form plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Supported Form Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Contact Form 7\u003C\u002Fli>\n\u003Cli>WPForms\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>WordPress Registration Forms\u003C\u002Fli>\n\u003Cli>WordPress Comments\u003C\u002Fli>\n\u003Cli>WooCommerce Checkout & Registration\u003C\u002Fli>\n\u003Cli>bbPress Forums\u003C\u002Fli>\n\u003Cli>Any HTML form with minimal configuration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Advanced Protection Options\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>AI-Powered Gibberish Detection\u003C\u002Fstrong> (Optional) – Use OpenAI or Anthropic APIs for advanced content analysis\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Meta Pixel Protection\u003C\u002Fstrong> – Block form submission tracking until verification\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Custom Honeypot Field Names\u003C\u002Fstrong> – Define your own field names for added security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist Trusted Users\u003C\u002Fstrong> – Bypass checks for logged-in users or specific IPs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Privacy & Performance\u003C\u002Fh4>\n\u003Cp>Honeypot Guard is designed with privacy and performance in mind:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Lightweight\u003C\u002Fstrong> – Adds virtually zero latency to your site\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No External Calls\u003C\u002Fstrong> – Basic protection requires no API calls\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cache Compatible\u003C\u002Fstrong> – Works with WP Super Cache, W3 Total Cache, WP Rocket, LiteSpeed, and more\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Cookies Required\u003C\u002Fstrong> – Core functionality works without cookies (optional cookie verification available)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Professional Support\u003C\u002Fh4>\n\u003Cp>Need help? Visit \u003Ca href=\"https:\u002F\u002Fwww.mantasdigital.com\u002Fhoneypot-guard\u002F\" rel=\"nofollow ugc\">mantasdigital.com\u002Fhoneypot-guard\u003C\u002Fa> for documentation and support.\u003C\u002Fp>\n\u003Ch3>Privacy Policy\u003C\u002Fh3>\n\u003Cp>Honeypot Guard collects and stores:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>IP addresses of form submissions (for spam detection and blocking)\u003C\u002Fli>\n\u003Cli>Form submission data flagged as spam (for review and pattern detection)\u003C\u002Fli>\n\u003Cli>Timestamps of submissions (for rate limiting)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This data is stored in your WordPress database and is \u003Cstrong>never sent to external services\u003C\u002Fstrong> unless you enable optional AI-powered detection.\u003C\u002Fp>\n\u003Cp>You can configure automatic deletion of spam logs in Settings > Honeypot Guard.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin can optionally connect to external AI services for advanced gibberish detection. These services are \u003Cstrong>disabled by default\u003C\u002Fstrong> and must be explicitly enabled by the administrator.\u003C\u002Fp>\n\u003Ch4>OpenAI API (Optional)\u003C\u002Fh4>\n\u003Cp>When AI gibberish detection is enabled and configured with an OpenAI API key:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>What it does:\u003C\u002Fstrong> Analyzes suspicious form field content to detect nonsensical or spam text\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> Only the specific text field being analyzed (not the entire form submission)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When sent:\u003C\u002Fstrong> Only when a submission is flagged as potentially suspicious and AI detection is enabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> OpenAI, L.L.C.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of use:\u003C\u002Fstrong> https:\u002F\u002Fopenai.com\u002Fpolicies\u002Fterms-of-use\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy policy:\u003C\u002Fstrong> https:\u002F\u002Fopenai.com\u002Fpolicies\u002Fprivacy-policy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Anthropic API (Optional)\u003C\u002Fh4>\n\u003Cp>When AI gibberish detection is enabled and configured with an Anthropic API key:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>What it does:\u003C\u002Fstrong> Analyzes suspicious form field content to detect nonsensical or spam text\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Data sent:\u003C\u002Fstrong> Only the specific text field being analyzed (not the entire form submission)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>When sent:\u003C\u002Fstrong> Only when a submission is flagged as potentially suspicious and AI detection is enabled\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Service provider:\u003C\u002Fstrong> Anthropic, PBC\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Terms of use:\u003C\u002Fstrong> https:\u002F\u002Fwww.anthropic.com\u002Flegal\u002Fconsumer-terms\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Privacy policy:\u003C\u002Fstrong> https:\u002F\u002Fwww.anthropic.com\u002Flegal\u002Fprivacy\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Important:\u003C\u002Fstrong> These services are entirely optional. Honeypot Guard provides effective spam protection without any external services using its built-in detection methods.