WordPress Zero Spam - Version 4.9.9

Version Description

  • Enhancement - Strengthened spam detection for comment submission using a 'honeypot' field.
  • Enhancement - Added a 'honeypot' helper functions (wpzerospam_honeypot_field(), wpzerospam_get_honeypot()) to allow other forms, plugins, and themes to easily integrate a 'honeypot' check into submissions.
  • Enhancement - IP lookup links integrated in the admin dashboard and tables.
  • Deprecation - Gravity Forms is no longer supported — for the time being. See the plugin FAQs for more information.
Download this release

Release Info

Developer bmarshall511
Plugin Icon 128x128 WordPress Zero Spam
Version 4.9.9
Comparing to
See all releases

Code changes from version 4.9.8 to 4.9.9

Files changed (16) hide show
  1. assets/css/admin-tables.css +7 -0
  2. classes/class-wpzerospam-blacklisted-table.php +2 -2
  3. classes/class-wpzerospam-blocked-ip-table.php +1 -1
  4. classes/class-wpzerospam-log-table.php +5 -141
  5. inc/admin.php +33 -58
  6. inc/helpers.php +110 -65
  7. inc/security.php +0 -62
  8. inc/utilities.php +14 -12
  9. integrations/comments/comments.php +328 -26
  10. integrations/comments/js/comments.js +46 -37
  11. integrations/gravity-forms/gravity-forms.php +0 -48
  12. integrations/gravity-forms/js/gravity-forms.js +0 -37
  13. integrations/registrations/js/registrations.js +1 -1
  14. readme.txt +24 -9
  15. templates/ip-list.php +1 -1
  16. wordpress-zero-spam.php +4 -6
assets/css/admin-tables.css CHANGED
@@ -20,6 +20,8 @@
20
  border-radius: 5px;
21
  box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
22
  cursor: default;
 
 
23
  left: 50%;
24
  overflow: auto;
25
  max-height: 500px;
@@ -35,6 +37,11 @@
35
  .wpzerospam-details-item {
36
  display: flex;
37
  padding: 5px;
 
 
 
 
 
38
  }
39
 
40
  .wpzerospam-details-label {
20
  border-radius: 5px;
21
  box-shadow: 0 1px 1px rgba(0, 0, 0, 0.04);
22
  cursor: default;
23
+ display: flex;
24
+ flex-wrap: wrap;
25
  left: 50%;
26
  overflow: auto;
27
  max-height: 500px;
37
  .wpzerospam-details-item {
38
  display: flex;
39
  padding: 5px;
40
+ width: 100%;
41
+ }
42
+
43
+ .wpzerospam-details-item-unknown {
44
+ order: 9999999;
45
  }
46
 
47
  .wpzerospam-details-label {
classes/class-wpzerospam-blacklisted-table.php CHANGED
@@ -107,7 +107,7 @@ class WPZeroSpam_Blacklisted_Table extends WP_List_Table {
107
  return number_format( $item->attempts, 0 );
108
  break;
109
  case 'user_ip':
110
- return '<a href="https://whatismyipaddress.com/ip/' . $item->user_ip .'" target="_blank" rel="noopener noreferrer">' . $item->user_ip . '</a>';
111
  break;
112
  case 'last_updated':
113
  return date( 'M j, Y g:ia' , strtotime( $item->last_updated ) );
@@ -124,7 +124,7 @@ class WPZeroSpam_Blacklisted_Table extends WP_List_Table {
124
 
125
  echo '<div class="wpzerospam-details-item">';
126
  echo '<div class="wpzerospam-details-label">' . __( 'Detected Spam IP', 'wpzerospam' ) . '</div>';
127
- echo '<div class="wpzerospam-details-data">' . '<a href="https://whatismyipaddress.com/ip/' . $item->user_ip .'" target="_blank" rel="noopener noreferrer">' . $item->user_ip . '</a>' . '</div>';
128
  echo '</div>';
129
 
130
  echo '<div class="wpzerospam-details-item">';
107
  return number_format( $item->attempts, 0 );
108
  break;
109
  case 'user_ip':
110
+ return '<a href="https://zerospam.org/ip-lookup/' . $item->user_ip .'/" target="_blank" rel="noopener noreferrer">' . $item->user_ip . '</a>';
111
  break;
112
  case 'last_updated':
113
  return date( 'M j, Y g:ia' , strtotime( $item->last_updated ) );
124
 
