View my basket

WordPress spam blocker plugin

Spam Shield for WordPress can block comment-spam and contact-form spam, with the following integrations:

  • Beaver Builder Pro
  • Ultimate Addons for Beaver Builder
  • Contact Form 7
  • Elementor Pro forms
  • Kadence Blocks
  • WordPress comments
  • WPForms
  • Fluent Forms
WordPress and Spam Shield
Download the Spam Shield for WordPress pluginDownload WordPress pluginversion 1.9.0

Getting started

If you haven’t got a Spam Shield account already, sign up for one now. It’s totally free for small sites.

Make sure to verify your email address or your account won’t become active.

Download the plugin, then install & activate it on your site.

Go to your Spam Shield account page and copy your API Key. Then go to the admin area of your website > Settings > Spam Shield and paste your API Key into there. Check the connection. If everything is working properly, save your settings and you’re all set!

The admin widget

Unlike when using a reCaptcha system to block spammers, Spam Shield is able to keep a temporary record of rejected messages so you can review them.

Important Be careful when clicking on “View recent messages…” because a lot of the blocked content will contain very offensive language.

Information By default, 2 days worth of messages will be kept, but you can change this on the settings page.

Spam Shield admin dashboard widget
Spam Shield admin widget

Use the “My Account” button to go straight to your Spam Shield account page.

Installation instructions

First up, make sure you’ve got an API key. You can use a free Spam Shield licence, or a paid-for licence, they both work the same way.

Next up, download the plugin’s zip file…

Download the Spam Shield for WordPress pluginDownload WordPress pluginversion 1.9.0

Log in to your WordPress site and go to the Plugins area and click “Add New” at the top of the page, then upload the Spam Shield.

Add new plugin to WordPress
Upload a plugin to WordPress

When the plugin has uploaded, click the box that says “Activate”.

That’s it, Spam Shield is up-and-running. It’s a good idea to go to Settings > Spam Shield to check your configuration, but the defaults will be suitable for most installations.

If your website accepts user-comments (e.g. you run a blog), check out how to protect against comment spam.

Spam Shield for WordPress changelog

Version 1.9.0

Released: 2023-05-25

New integration for Fluent Forms.

Version 1.8.2

Released: 2023-04-01

  • Minor fix to avoid a PHP warning when running the plugin for the first time on a new site.

Version 1.8.1

Released: 2023-03-18

  • An update to the HTML form delay activate code to outfox a few more of the bots.

Older releases

  • Added the new delay-activate function for on-page HTML forms. WooCommerce basket and checkout forms are excluded from delay-activation. This new function is enabled by default, but you can disable it on the settings page.

Improved the message field checker to block more spam contact requests at source, without using API calls, if possible.

Adjusted the logic a bit so that messages are saved BEFORE they're checked and classified. This is so that if there's a problem/break in the communication with the spam shield server, the message is still saved in your admin dashboard for review. It reduces the risk of losing out on legitimate enquiries.

  • Fixed a warning in the logs with the spam_shield_can_view_admin_widget filter.

Added a filter called "spam_shield_can_view_admin_widget" allow more access to admin/editor/manager user-roles to view the admin widget (and view messages) in Spam Shield.

Minor update to refresh the power-plugins core support library.

New: Built-in integration for Beaver Builder Pro and Ultimate Addons for Beaver Builder (contact form)

New feature to reclassify messages from the admin widget. Reclassified messages are sent back to Spam Shield for potential use in training the algorithms. Only the message body is used in algo-training - message fields are not sent back to Spam Shield in case they contain personally identifiable data.

Minor update for better detection of the server's IP address, with the "Check server\s reputation" function in the settings page.

Added a new quick look-up in the General Settings page, to check the site's reputation in the Spam Shield database. Useful when diagnosing API connection problems.

  • Applied the better CDN client IP detection to WP Comment form spam detection too.
  • Updated the function that detects the client's IP address for better repeat-spammer detection behind a CDN.

Added the ability to exclude fields from spam checking when using Contact Form 7.

Minor improvement to when Spam Shield passes classification hints to the API server.

Added IP address flood protection.

Added integration support for the contact form that comes with the Kadence Blocks plugin.

Minor fix to protect against malformed/dodgy message fields data.

Slightly enhanced the "Check Connection" function on the settings page. If the plugin can't get your account information from api.spamshield.cloud then it tries to connect to the server via a socket, to see if there is a firewall block in there for some reason. If your site is sharing an IP address with lots of other sites, there's a chance that the IP address is tainted becase one of those sites has been hacked and is part of a spam-bot network.

Minor update to support newer versions WPForms Pro, tested with 1.7.5.5+

  • Added support for Elementor forms.
  • Refactored the integrations so they're more (properly) modular.

Added a switch to turn-off admin dashboard nags about CF7/WPForms integrations being disabled. Some clients want to disable Spam Shield for their CF7 forms, but leave it enabled for comment-spam.

Tidier auto-configuration on first-run to support auto-installs from wp-cli.

Bug Fix: In WPForms Pro, spammy contact requests were being detected, but still being emailed through to the notification recipients (WPForms Lite was OK). Corrected to work with both version of WPForms.

Minor improvement to the message previewer.

Fixed a but when sending through WPForms.

Admin dashboard message viewer

  • filter spam/ham messages
  • tidier UI on mobile devices

Adjusted the message-viewer to strip HTML tags from spammed messages in preview

Fixed minor cosmetic issue when viewing messages from the admin widget popup.

Improved comparability with PHP7.x

Minor update to better-handle saved messages if they've somehow got mangled.

Minor update with a tweak to the Power Plugins core libs.

More support for agency white-labelling.

Minor adjustment for better support of API-to-hostname restrictions when in Agency mode.

Initial public release

Minor update to use accurate flags graphics from https://hampusborgos.github.io/country-flags/ against country geo-located message sources.

Added fault tolerance around mangled/missing dates coming back from the stored messages.

Added integrations for WP Comments and Multi-Contact Bubble

Fixed a bug with APi key retrieval in stand-alone mode.

  • More agency-mode support
  • Added country code 2 (flags) to the "view recent messages" modal

Added better first-use auto-configuration

Added "agency mode" and "local/private mode"

  • Fix the "Check licence" button on the settings page
  • Fixed false alarm about a missing Power Plugins licence key (Spam Shield doesn't need a Power Plugins licence key)

Updated some core Power Plugins assets.

  • Added the Recent Messages viewer and the main admin dashboard widget.
  • Added the Settings page, so you can have country allow/block lists.
  • Added WPForms integration

Initial development release