\u003C\u002Fp>\n\u003Ch3>Additional Info\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.mantasdigital.com\u002Fhoneypot-guard\u002F\" rel=\"nofollow ugc\">Plugin Website\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.mantasdigital.com\u002Fhoneypot-guard\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.mantasdigital.com\u002F\" rel=\"nofollow ugc\">Support\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmantasdigital\u002Fhoneypot-guard\" rel=\"nofollow ugc\">GitHub Repository\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Anti-spam protection for forms, signups, and comments using advanced honeypot techniques. No CAPTCHAs, no user friction.",10,168,"2026-02-05T21:01:00.000Z","5.0",[20,125,22,23,126],"contact-form-7","spam-protection","https:\u002F\u002Fwww.mantasdigital.com\u002Fhoneypot-guard\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhoneypot-guard-silent-anti-spam.2.1.0.zip",{"slug":130,"name":131,"version":132,"author":133,"author_profile":134,"description":135,"short_description":136,"active_installs":137,"downloaded":138,"rating":139,"num_ratings":140,"last_updated":141,"tested_up_to":16,"requires_at_least":142,"requires_php":24,"tags":143,"homepage":148,"download_link":149,"security_score":26,"vuln_count":150,"unpatched_count":28,"last_vuln_date":151,"fetched_at":30},"google-captcha","reCaptcha by BestWebSoft","1.86","bestwebsoft","https:\u002F\u002Fprofiles.wordpress.org\u002Fbestwebsoft\u002F","\u003Cp>reCaptcha plugin is an effective security solution that protects your WordPress website forms from spam entries while letting real people pass through with ease.  It can be used for login, registration, password recovery, comments, popular contact forms, and other. reCAPTCHA Version 3, Version 2, Invisible are included.\u003C\u002Fp>\n\u003Cp>Users are required to confirm that they are not a robot before the form can be submitted. It’s easy for people and hard for bots.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdemo-for-google-captcha\u002F?ref=readme\" rel=\"nofollow ugc\">View Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FL2BziEOL3Fg?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch4>Free Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Add reCaptcha to:\n\u003Cul>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Reset password form\u003C\u002Fli>\n\u003Cli>Protected post password form\u003C\u002Fli>\n\u003Cli>Comments form\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fcontact-form\u002F?k=56575444122cff9ab3ee3e640efb001a\" rel=\"nofollow ugc\">Contact Form\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Ftestimonials\u002F\" rel=\"nofollow ugc\">Testimonials\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fbws-login-register\" rel=\"ugc\">Login & Register Form\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Custom form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Hide reCaptcha for the allowlisted IP addresses\u003C\u002Fli>\n\u003Cli>Disable the submit button\u003C\u002Fli>\n\u003Cli>Validity check of keys in admin panel\u003C\u002Fli>\n\u003Cli>Available reCaptcha themes for Version 2:\n\u003Cul>\n\u003Cli>Light (default)\u003C\u002Fli>\n\u003Cli>Dark\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Flimit-attempts\u002F?k=1b1865c556920231995b35c3ed889415\" rel=\"nofollow ugc\">Limit Attempts\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Hide reCaptcha in your forms for certain user roles\u003C\u002Fli>\n\u003Cli>Hide reCaptcha Badge (Invisible and V3)\u003C\u002Fli>\n\u003Cli>Supports reCaptcha:\n\u003Cul>\n\u003Cli>Version 2\u003C\u002Fli>\n\u003Cli>Version 3\u003C\u002Fli>\n\u003Cli>Invisible reCAPTCHA\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Add custom code via plugin settings page\u003C\u002Fli>\n\u003Cli>Compatible with latest WordPress version\u003C\u002Fli>\n\u003Cli>Incredibly simple settings for fast setup without modifying code\u003C\u002Fli>\n\u003Cli>Detailed step-by-step documentation and videos\u003C\u002Fli>\n\u003Cli>Multilingual and RTL ready\u003C\u002Fli>\n\u003Cli>Edit error message\u003C\u002Fli>\n\u003Cli>Hide Login page\u003C\u002Fli>\n\u003Cli>Force Strong Passwords\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Pro Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All features from Free version included plus:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Compatible with:\n\u003Cul>\n\u003Cli>Contact Form 7 (since v 3.4)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fsubscriber\u002F?k=e6d1742fcf1806a39afac207f7920cf3\" rel=\"nofollow ugc\">Subscriber\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fmultilanguage\u002F?k=e48e145002e4b2472e568a81d171b888\" rel=\"nofollow ugc\">Multilanguage\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Jetpack contact form\u003C\u002Fli>\n\u003Cli>Fast Secure Contact Form\u003C\u002Fli>\n\u003Cli>MailChimp for WordPress\u003C\u002Fli>\n\u003Cli>Ninja Forms\u003C\u002Fli>\n\u003Cli>Gravity Forms\u003C\u002Fli>\n\u003Cli>WPForms\u003C\u002Fli>\n\u003Cli>Caldera Forms\u003C\u002Fli>\n\u003Cli>Elementor Pro Contact Forms\u003C\u002Fli>\n\u003Cli>LearnDash Registration Page\u003C\u002Fli>\n\u003Cli>BuddyBoss\u003C\u002Fli>\n\u003Cli>Formidable Forms\u003C\u002Fli>\n\u003Cli>Forminator Forms\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with WooCommerce:\n\u003Cul>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Register form\u003C\u002Fli>\n\u003Cli>Lost password form\u003C\u002Fli>\n\u003Cli>Checkout billing form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with Divi:\n\u003Cul>\n\u003Cli>Divi Builder Contact form\u003C\u002Fli>\n\u003Cli>Divi Builder Login form\u003C\u002Fli>\n\u003Cli>Divi Theme Contact form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with bbPress:\n\u003Cul>\n\u003Cli>New Topic form\u003C\u002Fli>\n\u003Cli>Reply form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with BuddyPress:\n\u003Cul>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>Comments form\u003C\u002Fli>\n\u003Cli>Create a Group