125
  echo '<div class="wpzerospam-details-item">';
126
  echo '<div class="wpzerospam-details-label">' . __( 'Detected Spam IP', 'wpzerospam' ) . '</div>';
127
+ echo '<div class="wpzerospam-details-data">' . '<a href="https://zerospam.org/ip-lookup/' . urlencode( $item->user_ip ) .'" target="_blank" rel="noopener noreferrer">' . $item->user_ip . '</a>' . '</div>';
128
  echo '</div>';
129
 
130
  echo '<div class="wpzerospam-details-item">';
classes/class-wpzerospam-blocked-ip-table.php CHANGED
@@ -92,7 +92,7 @@ class WPZeroSpam_Blocked_IP_Table extends WP_List_Table {
92
  function column_default( $item, $column_name ) {
93
  switch( $column_name ) {
94
  case 'user_ip':
95
- return '<a href="https://whatismyipaddress.com/ip/' . $item->user_ip .'" target="_blank" rel="noopener noreferrer">' . $item->user_ip . '</a>';
96
  break;
97
  case 'blocked_id':
98
  return $item->blocked_id;
92
  function column_default( $item, $column_name ) {
93
  switch( $column_name ) {
94
  case 'user_ip':
95
+ return '<a href="https://zerospam.org/ip-lookup/' . urlencode( $item->user_ip ) .'" target="_blank" rel="noopener noreferrer">' . $item->user_ip . '</a>';
96
  break;
97
  case 'blocked_id':
98
  return $item->blocked_id;
classes/class-wpzerospam-log-table.php CHANGED
@@ -108,7 +108,7 @@ class WPZeroSpam_Log_Table extends WP_List_Table {
108
  return '<span class="wpzerospam-' . $item->log_type . '">' . wpzerospam_types( $item->log_type ) . '</span>';
109
  break;
110
  case 'user_ip':
111
- return '<a href="https://whatismyipaddress.com/ip/' . $item->user_ip .'" target="_blank" rel="noopener noreferrer">' . $item->user_ip . '</a>';
112
  break;
113
  case 'date_recorded':
114
  return date( 'M j, Y g:ia' , strtotime( $item->date_recorded ) );
@@ -189,146 +189,10 @@ class WPZeroSpam_Log_Table extends WP_List_Table {
189
  $submission_data = json_decode( $item->submission_data, true );
190
  foreach( $submission_data as $key => $value ):
191
  if ( ! $value ) { continue; }
 
 
 
