GB Anti-Spam for Contact Form 7
GB Anti-Spam for Contact Form 7
Description
GB Anti-Spam for Contact Form 7 adds a lightweight security layer to Contact Form 7 forms without CAPTCHA.
Features:
* Honeypot field protection
* Timing-based bot detection
* Request integrity token
* IP rate limiting
* Automatic injection (no manual form editing required)
Designed to be lightweight and compatible with caching and performance plugins.
Installation
- Upload plugin to WordPress
- Activate plugin
- Works automatically with all Contact Form 7 forms
Faq
No. Everything is injected automatically.
No noticeable impact.
Reviews
Changelog
2.1.0
- Refactored core validation into structured pipeline architecture (validate() now acts as orchestration layer)
- Introduced modular detection stages: context collection, honeypot, timing, nonce, fingerprint, rate limiting, field analysis, payload analysis, scoring, and final decision
- Replaced flat string-based signals with structured signal objects (type + optional field metadata)
- Added unified scoring engine with centralized weight map for all detection signals
- Introduced hard-block vs score-based decision separation (critical threats bypass scoring)
- Split validation logic into dedicated methods for each detection layer for improved maintainability
- Improved field-level analysis with structured output (URL, emoji, markup, Cyrillic, length detection per field)
- Introduced dedicated payload analysis layer for cross-field pattern detection (SQL injection, XSS, command injection, spam keywords)
- Centralized spam keyword detection into reusable helper method
- Improved rate limiting mechanism with explicit signal output (rate_limited)
- Added structured debug logging including score value alongside signals, IP, user agent, and sanitized submission data
- Enhanced logging safety with improved data sanitization and truncation limits
- Improved observability of validation flow through explicit stage separation and consistent signal output format
- Reduced coupling between detection logic and validation decision logic
- Maintained backward compatibility with existing Contact Form 7 validation filter
2.0.0
- Complete redesign of anti-spam engine architecture
- Replaced legacy scoring system with structured signals-based detection model
- Introduced unified signals[] system as primary validation output
- Split validation logic into layered detection system (hard-block, behavioral signals, content analysis)
- Added per-field validation engine via analyze_field() method
- Introduced helper-based security detection functions (SQL injection, XSS, command injection)
- Added structured JSON logging system for all CF7 submission attempts
- Improved rate limiting mechanism based on IP tracking
- Added detection for URLs, emojis, HTML/BBCode markup, and Cyrillic content
- Separated detection logic from final blocking decision
- Improved observability with detailed request-level debug output
- Prepared internal architecture for future rule weighting and per-field validation engine expansion
- Improved overall maintainability and extensibility of the plugin core
1.2.0
- Major refactor of anti-spam engine
- Added hard firewall layer using wpcf7_before_send_mail
- Introduced unified payload inspection (email, URL, injection patterns)
- Removed client-side hash-based token system in favor of WP nonce
- Improved scoring logic and reduced redundant validation checks
- Fixed CF7 bypass allowing spam submissions to reach mail layer
- Improved debug logging system with configurable file path
1.1.0
- Replaced JS-based token mechanism with secure WordPress nonce validation (wp_create_nonce / wp_verify_nonce)
- Removed insecure client-side hash-based token generation
- Added human interaction signal detection (mouse, keyboard, touch events)
- Improved fingerprinting method for better bot anomaly detection
- Added universal payload inspection for SQL injection, XSS, and command injection patterns across all form fields
- Improved rate limiting logic with stricter thresholds per IP
- Enhanced honeypot detection reliability across all CF7 forms
1.0.5
- Improved validation scoring system for spam detection
- Added additional heuristic checks for automated bot submissions
- Optimized transient-based rate limiting mechanism
1.0.0
- Initial release
- Basic honeypot protection
- Timing-based submission validation
- Lightweight fingerprint detection