form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with Forums – wpForo:\n\u003Cul>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>New Topic form\u003C\u002Fli>\n\u003Cli>Reply form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with Ultimate Member:\n\u003Cul>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>Profile form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with BWS Login Register Form:\n\u003Cul>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>Forgot Password form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Compatible with Easy Digital Downloads Form:\n\u003Cul>\n\u003Cli>Login form\u003C\u002Fli>\n\u003Cli>Registration form\u003C\u002Fli>\n\u003Cli>Forgot Password form\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Select reCaptcha language manually\u003C\u002Fli>\n\u003Cli>Activate reCaptcha on certain Weekdays and Hours\u003C\u002Fli>\n\u003Cli>Change size: normal or compact (for version 2)\u003C\u002Fli>\n\u003Cli>Configure all subsites on the network\u003C\u002Fli>\n\u003Cli>Block disposable emails\u003C\u002Fli>\n\u003Cli>Administrator Login notification\u003C\u002Fli>\n\u003Cli>Get answer to your support question within one business day (\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fsupport-policy\u002F\" rel=\"nofollow ugc\">Support Policy\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fgoogle-captcha\u002F?k=c4f2e3054fdbaca8a2b61554cbb9638c\" rel=\"nofollow ugc\">Upgrade to Pro Now\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>If you have a feature suggestion or idea you’d like to see in the plugin, we’d love to hear about it! \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">Suggest a Feature\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Documentation & Videos\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Frecaptcha\u002Frecaptcha-user-guide\u002F\" rel=\"nofollow ugc\">[Doc] User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-install-a-wordpress-product\u002Fhow-to-install-a-wordpress-plugin\u002F\" rel=\"nofollow ugc\">[Doc] Installation\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fdocumentation\u002Fhow-to-purchase-a-wordpress-plugin\u002Fhow-to-purchase-wordpress-plugin-from-bestwebsoft\u002F\" rel=\"nofollow ugc\">[Doc] Purchase\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.youtube.com\u002Fwatch?v=RUJ9VwZLFSY\" rel=\"nofollow ugc\">[Video] Installation Instruction\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=X-ccRdEFcM0\" rel=\"nofollow ugc\">[Video] Purchase, Installation & Configuration\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=ZFv6txtic0Y\" rel=\"nofollow ugc\">[Video] User Guide\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Help & Support\u003C\u002Fh4>\n\u003Cp>Visit our Help Center if you have any questions, our friendly Support Team is happy to help – \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fsupport.bestwebsoft.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Affiliate Program\u003C\u002Fh4>\n\u003Cp>Earn 20% commission by selling the premium WordPress plugins and themes by BestWebSoft – \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Faffiliate\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u002Faffiliate\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Translation\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Czech (cs_CZ) (thanks to \u003Ca href=\"mailto:kucerami@gmail.com\" rel=\"nofollow ugc\">Michal Kučera\u003C\u002Fa>, www.n0lim.it, \u003Ca href=\"mailto:info@pamadessoft.cz\" rel=\"nofollow ugc\">PaMaDeSSoft\u003C\u002Fa>, www.pamadessoft.cz)\u003C\u002Fli>\n\u003Cli>French (fr_FR)\u003C\u002Fli>\n\u003Cli>German (de_DE)\u003C\u002Fli>\n\u003Cli>Japanese (ja)\u003C\u002Fli>\n\u003Cli>Italian (it_IT)\u003C\u002Fli>\n\u003Cli>Portuguese (pt_BR)\u003C\u002Fli>\n\u003Cli>Romanian (ro_RO)\u003C\u002Fli>\n\u003Cli>Russian (ru_RU)\u003C\u002Fli>\n\u003Cli>Spanish (es_ES)\u003C\u002Fli>\n\u003Cli>Turkish (tr_TR) (thanks to \u003Ca href=\"mailto:admin@lordiz.com\" rel=\"nofollow ugc\">Lordiz\u003C\u002Fa>, www.lordiz.com)\u003C\u002Fli>\n\u003Cli>Ukrainian (uk)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Some of these translations are not complete. We are constantly adding new features which should be translated. If you would like to create your own language pack or update the existing one, you can send \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FTranslating_WordPress\" rel=\"nofollow ugc\">the text of PO and MO files\u003C\u002Fa> to \u003Ca href=\"https:\u002F\u002Fsupport.bestwebsoft.com\u002Fhc\u002Fen-us\u002Frequests\u002Fnew\" rel=\"nofollow ugc\">BestWebSoft\u003C\u002Fa> and we’ll add it to the plugin. You can download the latest version of the program for work with PO and MO \u003Ca href=\"http:\u002F\u002Fwww.poedit.net\u002Fdownload.php\" rel=\"nofollow ugc\">files Poedit\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Recommended Plugins\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fupdater\u002F?k=f47f3eb3d739725d592249dbd129f7ff\" rel=\"nofollow ugc\">Updater\u003C\u002Fa> – Automatically check and update WordPress website core with all installed plugins and themes to the latest versions.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fcontact-form\u002F?k=56575444122cff9ab3ee3e640efb001a\" rel=\"nofollow ugc\">Contact Form\u003C\u002Fa> – Simple contact form plugin any WordPress website must have.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fsubscriber\u002F?k=e6d1742fcf1806a39afac207f7920cf3\" rel=\"nofollow ugc\">Subscriber\u003C\u002Fa> – Add email newsletter sign up form to WordPress posts, pages and widgets. Collect data and subscribe your users.