192
  switch( $key ):
193
- case 'comment_post_ID':
194
- $post = get_post( $value );
195
- echo '<div class="wpzerospam-details-item">';
196
- if ( ! $post ) { echo 'N/A'; } else {
197
- echo '<div class="wpzerospam-details-label">' . __( 'Comment Post', 'wpzerospam' ) . '</div>';
198
- echo '<div class="wpzerospam-details-data"><a href="' . get_the_permalink( $value ) . '">' . get_the_title( $value ) . '</a></div>';
199
- }
200
- echo '</div>';
201
- break;
202
- case 'comment_author':
203
- $author_shown = true;
204
- echo '<div class="wpzerospam-details-item">';
205
- echo '<div class="wpzerospam-details-label">' . __( 'Author', 'wpzerospam' ) . '</div>';
206
- echo '<div class="wpzerospam-details-data">' . $value . '</div>';
207
- echo '</div>';
208
- break;
209
- case 'comment_author_email':
210
- $author_email = true;
211
- echo '<div class="wpzerospam-details-item">';
212
- echo '<div class="wpzerospam-details-label">' . __( 'Email', 'wpzerospam' ) . '</div>';
213
- echo '<div class="wpzerospam-details-data">' . $value . '</div>';
214
- echo '</div>';
215
- break;
216
- case 'comment_author_url':
217
- $author_url= true;
218
- echo '<div class="wpzerospam-details-item">';
219
- echo '<div class="wpzerospam-details-label">' . __( 'Website', 'wpzerospam' ) . '</div>';
220
- echo '<div class="wpzerospam-details-data">' . $value . '</div>';
221
- echo '</div>';
222
- break;
223
- case 'comment_content':
224
- echo '<div class="wpzerospam-details-item">';
225
- echo '<div class="wpzerospam-details-label">' . __( 'Comment', 'wpzerospam' ) . '</div>';
226
- echo '<div class="wpzerospam-details-data">' . sanitize_text_field( $value ) . '</div>';
227
- echo '</div>';
228
- break;
229
- case 'comment_type':
230
- echo '<div class="wpzerospam-details-item">';
231
- echo '<div class="wpzerospam-details-label">' . __( 'Comment Type', 'wpzerospam' ) . '</div>';
232
- echo '<div class="wpzerospam-details-data">' . $value . '</div>';
233
- echo '</div>';
234
- break;
235
- case 'comment_parent':
236
- echo '<div class="wpzerospam-details-item">';
237
- echo '<div class="wpzerospam-details-label">' . __( 'Comment Parent ID', 'wpzerospam' ) . '</div>';
238
- echo '<div class="wpzerospam-details-data">' . '<a href="' . get_comment_link( $value ) . '">' . $value . '</a>' . '</div>';
239
- echo '</div>';
240
- break;
241
- case 'comment_as_submitted':
242
- foreach( $value as $k => $v ):
243
- if ( ! $v ) { continue; }
244
-
245
- switch( $k ):
246
- case 'comment_author':
247
- if ( empty( $author_shown ) ) {
248
- echo '<div class="wpzerospam-details-item">';
249
- echo '<div class="wpzerospam-details-label">' . __( 'Author', 'wpzerospam' ) . '</div>';
250
- echo '<div class="wpzerospam-details-data">' . $v . '</div>';
251
- echo '</div>';
252
- }
253
- break;
254
- case 'comment_author_email':
255
- if ( empty( $author_email ) ) {
256
- echo '<div class="wpzerospam-details-item">';
257
- echo '<div class="wpzerospam-details-label">' . __( 'Email', 'wpzerospam' ) . '</div>';
258
- echo '<div class="wpzerospam-details-data">' . $v . '</div>';
259
- echo '</div>';
260
- }
261
- break;
262
- case 'comment_author_url':
263
- if ( empty( $author_url ) ) {
264
- echo '<div class="wpzerospam-details-item">';
265
- echo '<div class="wpzerospam-details-label">' . __( 'Website', 'wpzerospam' ) . '</div>';
266
- echo '<div class="wpzerospam-details-data">' . $v . '</div>';
267
- echo '</div>';
268
- }
269
- break;
270
- case 'comment_content':
271
- echo '<div class="wpzerospam-details-item">';
272
- echo '<div class="wpzerospam-details-label">' . __( 'Comment', 'wpzerospam' ) . '</div>';
273
- echo '<div class="wpzerospam-details-data">' . sanitize_text_field( $v ) . '</div>';
274
- echo '</div>';
275
- break;
276
- case 'user_ip':
277
- echo '<div class="wpzerospam-details-item">';
278
- echo '<div class="wpzerospam-details-label">' . __( 'User IP', 'wpzerospam' ) . '</div>';
279
- echo '<div class="wpzerospam-details-data"><a href="https://whatismyipaddress.com/ip/' . $item->user_ip .'" target="_blank" rel="noopener noreferrer">' . $v . '</a></div>';
280
- echo '</div>';
281
- break;
282
- case 'user_agent':
283
- echo '<div class="wpzerospam-details-item">';
284
- echo '<div class="wpzerospam-details-label">' . __( 'User Agent', 'wpzerospam' ) . '</div>';
285
- echo '<div class="wpzerospam-details-data">' . $v . '</div>';
286
- echo '</div>';
287
- break;
288
- case 'blog':
289
- echo '<div class="wpzerospam-details-item">';
290
- echo '<div class="wpzerospam-details-label">' . __( 'Site', 'wpzerospam' ) . '</div>';
291
- echo '<div class="wpzerospam-details-data">' . $v . '</div>';
292
- echo '</div>';
293
- break;
294
- case 'blog_lang':
295
- echo '<div class="wpzerospam-details-item">';
296
- echo '<div class="wpzerospam-details-label">' . __( 'Site Language', 'wpzerospam' ) . '</div>';
297
- echo '<div class="wpzerospam-details-data">' . $v . '</div>';
298
- echo '</div>';
299
- break;
300
- case 'blog_charset':
301
- echo '<div class="wpzerospam-details-item">';
302
- echo '<div class="wpzerospam-details-label">' . __( 'Site Charset', 'wpzerospam' ) . '</div>';
303
- echo '<div class="wpzerospam-details-data">' . $v . '</div>';
304
- echo '</div>';
305
- break;
306
- case 'permalink':
307
- echo '<div class="wpzerospam-details-item">';
308
- echo '<div class="wpzerospam-details-label">' . __( 'Permalink', 'wpzerospam' ) . '</div>';
309
- echo '<div class="wpzerospam-details-data">' . '<a href="' . $v . '" target="_blank">' . $v . '</a>' . '</div>';
310
- echo '</div>';
311
- break;
312
- default:
313
- echo '<div class="wpzerospam-details-item">';
314
- echo $k . ' - ';
315
- print_r( $v );
316
- echo '</div>';
317
- endswitch;
318
- endforeach;
319
- break;
320
- case 'akismet_result':
321
- echo '<div class="wpzerospam-details-item">';
322
- echo '<div class="wpzerospam-details-label">' . __( 'Akismet Result', 'wpzerospam' ) . '</div>';
323
- echo '<div class="wpzerospam-details-data">' . $value . '</div>';
324
- echo '</div>';
325
- break;
326
- case 'akismet_pro_tip':
327
- echo '<div class="wpzerospam-details-item">';
328
- echo '<div class="wpzerospam-details-label">' . __( 'Akismet Pro Tip', 'wpzerospam' ) . '</div>';
329
- echo '<div class="wpzerospam-details-data">' . $value . '</div>';
330
- echo '</div>';
331
- break;
332
  case 'sanitized_user_login':
333
  echo '<div class="wpzerospam-details-item">';
334
  echo '<div class="wpzerospam-details-label">' . __( 'Sanitized User Login', 'wpzerospam' ) . '</div>';
@@ -402,7 +266,7 @@ class WPZeroSpam_Log_Table extends WP_List_Table {
402
  break;
403
 
