WP-Safety

Anti-Spam Protection – No API Key, GDPR Friendly Security & Risk Analysis

wordpress.org/plugins/fullworks-anti-spam

Block spam on Contact Form 7, WPForms & comments. No API key. GDPR compliant. Free for commercial use. No configuration needed.

1K active installs v2.6.3 PHP 7.4+ WP 5.3.0+ Updated Apr 13, 2026
anti-spamcf7contact-form-7spam-protectionwpforms
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Anti-Spam Protection – No API Key, GDPR Friendly Safe to Use in 2026?

Generally Safe

Score 100/100

Anti-Spam Protection – No API Key, GDPR Friendly has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "fullworks-anti-spam" plugin v2.6.1 demonstrates several good security practices, including a high percentage of properly escaped output and a low rate of SQL queries without prepared statements. The absence of any recorded vulnerabilities, including critical or high severity issues, further suggests a generally secure codebase. The plugin also benefits from a strong presence of nonce and capability checks, indicating an effort to protect against common WordPress exploits.

However, the static analysis reveals a notable concern regarding its attack surface. Specifically, two out of four AJAX handlers lack authentication checks. This creates potential entry points that could be exploited by unauthenticated users, depending on the functionality of these handlers. While taint analysis found no critical or high severity issues with unsanitized paths, the unprotected AJAX endpoints remain a point of concern that could potentially lead to other types of vulnerabilities if not properly secured.

In conclusion, the plugin has a solid foundation with good coding practices and a clean vulnerability history. The primary weakness lies in the exposed AJAX handlers, which should be addressed to further strengthen its security posture. The lack of past vulnerabilities is a positive indicator, but the identified attack surface requires attention to ensure continued security.

Key Concerns

  • Unprotected AJAX handlers
Vulnerabilities
None known

Anti-Spam Protection – No API Key, GDPR Friendly Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Anti-Spam Protection – No API Key, GDPR Friendly Release Timeline

v2.6.3Current
v2.6.2
v2.6.1
v2.6
v2.5.1
v2.5.1-free
v2.4
v2.3.12
v2.3.11
v2.3.10
v2.3.7
v2.3.5
v2.3.4
v2.3.3
v2.2.1
v2.2
v2.1.4
v2.1.3
v2.1.1
v2.1
Code Analysis
Analyzed Mar 16, 2026

Anti-Spam Protection – No API Key, GDPR Friendly Code Analysis

Dangerous Functions
0
Raw SQL Queries
10
18 prepared
Unescaped Output
4
149 escaped
Nonce Checks
9
Capability Checks
6
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

64% prepared28 total queries

Output Escaping

97% escaped153 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

4 flows
handle_ad_csv_import (admin\class-admin.php:157)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Anti-Spam Protection – No API Key, GDPR Friendly Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 4

authwp_ajax_fwantispam_ajax_handleradmin\class-admin-table-allow-deny.php:20
authwp_ajax_fwas_dismiss_upgrade_noticeadmin\class-admin.php:91
noprivwp_ajax_fwas_get_keyscontrol\class-core.php:218
authwp_ajax_fwas_get_keyscontrol\class-core.php:219
WordPress Hooks 50
actionadmin_enqueue_scriptsadmin\class-admin-pages.php:87
filterscreen_layout_columnsadmin\class-admin-pages.php:89
actionadmin_enqueue_scriptsadmin\class-admin.php:85
actionadmin_enqueue_scriptsadmin\class-admin.php:86
actionadmin_menuadmin\class-admin.php:87
actionadmin_post_fwas_ad_csv_importadmin\class-admin.php:88
actionadmin_post_fwas_ad_csv_exportadmin\class-admin.php:89
actionwp_dashboard_setupadmin\class-admin.php:94
actionunspammed_commentadmin\class-mark-spam.php:107
actionspammed_commentadmin\class-mark-spam.php:113
filterfwas_is_spamclass-anti-spam-api.php:16
actionadmin_menucontrol\class-core.php:155
actionadmin_menucontrol\class-core.php:156
actioninitcontrol\class-core.php:157
filterset-screen-optioncontrol\class-core.php:159
actionadmin_menucontrol\class-core.php:165
actioninitcontrol\class-core.php:166
actioninitcontrol\class-core.php:169
actionfullworks_anti_spam_daily_admincontrol\class-core.php:208
actionadmin_initcontrol\class-core.php:209
actionwp_enqueue_scriptscontrol\class-core.php:217
actionlogin_footercontrol\class-core.php:220
actioninitcontrol\class-core.php:235
actionplugins_loadedcontrol\class-core.php:236
filterplugin_iconcontrol\class-freemius-config.php:77
filterpermission_listcontrol\class-freemius-config.php:80
filterfullworks-anti-spam_template_pathscontrol\class-template-loader.php:92
filterpre_comment_approvedcore\class-forms-hooks.php:83
filterwpforms_process_honeypotcore\class-forms-hooks.php:90
filterwpcf7_spamcore\class-forms-hooks.php:99
filterfluentform/validationscore\class-forms-hooks.php:105
filterjetpack_contact_form_is_spamcore\class-forms-hooks.php:111
filtersrfm_before_fields_processingcore\class-forms-hooks.php:117
filterwpcf7_skip_mailcore\class-forms-hooks.php:259
filterwpcf7_display_messagecore\class-forms-hooks.php:268
filterwpforms_entry_emailcore\class-forms-hooks.php:370
filterwpforms_entry_save_argscore\class-forms-hooks.php:388
filtersrfm_should_send_emailcore\class-forms-hooks.php:473
actionfwas_purge_dailycore\class-purge.php:62
actioninitcore\class-purge.php:64
actionfwas_purge_dailycore\class-purge.php:77
actiondoing_it_wrong_runfullworks-anti-spam.php:73
actionwpmu_new_blogfullworks-anti-spam.php:125
filterwpmu_drop_tablesfullworks-anti-spam.php:135
actionafter_uninstallfullworks-anti-spam.php:136
actionplugins_loadedfullworks-anti-spam.php:138
filterwsf_config_settings_form_adminintegrations\ws-form\class-ws-form-action-fullworks-anti-spam.php:30
filterwsf_config_meta_keysintegrations\ws-form\class-ws-form-action-fullworks-anti-spam.php:33
filterwsf_actions_post_saveintegrations\ws-form\class-ws-form-action-fullworks-anti-spam.php:36
filterwsf_actions_post_submitintegrations\ws-form\class-ws-form-action-fullworks-anti-spam.php:37