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fmultilanguage\u002F?k=e48e145002e4b2472e568a81d171b888\" rel=\"nofollow ugc\">Multilanguage\u003C\u002Fa> – Translate WordPress website content to other languages manually. Create multilingual pages, posts, widgets, menus, etc.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Credits\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>lib\u002Frecaptchalib.php – Copyright © 2007. Mike Crawford, Ben Maurer (reCAPTCHA – \u003Ca href=\"http:\u002F\u002Frecaptcha.net\" rel=\"nofollow ugc\">http:\u002F\u002Frecaptcha.net\u003C\u002Fa>). All Rights Reserved.\u003C\u002Fli>\n\u003Cli>The plugin uses Google Recaptcha (Google LLC) services to process data and protect against spam. \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fwww.google.com\u002Frecaptcha\u002F\u003C\u002Fa> Terms of service \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fterms\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fterms\u003C\u002Fa>. Privacy Policy \u003Ca href=\"https:\u002F\u002Fpolicies.google.com\u002Fprivacy\" rel=\"nofollow ugc\">https:\u002F\u002Fpolicies.google.com\u002Fprivacy\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>This plugin incorporates a license verification mechanism to ensure the authenticity of your license key and provide access to premium features and updates. The verification process involves connecting securely to our external service hosted at BestWebSoft website \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u003C\u002Fa>. Privacy Policy \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fprivacy-policy\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u002Fprivacy-policy\u002F\u003C\u002Fa>. End user license agreement \u003Ca href=\"https:\u002F\u002Fbestwebsoft.com\u002Fend-user-license-agreement\u002F\" rel=\"nofollow ugc\">https:\u002F\u002Fbestwebsoft.com\u002Fend-user-license-agreement\u002F\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect WordPress website forms from spam entries with Google reCAPTCHA.",100000,6607298,78,390,"2026-02-25T08:45:00.000Z","6.5",[144,20,145,146,147],"anti-spam-security","captcha","captha","recaptcha","https:\u002F\u002Fbestwebsoft.com\u002Fproducts\u002Fwordpress\u002Fplugins\u002Fgoogle-captcha\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgoogle-captcha.1.86.zip",3,"2025-01-03 00:00:00",{"slug":153,"name":154,"version":155,"author":156,"author_profile":157,"description":158,"short_description":159,"active_installs":160,"downloaded":161,"rating":66,"num_ratings":162,"last_updated":163,"tested_up_to":16,"requires_at_least":84,"requires_php":18,"tags":164,"homepage":168,"download_link":169,"security_score":26,"vuln_count":150,"unpatched_count":28,"last_vuln_date":170,"fetched_at":30},"anti-spam","Titan Anti-spam & Security","7.5.0","Themeisle","https:\u002F\u002Fprofiles.wordpress.org\u002Fthemeisle\u002F","\u003Cp>Titan Anti-Spam & Security is a complete protection solution designed to secure your website against spam, login attacks, and unauthorized access.\u003C\u002Fp>\n\u003Cp>Websites are constantly targeted by automated spam bots, brute force login attempts, and malicious access patterns. Titan helps you block spam comments, protect your login page, enforce strong authentication, and apply essential security hardening rules from a single dashboard.\u003C\u002Fp>\n\u003Cp>Whether you run a blog, business site, WooCommerce store, membership platform, or agency network, Titan helps you:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Stop comment spam automatically\u003C\u002Fli>\n\u003Cli>Protect your login area from brute force attacks\u003C\u002Fli>\n\u003Cli>Limit login attempts and lock suspicious activity\u003C\u002Fli>\n\u003Cli>Monitor login activity and security events\u003C\u002Fli>\n\u003Cli>Apply security hardening best practices\u003C\u002Fli>\n\u003Cli>Enable two-factor authentication for stronger account security in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Create backups with advanced storage options in \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Pro\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Titan is designed to reduce risk without affecting legitimate visitors or requiring captcha challenges.\u003C\u002Fp>\n\u003Ch3>Quick links\u003C\u002Fh3>\n\u003Cp>📘 \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002Ftitan-anti-spam-security\u002F\" rel=\"nofollow ugc\">Documentation\u003C\u002Fa> – Complete setup and configuration guide\u003Cbr \u002F>\n💬 \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa> – Get help with spam protection, login security, and plugin settings from the community and support team.\u003Cbr \u002F>\n⭐ \u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=quicklinks\" rel=\"nofollow ugc\">Go Pro\u003C\u002Fa> – Unlock Machine Learning spam detection, two-factor authentication, backups, and priority support.\u003C\u002Fp>\n\u003Ch3>Anti Spam Protection\u003C\u002Fh3>\n\u003Cp>Spam comments can damage your SEO, clutter your database, and waste moderation time. Titan provides automated spam protection that works in the background without interrupting real users.\u003C\u002Fp>\n\u003Cp>Every comment is checked against a global spam database and evaluated using intelligent filtering rules. Suspicious comments are automatically marked as spam and hidden from public view.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic spam comment blocking:\u003C\u002Fstrong> Blocks spam comments in real time using a global spam database and intelligent filtering rules. Suspicious submissions are automatically marked as spam before they appear publicly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Block spam comments without captcha:\u003C\u002Fstrong> Protect your site from comment spam without forcing visitors to solve captcha challenges. Real users experience a smooth commenting process.