404
  default:
405
- echo '<div class="wpzerospam-details-item">';
406
  echo '<div class="wpzerospam-details-label">' . $key . '</div>';
407
  echo '<div class="wpzerospam-details-data">' . json_encode( $value ) . '</div>';
408
  echo '</div>';
108
  return '<span class="wpzerospam-' . $item->log_type . '">' . wpzerospam_types( $item->log_type ) . '</span>';
109
  break;
110
  case 'user_ip':
111
+ return '<a href="https://zerospam.org/ip-lookup/' . urlencode( $item->user_ip ) .'" target="_blank" rel="noopener noreferrer">' . $item->user_ip . '</a>';
112
  break;
113
  case 'date_recorded':
114
  return date( 'M j, Y g:ia' , strtotime( $item->date_recorded ) );
189
  $submission_data = json_decode( $item->submission_data, true );
190
  foreach( $submission_data as $key => $value ):
191
  if ( ! $value ) { continue; }
192
+
193
+ do_action( 'wpzerospam_admin_submission_data_items', $key, $value );
194
+
195
  switch( $key ):
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
196
  case 'sanitized_user_login':
197
  echo '<div class="wpzerospam-details-item">';
198
  echo '<div class="wpzerospam-details-label">' . __( 'Sanitized User Login', 'wpzerospam' ) . '</div>';
266
  break;
267
 
268
  default:
269
+ echo '<div class="wpzerospam-details-item wpzerospam-details-item-unknown">';
270
  echo '<div class="wpzerospam-details-label">' . $key . '</div>';
271
  echo '<div class="wpzerospam-details-data">' . json_encode( $value ) . '</div>';
272
  echo '</div>';
inc/admin.php CHANGED
@@ -6,6 +6,36 @@
6
  * @since 4.0.0
7
  */
8
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
9
  function wpzerospam_admin_menu() {
10
  add_menu_page(
11
  __( 'WordPress Zero Spam Dashboard', 'wpzerospam' ),
@@ -319,7 +349,6 @@ function wpzerospam_options_page() {
319
 
