WP-Safety

humanID – Anti-Spam Comment Filter Security & Risk Analysis

wordpress.org/plugins/humanid-spam-filter

Replace ReCAPTCHA with a faster, user-friendly solution and block spammers & bots permanently

0 active installs v2.1.2 PHP 7.4+ WP 5.7+ Updated Jan 12, 2026
anti-spamcomment-spamcontact-form-7human-idspam-protection
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is humanID – Anti-Spam Comment Filter Safe to Use in 2026?

Generally Safe

Score 100/100

humanID – Anti-Spam Comment Filter has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago
Risk Assessment

The 'humanid-spam-filter' v2.1.2 plugin presents a mixed security posture. On the positive side, the code demonstrates strong practices regarding SQL queries, with all 4 queries utilizing prepared statements, indicating a reduced risk of SQL injection. Furthermore, the plugin exhibits excellent output escaping hygiene, with 97% of outputs properly escaped, significantly mitigating cross-site scripting (XSS) vulnerabilities. The absence of file operations and bundled libraries also simplifies the attack surface. However, a significant concern is the presence of 3 AJAX handlers that lack any authentication or authorization checks. This creates a substantial attack vector, as any unauthenticated user could potentially trigger these actions, leading to unintended consequences or even exploitation if the handlers perform sensitive operations. The lack of nonce checks and capability checks on these AJAX endpoints further exacerbates this risk, making them highly vulnerable.

Key Concerns

  • AJAX handlers without auth checks
  • AJAX handlers without nonce checks
  • AJAX handlers without capability checks
Vulnerabilities
None known

humanID – Anti-Spam Comment Filter Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

humanID – Anti-Spam Comment Filter Release Timeline

v2.1.2Current
v2.1.1
v2.1.0
v2.0.0
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 17, 2026

humanID – Anti-Spam Comment Filter Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
2
74 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

97% escaped76 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<failure> (views\verification\failure.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

humanID – Anti-Spam Comment Filter Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_hidsf_update_usermodules\user\UserModule.php:102
noprivwp_ajax_hidsf_get_login_urlmodules\verification\VerificationModule.php:124
authwp_ajax_hidsf_get_login_urlmodules\verification\VerificationModule.php:125
WordPress Hooks 25
actionadmin_enqueue_scriptscore\HidSpamFilter.php:61
actionwp_enqueue_scriptscore\HidSpamFilter.php:62
actionadmin_noticeshumanid-spam-filter.php:45
filterhidsf_includes_filtermodels\includes.php:18
actionwpcf7_initmodules\contactform7\ContactForm7Module.php:145
filterwpcf7_validate_humanidmodules\contactform7\ContactForm7Module.php:153
filterwpcf7_display_messagemodules\contactform7\ContactForm7Module.php:154
filterhidsf_sub_menu_pages_filtermodules\dashboard\DashboardModule.php:112
filterhidsf_includes_filtermodules\includes.php:10
filtermanage_comments_custom_columnmodules\user\UserModule.php:112
filtermanage_edit-comments_columnsmodules\user\UserModule.php:113
actioncomment_postmodules\verification\VerificationModule.php:119
actionwp_footermodules\verification\VerificationModule.php:120
actioncomment_form_after_fieldsmodules\verification\VerificationModule.php:121
actioncomment_form_logged_in_aftermodules\verification\VerificationModule.php:122
actioninitmodules\verification\VerificationModule.php:129
actiontemplate_includemodules\verification\VerificationModule.php:133
actioninitmodules\verification\VerificationModule.php:144
actiontemplate_includemodules\verification\VerificationModule.php:148
actioninitmodules\verification\VerificationModule.php:158
actiontemplate_includemodules\verification\VerificationModule.php:162
filterquery_varsmodules\verification\VerificationModule.php:178
filterquery_varsmodules\verification\VerificationModule.php:183
filterquery_varsmodules\verification\VerificationModule.php:188
filterpreprocess_commentmodules\verification\VerificationModule.php:194
Maintenance & Trust

humanID – Anti-Spam Comment Filter Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJan 12, 2026
PHP min version7.4
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

humanID – Anti-Spam Comment Filter Alternatives

WP Armour – Honeypot Anti Spam

WP Armour – Honeypot Anti Spam

honeypot

A
98

Fastest growing Anti Spam plugin. No API calls, subscriptions, captcha or puzzle. Full GDPR complaint. For comments, contact form, login, registration

300K 2 CVEs
Anti-Spam Protection – No API Key, GDPR Friendly

Anti-Spam Protection – No API Key, GDPR Friendly

fullworks-anti-spam

A
100

Block spam on Contact Form 7, WPForms & comments. No API key. GDPR compliant. Free for commercial use. No configuration needed.

1K No CVEs
Advanced Spam Protection for Contact Form 7

Advanced Spam Protection for Contact Form 7

gotechark-advanced-spam-shield-for-contact-form-7

A
100

A powerful spam protection plugin for Contact Form 7 that blocks bots, spam submissions, VPN users, repeated attempts, and automated attacks — without &hellip;

40 No CVEs
Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

A
100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs
Developer Profile

humanID – Anti-Spam Comment Filter Developer Profile

humanID

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect humanID – Anti-Spam Comment Filter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/humanid-spam-filter/assets/css/app.css/wp-content/plugins/humanid-spam-filter/assets/js/app.js/wp-content/plugins/humanid-spam-filter/assets/js/admin.js
Script Paths
/wp-content/plugins/humanid-spam-filter/assets/js/app.js/wp-content/plugins/humanid-spam-filter/assets/js/admin.js
Version Parameters
humanid-spam-filter/assets/css/app.css?ver=humanid-spam-filter/assets/js/app.js?ver=humanid-spam-filter/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
update-pluginsupdate-count
JS Globals
hid_ajax_object
FAQ

Frequently Asked Questions about humanID – Anti-Spam Comment Filter