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Save spam comments for review:\u003C\u002Fstrong> Optionally store filtered spam comments in the moderation area so you can verify filtering accuracy and review blocked content.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Detailed spam processing logs:\u003C\u002Fstrong> View logs of processed comments to understand how spam filtering works and monitor spam activity trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Privacy policy link integration:\u003C\u002Fstrong> Display a privacy policy notice under comment forms to help with transparency and compliance requirements.\u003C\u002Fp>\n\u003Cp>This ensures real visitors can interact freely while bots are filtered automatically.\u003C\u002Fp>\n\u003Ch3>Security Hardening Tools\u003C\u002Fh3>\n\u003Cp>Titan includes built-in security hardening options that reduce publicly exposed information and protect your website from common automated attacks.\u003C\u002Fp>\n\u003Cp>Many bots scan websites looking for version numbers, exposed login patterns, weak passwords, or XML-RPC endpoints. Titan helps minimize those risks with configurable hardening controls that strengthen overall site security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Strong Password Enforcement:\u003C\u002Fstrong> Force users to create strong passwords based on the WordPress password strength meter. Weak passwords are a leading cause of account compromise. Enforcing strong credentials significantly improves login security and reduces unauthorized** access risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Author Login:\u003C\u002Fstrong> Attackers can attempt to discover usernames using author archive URLs. Titan prevents user enumeration by restricting access patterns that reveal valid login names. This reduces the effectiveness of targeted brute force login attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Disable XML-RPC:\u003C\u002Fstrong> XML-RPC can be abused for automated login attacks and pingback spam. Disabling XML-RPC reduces exposure to remote brute force attempts and limits unnecessary resource usage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Hide Version Information:\u003C\u002Fstrong> WordPress core and plugins sometimes expose version numbers in the source code. Attackers use this information to target known vulnerabilities. Titan removes version references to reduce fingerprinting risks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Version Query Strings:\u003C\u002Fstrong> JavaScript and CSS files often include version query parameters. Removing these prevents attackers from identifying the exact WordPress or plugin version running on your site.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove Meta Generator Tag:\u003C\u002Fstrong> The generator meta tag can reveal your CMS version. Titan removes it to reduce publicly visible system information and lower exposure.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Remove HTML Comments:\u003C\u002Fstrong> Some themes and plugins output HTML comments that may expose structural details. Titan can remove these comments to limit unnecessary information disclosure.\u003C\u002Fp>\n\u003Cp>Together, these security hardening options reduce your attack surface and strengthen your website without affecting normal functionality.\u003C\u002Fp>\n\u003Ch3>Activity Monitoring and Logs\u003C\u002Fh3>\n\u003Cp>Security is not only about blocking attacks. It is also about visibility and awareness.\u003C\u002Fp>\n\u003Cp>Titan includes built-in monitoring tools that help you understand login behavior and security activity on your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Attempts Log:\u003C\u002Fstrong> Track failed login attempts in real time. See which IP addresses are attempting access, how many retries were made, and when lockouts were triggered. This helps you evaluate brute force protection effectiveness.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Activity Logger:\u003C\u002Fstrong> Monitor security-related events across your site, including login activity and system actions. Identify suspicious patterns before they escalate.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Error Log Viewer:\u003C\u002Fstrong> View plugin-related errors directly from the dashboard. Diagnose configuration issues quickly without accessing server files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Debug Information Export:\u003C\u002Fstrong> Export diagnostic information when contacting support. This reduces troubleshooting time and speeds up issue resolution.\u003C\u002Fp>\n\u003Cp>With proper monitoring and logging, you are not only blocking attacks but also gaining insight into how your website is being targeted.\u003C\u002Fp>\n\u003Ch3>PRO Anti Spam Features\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Machine Learning spam detection:\u003C\u002Fstrong> Advanced spam filtering powered by Machine Learning improves detection accuracy by analyzing behavioral patterns across large datasets.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan existing comments for spam:\u003C\u002Fstrong> Identify previously approved spam comments and clean up your database.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scan registered users for spam accounts:\u003C\u002Fstrong> Detect and flag suspicious user accounts that may have been created by spam bots.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Enhanced background spam analysis:\u003C\u002Fstrong> Apply additional invisible tests that improve spam protection without affecting legitimate visitors.