320
  function wpzerospam_validate_options( $input ) {
321
  if ( empty( $input['log_spam'] ) ) { $input['log_spam'] = 'disabled'; }
322
- if ( empty( $input['verify_comments'] ) ) { $input['verify_comments'] = 'disabled'; }
323
  if ( empty( $input['verify_registrations'] ) ) { $input['verify_registrations'] = 'disabled'; }
324
  if ( empty( $input['log_blocked_ips'] ) ) { $input['log_blocked_ips'] = 'disabled'; }
325
  if ( empty( $input['auto_block_ips'] ) ) { $input['auto_block_ips'] = 'disabled'; }
@@ -352,10 +381,6 @@ function wpzerospam_validate_options( $input ) {
352
  $input['verify_cf7'] = 'disabled';
353
  }
354
 
355
- if ( empty( $input['verify_gform'] ) ) {
356
- $input['verify_gform'] = 'disabled';
357
- }
358
-
359
  if ( empty( $input['verify_bp_registrations'] ) ) {
360
  $input['verify_bp_registrations'] = 'disabled';
361
  }
@@ -376,22 +401,16 @@ function wpzerospam_validate_options( $input ) {
376
  $input['stop_forum_spam'] = 'disabled';
377
  }
378
 
379
- if ( empty( $input['strip_comment_links'] ) ) {
380
- $input['strip_comment_links'] = 'disabled';
381
- }
382
-
383
  if ( empty( $input['share_detections'] ) ) {
384
  $input['share_detections'] = 'disabled';
385
  }
386
 
387
- if ( empty( $input['strip_comment_author_links'] ) ) {
388
- $input['strip_comment_author_links'] = 'disabled';
389
- }
390
-
391
  if ( empty( $input['blocked_message'] ) ) {
392
  $input['blocked_message'] = 'You have been blocked from visiting this site by WordPress Zero Spam due to detected spam activity.';
393
  }
394
 
 
 
395
  return $input;
396
  }
397
 
@@ -477,28 +496,6 @@ function wpzerospam_admin_init() {
477
  'placeholder' => 3
478
  ]);
479
 
480
- // Option to strips links in comments
481
- add_settings_field( 'strip_comment_links', __( 'Strip Comment Links', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_onsite', [
482
- 'label_for' => 'strip_comment_links',
483
- 'type' => 'checkbox',
484
- 'multi' => false,
485
- 'desc' => 'Spambots commonly post spam links in comments. Enable this option to strip links from comments.',
486
- 'options' => [
487
- 'enabled' => __( 'Enabled', 'wpzerospam' )
488
- ]
489
- ]);
490
-
491
- // Option to remove author links
492
- add_settings_field( 'strip_comment_author_links', __( 'Strip Comment Author Links', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_onsite', [
493
- 'label_for' => 'strip_comment_author_links',
494
- 'type' => 'checkbox',
495
- 'multi' => false,
496
- 'desc' => 'Spammers are well-known at injecting malicious links in the comment author website field, this option disables it.',
497
- 'options' => [
498
- 'enabled' => __( 'Enabled', 'wpzerospam' )
499
- ]
500
- ]);
501
-
502
  // API timeout
503
  add_settings_field( 'api_timeout', __( 'API Timeout', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_spam_checks', [
504
  'label_for' => 'api_timeout',
@@ -643,16 +640,7 @@ function wpzerospam_admin_init() {
643
  ]
644
  ]);
645
 
646
- // Comment spam check
647
- add_settings_field( 'verify_comments', __( 'Verify Comments', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_spam_checks', [
648
- 'label_for' => 'verify_comments',
649
- 'type' => 'checkbox',
650
- 'multi' => false,
651
- 'desc' => 'Enables spam detection of submitted comments.',
652
- 'options' => [
653
- 'enabled' => __( 'Enabled', 'wpzerospam' )
654
- ]
655
- ]);
656
 