Scheduled Events 4

fullworks_anti_spam_daily_admin
fullworks_anti_spam_daily_training
fullworks_anti_spam_daily_admin
fullworks_anti_spam_daily_admin
Maintenance & Trust

Anti-Spam Protection – No API Key, GDPR Friendly Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedApr 13, 2026
PHP min version7.4
Downloads59K

Community Trust

Rating100/100
Number of ratings11
Active installs1K
Alternatives

Anti-Spam Protection – No API Key, GDPR Friendly Alternatives

Advanced Spam Protection for Contact Form 7

Advanced Spam Protection for Contact Form 7

gotechark-advanced-spam-shield-for-contact-form-7

A
100

A powerful spam protection plugin for Contact Form 7 that blocks bots, spam submissions, VPN users, repeated attempts, and automated attacks — without …

40 No CVEs
CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

A
100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs
Autopreenchimento de endereço em formulários

Autopreenchimento de endereço em formulários

cf7-cep-autofill

A
85

Preenchimento automático de campos de endereço baseado no CEP informado.

1K No CVEs
WPCF7 Anti-spam

WPCF7 Anti-spam

wpcf7-anti-spam

A
85

Upload wpcf7_antispam folder to the /wp-content/plugins/ directory Activate the plugin through the 'Plugins' menu in WordPress Configure the …

10 No CVEs
humanID – Anti-Spam Comment Filter

humanID – Anti-Spam Comment Filter

humanid-spam-filter

A
100

Replace ReCAPTCHA with a faster, user-friendly solution and block spammers & bots permanently

0 No CVEs
Developer Profile

Anti-Spam Protection – No API Key, GDPR Friendly Developer Profile

fullworks

13 plugins · 79K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
1299 days
View full developer profile
Detection Fingerprints

How We Detect Anti-Spam Protection – No API Key, GDPR Friendly

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fullworks-anti-spam/dist/css/main.css/wp-content/plugins/fullworks-anti-spam/dist/js/backend.js/wp-content/plugins/fullworks-anti-spam/dist/js/frontend.js
Script Paths
/wp-content/plugins/fullworks-anti-spam/dist/js/backend.js/wp-content/plugins/fullworks-anti-spam/dist/js/frontend.js
Version Parameters
fullworks-anti-spam/dist/css/main.css?ver=fullworks-anti-spam/dist/js/backend.js?ver=fullworks-anti-spam/dist/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
fwas-settings-modalfwas-settings-modal__overlayfwas-settings-modal__contentfwas-settings-modal__closefwas-togglefwas-toggle__inputfwas-toggle__labelfwas-toggle__slider+14 more
HTML Comments
<!-- admin-settings-page.php --><!-- /admin-settings-page.php --><!-- settings-page.php --><!-- /settings-page.php -->+52 more
Data Attributes
data-fwas-modal-targetdata-fwas-modal-closedata-fwas-tab-iddata-fwas-tab-content-iddata-fwas-toggle
JS Globals
fwas_optionsfwas_form_handlersfwas_settings
FAQ

Frequently Asked Questions about Anti-Spam Protection – No API Key, GDPR Friendly