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=antispam\" rel=\"nofollow ugc\">Upgrade to unlock\u003C\u002Fa> advanced anti-spam capabilities.\u003C\u002Fp>\n\u003Ch3>PRO Two Factor Authentication\u003C\u002Fh3>\n\u003Cp>Two-factor authentication adds an additional verification step beyond a password. Even if a password is compromised, attackers cannot access the account without the second authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>QR Code Setup:\u003C\u002Fstrong> Scan a QR code with an authenticator app to activate two-factor authentication quickly and securely.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Secret Key Configuration:\u003C\u002Fstrong> Set up two-factor authentication manually if QR code scanning is unavailable.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Per User 2FA Management:\u003C\u002Fstrong> Enable or manage two-factor authentication individually for specific users or roles.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Compatible with TOTP Apps:\u003C\u002Fstrong> Works with popular authenticator apps such as Google Authenticator and other TOTP-compatible applications.\u003C\u002Fp>\n\u003Cp>Two-factor authentication significantly strengthens login security for administrators and users.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=2fa\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to enable Two Factor Authentication and advanced account protection.\u003C\u002Fp>\n\u003Ch3>PRO Backup and Recovery\u003C\u002Fh3>\n\u003Cp>Regular backups are essential for website security and recovery planning. If something goes wrong, having a recent backup allows you to restore your site quickly.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Scheduled Automatic Backups:\u003C\u002Fstrong> Automatically create backups at defined intervals to ensure recent recovery points are always available.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Manual Backup Creation:\u003C\u002Fstrong> Generate a backup instantly before making major changes to your website.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FTP Storage Support:\u003C\u002Fstrong> Store backups on a remote FTP server for additional protection and redundancy.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Dropbox Storage Integration:\u003C\u002Fstrong> Save backups to Dropbox for secure off-site storage.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Automatic Archive Cleanup:\u003C\u002Fstrong> Remove older backup files automatically to manage storage usage efficiently.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Adjustable Backup Performance:\u003C\u002Fstrong> Control backup speed to balance performance and server resource usage.\u003C\u002Fp>\n\u003Cp>Backups can be managed directly from the Titan dashboard for centralized control.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ftitansitescanner.com\u002F?utm_source=wordpressorg&utm_medium=readme&utm_campaign=backup\" rel=\"nofollow ugc\">Upgrade to Titan Pro\u003C\u002Fa> to unlock scheduled backups and external storage options.\u003C\u002Fp>\n\u003Ch3>Use Cases\u003C\u002Fh3>\n\u003Cp>Titan is suitable for:\u003C\u002Fp>\n\u003Cp>• Blogs receiving large volumes of comment spam\u003Cbr \u002F>\n• WooCommerce stores protecting customer login pages\u003Cbr \u002F>\n• Membership websites securing user accounts\u003Cbr \u002F>\n• Agencies managing multiple client websites\u003Cbr \u002F>\n• Educational platforms enforcing stronger authentication\u003Cbr \u002F>\n• Website owners looking for anti-spam and login security in one plugin\u003C\u002Fp>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>Need help? Open a new thread in the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fanti-spam\u002F\" rel=\"ugc\">Support Forum\u003C\u002Fa>, and we’ll be happy to assist.\u003C\u002Fp>\n\u003Ch3>Documentation\u003C\u002Fh3>\n\u003Cp>Discover how to make the most of Robin with our detailed and user-friendly \u003Ca href=\"https:\u002F\u002Fdocs.themeisle.com\u002F\" rel=\"nofollow ugc\">documentation\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Titan is backed by Themeisle, trusted by over 1 million WordPress users worldwide.\u003C\u002Fp>\n","Block spam comments, defend against login attempts, and strengthen site security with anti-spam, brute-force protection, and two-factor authentication &hellip;",60000,3435619,368,"2026-03-11T17:54:00.000Z",[20,165,166,23,167],"brute-force-protection","limit-login-attempts","two-factor-authentication","http:\u002F\u002Fwordpress.org\u002Fplugins\u002Fanti-spam\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fanti-spam.7.5.0.zip","2024-07-11 00:00:00",{"attackSurface":172,"codeSignals":398,"taintFlows":471,"riskAssessment":472,"analyzedAt":479},{"hooks":173,"ajaxHandlers":391,"restRoutes":392,"shortcodes":393,"cronEvents":394,"entryPointCount":28,"unprotectedCount":28},[174,180,185,189,193,197,202,207,210,214,218,221,225,229,232,235,238,241,243,246,251,254,258,262,265,267,272,278,281,284,287,290,293,296,299,302,305,308,311,314,317,320,323,326,330,335,339,343,346,348,351,355,359,364,368,372,376,379,384,387],{"type":175,"name":176,"callback":177,"file":178,"line":179},"action","admin_init","cf7a_options_init","admin\\CF7_AntiSpam_Admin_Customizations.php",64,{"type":181,"name":182,"callback":183,"priority":120,"file":178,"line":184},"filter","wp_check_filetype_and_ext","closure",1124,{"type":175,"name":186,"callback":187,"file":188,"line":68},"wpmu_new_blog","cf7a_on_create_blog","cf7-antispam.php",{"type":181,"name":190,"callback":191,"file":188,"line":192},"wpmu_drop_tables","cf7a_on_delete_blog",108,{"type":175,"name":194,"callback":195,"priority":27,"file":188,"line":196},"wpcf7_init","cf7a_register_service",137,{"type":175,"name":198,"callback":199,"priority":200,"file":188,"line