657
  // Registration spam check
658
  add_settings_field( 'verify_registrations', __( 'Verify Registrations', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_spam_checks', [
@@ -678,19 +666,6 @@ function wpzerospam_admin_init() {
678
  ]);
679
  }
680
 
681
- // Gravity Forms spam check
682
- if ( is_plugin_active( 'gravityforms/gravityforms.php' ) ) {
683
- add_settings_field( 'verify_gform', __( 'Verify Gravity Forms Submissions', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_spam_checks', [
684
- 'label_for' => 'verify_gform',
685
- 'type' => 'checkbox',
686
- 'multi' => false,
687
- 'desc' => 'Enables spam detection for Gravity Forms submissions.',
688
- 'options' => [
689
- 'enabled' => __( 'Enabled', 'wpzerospam' )
690
- ]
691
- ]);
692
- }
693
-
694
  // BuddyPress registrations spam check
695
  if ( function_exists( 'bp_is_active' ) ) {
696
  add_settings_field( 'verify_bp_registrations', __( 'Verify BuddyPress Registrations', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_spam_checks', [
6
  * @since 4.0.0
7
  */
8
 
9
+ /**
10
+ * Returns output for detail item.
11
+ *
12
+ * @since 4.9.9
13
+ *
14
+ * @param string $label The item label.
15
+ * @param string $value The item value.
16
+ * @return string HTML for the detail item output.
17
+ */
18
+ if ( ! function_exists( 'wpzerospam_details_item') ) {
19
+ function wpzerospam_admin_details_item( $label, $value ) {
20
+ ob_start();
21
+ ?>
22
+ <div class="wpzerospam-details-item">
23
+ <div class="wpzerospam-details-label"><?php echo $label; ?></div>
24
+ <div class="wpzerospam-details-data">
25
+ <?php
26
+ if ( is_array( $value ) ):
27
+ print_r( $value );
28
+ else:
29
+ echo $value;
30
+ endif;
31
+ ?>
32
+ </div>
33
+ </div>
34
+ <?php
35
+ return ob_get_clean();
36
+ }
37
+ }
38
+
39
  function wpzerospam_admin_menu() {
40
  add_menu_page(
41
  __( 'WordPress Zero Spam Dashboard', 'wpzerospam' ),
349
 
350
  function wpzerospam_validate_options( $input ) {
351
  if ( empty( $input['log_spam'] ) ) { $input['log_spam'] = 'disabled'; }
 
352
  if ( empty( $input['verify_registrations'] ) ) { $input['verify_registrations'] = 'disabled'; }
353
  if ( empty( $input['log_blocked_ips'] ) ) { $input['log_blocked_ips'] = 'disabled'; }
354
  if ( empty( $input['auto_block_ips'] ) ) { $input['auto_block_ips'] = 'disabled'; }
381
  $input['verify_cf7'] = 'disabled';
382
  }
383
 
 
 
 
 
384
  if ( empty( $input['verify_bp_registrations'] ) ) {
385
  $input['verify_bp_registrations'] = 'disabled';
386
  }
401
  $input['stop_forum_spam'] = 'disabled';
402
  }
403
 
 
 
 
 
404
  if ( empty( $input['share_detections'] ) ) {
405
  $input['share_detections'] = 'disabled';
406
  }
407
 
 
 
 
 
408
  if ( empty( $input['blocked_message'] ) ) {
409
  $input['blocked_message'] = 'You have been blocked from visiting this site by WordPress Zero Spam due to detected spam activity.';
410
  }
411
 
412
+ $input = apply_filters( 'wpzerospam_admin_validation', $input );
413
+
414
  return $input;
415
  }
416
 
496
  'placeholder' => 3
497
  ]);
498
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
499
  // API timeout
500
  add_settings_field( 'api_timeout', __( 'API Timeout', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_spam_checks', [
501
  'label_for' => 'api_timeout',
640
  ]
641
  ]);
642
 
643
+ do_action( 'wpzerospam_admin_fields' );
 
 
 
 
 
 
 
 
 
644
 
645
  // Registration spam check
646
  add_settings_field( 'verify_registrations', __( 'Verify Registrations', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_spam_checks', [
666
  ]);
667
  }
668
 
