Does LukaCodes AntiSpam Shield have any unpatched vulnerabilities?

No. All known vulnerabilities in LukaCodes AntiSpam Shield have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LukaCodes AntiSpam Shield compatible with WordPress 6.9.4?

According to WordPress.org data, LukaCodes AntiSpam Shield 1.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is LukaCodes AntiSpam Shield compatible with PHP 8.0+?

LukaCodes AntiSpam Shield requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LukaCodes AntiSpam Shield updated?

LukaCodes AntiSpam Shield was last updated on Mar 15, 2026. Frequent updates are generally a positive security signal.

What is LukaCodes AntiSpam Shield's security score?

LukaCodes AntiSpam Shield has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LukaCodes AntiSpam Shield Security & Risk Analysis

wordpress.org/plugins/lukacodes-comment-shield

Block comment spam, brute-force logins and bot registrations with reCAPTCHA v3 or Cloudflare Turnstile. Lightweight, no bloat.

0 active installs v1.1.3 PHP 8.0+ WP 6.0+ Updated Mar 15, 2026

anti-spamrecaptchaspamturnstilewpforms

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is LukaCodes AntiSpam Shield Safe to Use in 2026?

Generally Safe

Score 100/100

LukaCodes AntiSpam Shield has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 20d ago

Risk Assessment

The "lukacodes-comment-shield" plugin v1.1.3 demonstrates a strong security posture based on the provided static analysis. The complete absence of identified dangerous functions, raw SQL queries, file operations, and taint flows with unsanitized paths indicates a developer's commitment to secure coding practices. Furthermore, the plugin utilizes prepared statements for all SQL queries, has a high percentage of properly escaped output, and implements nonce and capability checks on its entry points, which significantly reduces the risk of common web vulnerabilities.

Despite these strengths, the plugin does make external HTTP requests, which can introduce vulnerabilities if the target endpoints are compromised or if the requests are not properly validated and sanitized before use. While the static analysis did not reveal any specific vulnerabilities related to these requests, it remains an area that requires careful monitoring and potential additional sanitization depending on the nature of the external communication.

The plugin's vulnerability history is entirely clean, with zero known CVEs, which is an excellent sign. This suggests a proactive approach to security by the developers or a lack of past exploitation, which combined with the current robust code analysis, paints a picture of a well-maintained and secure plugin. However, the presence of external HTTP requests is the sole area where a cautious approach is warranted, though the current data does not present an immediate, quantifiable risk.

Key Concerns

External HTTP requests without further context

Vulnerabilities

None known

LukaCodes AntiSpam Shield Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

LukaCodes AntiSpam Shield Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

72 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

90% escaped80 total outputs

Attack Surface

LukaCodes AntiSpam Shield Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 3

authwp_ajax_comment_shield_test_recaptchalukacodes-comment-shield.php:816

authwp_ajax_comment_shield_test_turnstilelukacodes-comment-shield.php:886

authwp_ajax_comment_shield_test_link_striplukacodes-comment-shield.php:910

WordPress Hooks 35

actionwp_footerinc\contact-forms.php:41

actionwp_footerinc\contact-forms.php:51

actionwpforms_display_submit_beforeinc\contact-forms.php:111

actionwp_footerinc\contact-forms.php:168

actionwp_footerinc\contact-forms.php:205

actionwpforms_process_beforeinc\contact-forms.php:225

actionwp_footerlukacodes-comment-shield.php:73

actionwp_footerlukacodes-comment-shield.php:112

actionwp_enqueue_scriptslukacodes-comment-shield.php:116

actionwp_footerlukacodes-comment-shield.php:147

actionwp_footerlukacodes-comment-shield.php:196

actionwp_enqueue_scriptslukacodes-comment-shield.php:200

actionlogin_footerlukacodes-comment-shield.php:243

actionlogin_formlukacodes-comment-shield.php:279

actionregister_formlukacodes-comment-shield.php:285

actionlogin_footerlukacodes-comment-shield.php:292

actionlogin_footerlukacodes-comment-shield.php:302

actionlogin_footerlukacodes-comment-shield.php:334

actionlogin_enqueue_scriptslukacodes-comment-shield.php:341

filterwp_authenticate_userlukacodes-comment-shield.php:348

filterregistration_errorslukacodes-comment-shield.php:369

filtercomment_form_default_fieldslukacodes-comment-shield.php:437

actionwp_enqueue_scriptslukacodes-comment-shield.php:452

filtercomments_openlukacodes-comment-shield.php:467

filterpings_openlukacodes-comment-shield.php:468

filtercomments_openlukacodes-comment-shield.php:483

filterpings_openlukacodes-comment-shield.php:484

filtercomment_textlukacodes-comment-shield.php:496

filterpreprocess_commentlukacodes-comment-shield.php:513

filterpreprocess_commentlukacodes-comment-shield.php:579

filterpreprocess_commentlukacodes-comment-shield.php:634

actionadmin_enqueue_scriptslukacodes-comment-shield.php:656

actionadmin_initlukacodes-comment-shield.php:677

actionadmin_menulukacodes-comment-shield.php:729

filterplugin_action_links_lukacodes-comment-shield/lukacodes-comment-shield.phplukacodes-comment-shield.php:745

Maintenance & Trust

LukaCodes AntiSpam Shield Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 15, 2026

PHP min version8.0

Downloads252

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

LukaCodes AntiSpam Shield Alternatives

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor

wppool-turnstile-captcha-spam-filter

100

Add Cloudflare Turnstile to WordPress, Contact Form 7, WooCommerce, WPForms, BuddyPress & Elementor. A CAPTCHA, reCAPTCHA alternative for WordPress.

1K No CVEs

CubeMage Login Guard

cubemage-login-guard

100

Integrates Cloudflare Turnstile, Limits Login Attempts, and Disables XML-RPC to protect WordPress forms.

0 No CVEs

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE

reCaptcha by BestWebSoft

google-captcha

Protect WordPress website forms from spam entries with Google reCAPTCHA.

100K 3 CVEs

Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant

gdpr-compliant-recaptcha-for-all-forms

Anti-spam - CAPTCHA that protects all forms against spam and brute-force. Invisible and GDPR-compliant.

4K 1 CVE

Developer Profile

LukaCodes AntiSpam Shield Developer Profile

LukaCodes

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LukaCodes AntiSpam Shield

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

commsh-turnstile-widget

JS Globals

grecaptchacommshTurnstileReadyturnstile

FAQ