":201},"init","cf7a_run",11,146,{"type":175,"name":203,"callback":204,"file":205,"line":206},"plugins_loaded","anonymous","core\\CF7_AntiSpam.php",154,{"type":181,"name":208,"callback":204,"file":205,"line":209},"wpcf7_spam",170,{"type":175,"name":211,"callback":212,"file":205,"line":213},"cf7a_cron","cf7a_cron_unban",174,{"type":175,"name":215,"callback":216,"priority":200,"file":205,"line":217},"wpcf7_after_flamingo","cf7a_flamingo_store_additional_data",181,{"type":175,"name":215,"callback":219,"priority":14,"file":205,"line":220},"cf7a_flamingo_remove_honeypot",184,{"type":175,"name":222,"callback":223,"file":205,"line":224},"cf7a_geoip_update_db","cf7a_geoip_download_database",191,{"type":181,"name":226,"callback":227,"priority":120,"file":205,"line":228},"cf7_smtp_report_mailbody","spam_mail_report",196,{"type":175,"name":176,"callback":230,"file":205,"line":231},"cf7a_handle_actions",216,{"type":175,"name":233,"callback":204,"file":205,"line":234},"admin_menu",222,{"type":181,"name":236,"callback":204,"file":205,"line":237},"admin_body_class",225,{"type":175,"name":239,"callback":204,"file":205,"line":240},"admin_enqueue_scripts",228,{"type":175,"name":239,"callback":204,"file":205,"line":242},229,{"type":175,"name":244,"callback":204,"file":205,"line":245},"admin_notices",235,{"type":175,"name":247,"callback":248,"priority":249,"file":205,"line":250},"load-flamingo_page_flamingo_inbound","cf7a_d8_flamingo_classify",9,241,{"type":175,"name":252,"callback":204,"file":205,"line":253},"wp_dashboard_setup",243,{"type":181,"name":255,"callback":256,"file":205,"line":257},"manage_flamingo_inbound_posts_columns","flamingo_columns",246,{"type":175,"name":259,"callback":260,"priority":120,"file":205,"line":261},"manage_flamingo_inbound_posts_custom_column","flamingo_d8_column",247,{"type":175,"name":259,"callback":263,"priority":200,"file":205,"line":264},"flamingo_resend_column",248,{"type":175,"name":244,"callback":183,"file":205,"line":266},283,{"type":181,"name":268,"callback":269,"priority":28,"file":270,"line":271},"wpcf7_posted_data","cf7a_refresh_cached_fields","core\\CF7_AntiSpam_Cache_Compatibility.php",62,{"type":181,"name":273,"callback":274,"priority":275,"file":276,"line":277},"cf7a_spam_check_chain","filter_ip_allowlist",5,"core\\CF7_AntiSpam_Filters.php",28,{"type":181,"name":273,"callback":279,"priority":120,"file":276,"line":280},"filter_empty_ip",31,{"type":181,"name":273,"callback":282,"priority":120,"file":276,"line":283},"filter_bad_ip",32,{"type":181,"name":273,"callback":285,"priority":120,"file":276,"line":286},"filter_ip_blocklist_history",33,{"type":181,"name":273,"callback":288,"priority":120,"file":276,"line":289},"filter_honeyform",34,{"type":181,"name":273,"callback":291,"priority":120,"file":276,"line":292},"filter_referrer_protocol",37,{"type":181,"name":273,"callback":294,"priority":120,"file":276,"line":295},"filter_plugin_version",38,{"type":181,"name":273,"callback":297,"priority":120,"file":276,"line":298},"filter_bot_fingerprint",39,{"type":181,"name":273,"callback":300,"priority":120,"file":276,"line":301},"filter_bot_fingerprint_extras",40,{"type":181,"name":273,"callback":303,"priority":120,"file":276,"line":304},"filter_language",41,{"type":181,"name":273,"callback":306,"priority":120,"file":276,"line":307},"filter_geoip",42,{"type":181,"name":273,"callback":309,"priority":120,"file":276,"line":310},"filter_time_submission",43,{"type":181,"name":273,"callback":312,"priority":120,"file":276,"line":313},"filter_bad_email_strings",44,{"type":181,"name":273,"callback":315,"priority":120,"file":276,"line":316},"filter_user_agent",45,{"type":181,"name":273,"callback":318,"priority":120,"file":276,"line":319},"filter_bad_words",46,{"type":181,"name":273,"callback":321,"priority":120,"file":276,"line":322},"filter_dnsbl",47,{"type":181,"name":273,"callback":324,"priority":120,"file":276,"line":325},"filter_honeypot",48,{"type":181,"name":273,"callback":327,"priority":328,"file":276,"line":329},"filter_b8_bayesian",20,51,{"type":175,"name":331,"callback":332,"file":333,"line":334},"wp_enqueue_scripts","register_scripts","core\\CF7_AntiSpam_Frontend.php",82,{"type":181,"name":336,"callback":337,"priority":338,"file":333,"line":26},"wpcf7_form_hidden_fields","cf7a_add_hidden_fields",1,{"type":181,"name":340,"callback":341,"priority":120,"file":333,"line":342},"wpcf7_config_validator_available_error_codes","cf7a_remove_cf7_error_message",99,{"type":181,"name":336,"callback":344,"priority":101,"file":333,"line":345},"cf7a_add_bot_fingerprinting",103,{"type":181,"name":336,"callback":347,"priority":101,"file":333,"line":192},"cf7a_add_bot_fingerprinting_extras",{"type":181,"name":336,"callback":349,"priority":101,"file":333,"line":350},"cf7a_append_on_submit",113,{"type":181,"name":352,"callback":353,"file":333,"line":354},"wpcf7_form_elements","cf7a_honeypot_add",118,{"type":181,"name":356,"callback":357,"priority":342,"file":333,"line":358},"the_content","cf7a_honeyform",123,{"type":181,"name":360,"callback":361,"priority":362,"file":333,"line":363},"wp_headers","cf7a_protect_wp",999,133,{"type":175,"name":365,"callback":366,"priority":249,"file":333,"line":367},"wpcf7_before_send_mail","cf7a_check_resend",138,{"type":175,"name":369,"callback":370,"priority":200,"file":333,"line":371},"wp_footer","cf7a_add_honeypot_css",145,{"type":181,"name":373,"callback":374,"file":333,"line":375},"xmlrpc_enabled","__return_false",463,{"type":181,"name":377,"callback":183,"file":333,"line":378},"rest_endpoints",471,{"type":175,"name":380,"callback":381,"file":382,"line":383},"rest_api_init","cf7a_register_routes","core\\CF7_AntiSpam_Public_Rest_Api.php",50,{"type":175,"name":380,"callback":381,"file":385,"line":386},"core\\CF7_AntiSpam_Rest_Api.php",56,{"type":181,"name":388,"callback":389,"file":390,"line":99},"cron_schedules","cf7a_add_cron_steps","core\\functions.php",[],[],[],[395],{"hook":222,"callback":222,"file":396,"line":397},"core\\CF7_Antispam_Geoip.php",166,{"dangerousFunctions":399,"sqlUsage":415,"outputEscaping":442,"fileOperations":338,"externalRequests":28,"nonceChecks":469,"capabilityChecks":150,"bundledLibraries":470},[400,405,408,411],{"fn":401,"file":402,"line":403,"context":404},"unserialize","admin\\CF7_AntiSpam_Admin_Display.php",396,"$decoded_meta = unserialize( $row->meta ); \u002F\u002F phpcs:ignore WordPress.PHP.DiscouragedPHPFunctions.ser",{"fn":401,"file":402,"line":406,"context":407},810,"$meta         = unserialize( $row->meta );",{"fn":401,"file":409,"line":304,"context":410},"admin\\CF7_AntiSpam_Admin_Tools.php","$meta      = unserialize( $row->meta );",{"fn":401,"file":412,"line":413,"context":414},"core\\CF7_Antispam_Blocklist.php",68,"$meta             = ! empty( $ip_row->meta ) ? unserialize( $ip_row->meta ) : array();",{"prepared":416,"raw":120,"locations":417},80,[418,421,424,426,428,432,434,435,437,439],{"file":402,"line":419,"context":420},1265,"$wpdb->get_var() with variable interpolation",{"file":422,"line":316,"context":423},"core\\b8\\b8\\storage\\mysql.php","$wpdb->query() with variable interpolation",{"file":425,"line":304,"context":423},"core\\b8\\b8\\storage\\sqlite.php",{"file":412,"line":427,"context":423},298,{"file":429,"line":430,"context":431},"engine\\CF7_AntiSpam_Activator.php",314,"$wpdb->get_col() with variable interpolation",{"file":433,"line":277,"context":423},"engine\\CF7_AntiSpam_Uninstaller.php",{"file":433,"line":386,"context":423},{"file":433,"line":436,"context":423},58,{"file":433,"line":438,"context":431},117,{"file":440,"line":441,"context":423},"engine\\CF7_AntiSpam_Updater.php",233,{"escaped":443,"rawEcho":200,"locations":444},333,[445,449,451,453,455,457,459,461,463,465,467],{"file":446,"line":447,"context":448},"admin\\CF7_AntiSpam_Admin_Charts.php",88,"raw output",{"file":446,"line":450,"context":448},204,{"file":446,"line":452,"context":448},212,{"file":178,"line":454,"context":448},1840,{"file":178,"line":456,"context":448},1842,{"file":402,"line":458,"context":448},276,{"file":402,"line":460,"context":448},293,{"file":402,"line":462,"context":448},770,{"file":402,"line":464,"context":448},859,{"file":402,"line":466,"context":448},1266,{"file":402,"line":468,"context":448},1268,18,[],[],{"summary":473,"deductions":474},"The \"cf7-antispam\" plugin v0.7.4 presents a mixed security posture. On the positive side, the static analysis indicates a robust implementation of modern WordPress security practices, with an extremely high percentage of SQL queries using prepared statements and output escaping. The plugin also demonstrates a good use of nonce and capability checks, and notably, no external HTTP requests or bundled libraries are present, which reduces potential attack vectors. The attack surface, in terms of direct entry points like AJAX handlers, REST API routes, and shortcodes, is zero, which is excellent. The taint analysis showing no critical or high severity flows with unsanitized paths further reinforces this positive outlook.\n\nHowever, a significant concern arises from the presence of the `unserialize` function, which is a known source of vulnerabilities if not handled with extreme care and proper input validation. While the static analysis doesn't highlight immediate risks related to `unserialize` in this specific scan, its mere presence warrants caution. Furthermore, the vulnerability history reveals two past medium-severity CVEs, specifically related to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The fact that these were not critical or high severity and are currently unpatched is a slightly positive sign, but the existence of these past issues, particularly XSS and CSRF, suggests potential weaknesses in input sanitization or output encoding in previous versions, which could theoretically still be relevant if the `unserialize` function is used insecurely.\n\nIn conclusion, while \"cf7-antispam\" v0.7.4 benefits from a minimal attack surface and strong adherence to prepared statements and output escaping, the potential risks associated with the `unserialize` function and the history of medium-severity CSRF and XSS vulnerabilities necessitate a degree of caution. The plugin appears to have addressed past vulnerabilities, but the `unserialize` function remains a latent risk that should be closely monitored and audited.",[475,477],{"reason":476,"points":120},"Presence of unserialize function",{"reason":478,"points":120},"Two past medium CVEs (CSRF, XSS)","2026-03-16T17:47:05.446Z",{"wat":481,"direct":494},{"assetPaths":482,"generatorPatterns":487,"scriptPaths":488,"versionParams":489},[483,484,485,486],"\u002Fwp-content\u002Fplugins\u002Fcf7-antispam\u002Fassets\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Fcf7-antispam\u002Fassets\u002Fcss\u002Fcf7-antispam.css","\u002Fwp-content\u002Fplugins\u002Fcf7-antispam\u002Fassets\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Fcf7-antispam\u002Fassets\u002Fjs\u002Fcf7-antispam.js",[],[485,486],[490,491,492,493],"\u002Fwp-content\u002Fplugins\u002Fcf7-antispam\u002Fassets\u002Fcss\u002Fadmin.css?ver=","\u002Fwp-content\u002Fplugins\u002Fcf7-antispam\u002Fassets\u002Fcss\u002Fcf7-antispam.css?ver=","\u002Fwp-content\u002Fplugins\u002Fcf7-antispam\u002Fassets\u002Fjs\u002Fadmin.js?ver=","\u002Fwp-content\u002Fplugins\u002Fcf7-antispam\u002Fassets\u002Fjs\u002Fcf7-antispam.js?ver=",{"cssClasses":495,"htmlComments":497,"htmlAttributes":498,"restEndpoints":500,"jsGlobals":501,"shortcodeOutput":503},[496],"fit-the-fullspace",[],[499],"data-cf7a-nonce",[],[502],"cf7AntispamParams",[]]