 
 
 
 
 
 
 
 
 
 
 
 
 
669
  // BuddyPress registrations spam check
670
  if ( function_exists( 'bp_is_active' ) ) {
671
  add_settings_field( 'verify_bp_registrations', __( 'Verify BuddyPress Registrations', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_spam_checks', [
inc/helpers.php CHANGED
@@ -274,7 +274,7 @@ if ( ! function_exists( 'wpzerospam_attempt_blocked' ) ) {
274
  ]);
275
  }
276
 
277
- wpzerospam_detection( 'blocked', [ 'reason' => $reason ] );
278
 
279
  if ( 'redirect' == $options['block_handler'] ) {
280
  wp_redirect( esc_url( $options['blocked_redirect_url'] ) );
@@ -287,7 +287,7 @@ if ( ! function_exists( 'wpzerospam_attempt_blocked' ) ) {
287
  }
288
 
289
  /**
290
- * Fired anytime a malicious attempt or spam submission is detected.
291
  *
292
  * This functions logs (if enabled) detections & handles sharing those
293
  * detections with Zero Spam (if enabled).
@@ -299,8 +299,8 @@ if ( ! function_exists( 'wpzerospam_attempt_blocked' ) ) {
299
  * from the current users IP address.
300
  * @param array $data Optional. Array of additional information to log.
301
  */
302
- if ( ! function_exists( 'wpzerospam_detection' ) ) {
303
- function wpzerospam_detection( $type, $data = [] ) {
304
  global $wpdb;
305
  $options = wpzerospam_options();
306
 
@@ -405,6 +405,112 @@ function wpzerospam_share_detection( $data ) {
405
  return wp_remote_retrieve_body( $request );
406
  }
407
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
408
 
409
 
410
 
@@ -604,54 +710,7 @@ if ( ! function_exists( 'wpzerospam_query' ) ) {
604
 
605
 
606
 
607
- /**
608
- * Handles what happens when spam is detected
609
- */
610
- if ( ! function_exists( 'wpzerospam_spam_detected' ) ) {
611
- function wpzerospam_spam_detected( $type, $data = [], $handle_error = true ) {
612
- $options = wpzerospam_options();
613
- $ip = wpzerospam_ip();
614
-
615
- // Log the spam sttempt
616
- wpzerospam_detection( $type, $data );
617
-
618
- // Check if number attempts should result in a permanent block
619
- $blocked_ip = wpzerospam_get_blocked_ips( $ip );
620
- if ( $blocked_ip && $blocked_ip->attempts >= $options['auto_block_permanently'] ) {
621
- // Permanently block the IP
622
- wpzerospam_update_blocked_ip( $ip , [
623
- 'blocked_type' => 'permanent',
624
- 'reason' => $type . ' (permanently auto-blocked)'
625
- ]);
626
-
627
- // Check if the IP should be temporarily auto-blocked
628
- } elseif ( 'enabled' == $options['auto_block_ips'] ) {
629
-
630
- $start_block = current_time( 'mysql' );
631
- $end_block = new DateTime( $start_block );
632
- $end_block->add( new DateInterval( 'PT' . $options['auto_block_period'] . 'M' ) );
633
-
634
- wpzerospam_update_blocked_ip( $ip , [
635
- 'blocked_type' => 'temporary',
636
- 'start_block' => $start_block,
637
- 'end_block' => $end_block->format('Y-m-d G:i:s'),
638
- 'reason' => $type . ' (auto-blocked)'
639
- ]);
640
- }
641
 
642
- // Check if WordPress Zero Spam should handle the error. False for forms
643
- // that process via AJAX & expect a json response.
644
- if ( $handle_error ) {
645
- if ( 'redirect' == $options['spam_handler'] ) {
646
- wp_redirect( esc_url( $options['spam_redirect_url'] ) );
647
- exit();
648
- } else {
649
- status_header( 403 );
650
- die( $options['spam_message'] );
651
- }
652
- }
653
- }
654
- }
655
 
656
  /**
657
  * Add a IP address to the blocked table
@@ -710,20 +769,7 @@ if ( ! function_exists( 'wpzerospam_update_blocked_ip' ) ) {
710
  }
711
  }
712
 
713
- /**
714
- * Returns the generated key for checking submissions
715
- */
716
- if ( ! function_exists( 'wpzerospam_get_key' ) ) {
717
- function wpzerospam_get_key() {
718
- $key = get_option( 'wpzerospam_key' );
719
- if ( ! $key ) {
720
- $key = wp_generate_password( 64 );
721
- update_option( 'wpzerospam_key', $key );
722
- }
723
 
724
- return $key;
725
- }
726
- }
727
 
728
  /**
729
  * Validates a post submission
@@ -769,7 +815,6 @@ if ( ! function_exists( 'wpzerospam_plugin_integration_enabled' ) ) {
769
 
770
  $integrations = [
771
  'cf7' => 'contact-form-7/wp-contact-form-7.php',
772
- 'gform' => 'gravityforms/gravityforms.php',
773
  'fluentform' => 'fluentform/fluentform.php',
774
  'wpforms' => [ 'wpforms/wpforms.php', 'wpforms-lite/wpforms.php' ],
775
  'formidable' => 'formidable/formidable.php',
274
  ]);
275
  }
276
 
277
+ wpzerospam_log_detection( 'blocked', [ 'reason' => $reason ] );
278
 
279
  if ( 'redirect' == $options['block_handler'] ) {
280
  wp_redirect( esc_url( $options['blocked_redirect_url'] ) );
287
  }
288
 
289
  /**
290
+ * Logs a spam detection.
291
  *
292
  * This functions logs (if enabled) detections & handles sharing those
293
  * detections with Zero Spam (if enabled).
299
  * from the current users IP address.
300
  * @param array $data Optional. Array of additional information to log.
301
  */
302
+ if ( ! function_exists( 'wpzerospam_log_detection' ) ) {
303
+ function wpzerospam_log_detection( $type, $data = [] ) {
304
  global $wpdb;
305
  $options = wpzerospam_options();
306
 
405
  return wp_remote_retrieve_body( $request );
406
  }
407
 
408
+ /**
409
+ * Returns the generated key for checking submissions.
410
+ *
411
+ * @since 4.0.0
412
+ *
413
+ * @return string A unique key used for detections.
414
+ */
415
+ if ( ! function_exists( 'wpzerospam_get_key' ) ) {
416
+ function wpzerospam_get_key() {
417
+ $key = get_option( 'wpzerospam_key' );
418
+ if ( ! $key ) {
419
+ $key = wp_generate_password( 64 );
420
+ update_option( 'wpzerospam_key', $key );
421
+ }
422
+
423
+ return $key;
424
+ }
425
+ }
426
+
427
+ /**
428
+ * Returns the generated key for checking submissions.
429
+ *
430
+ * @since 4.9.9
431
+ *
432
+ * @return string A unique key used for the 'honeypot' field.
433
+ */
434
+ if ( ! function_exists( 'wpzerospam_get_honeypot' ) ) {
435
+ function wpzerospam_get_honeypot() {
436
+ $key = get_option( 'wpzerospam_honeypot' );
437
+ if ( ! $key ) {
438
+ $key = wp_generate_password( 5, false, false );
439
+ update_option( 'wpzerospam_honeypot', $key );
440
+ }
441
+
442
+ return $key;
443
+ }
444
+ }
445
+
446
+
447
+
448
+
449
+
450
+
451
+
452
+
453
+
454
+
455
+ /**
456
+ * Handles what happens when spam is detected.
457
+ *
458
+ * @since 4.0.0
459
+ *
460
+ * @param string $type Machine-readable name for the type of spam.
461
+ * @param array $data Additional information submitted when the spam was detected.
462
+ * @param boolean $handle_detection Determines if this function should handle the function or is handled in the submission hook.
463
+ * @return void
464
+ */
465
+ if ( ! function_exists( 'wpzerospam_spam_detected' ) ) {
466
+ function wpzerospam_spam_detected( $type, $data = [], $handle_detection = true ) {
467
+ $options = wpzerospam_options();
468
+ $ip = wpzerospam_ip();
469
+
470
+ // Log the spam sttempt
471
+ wpzerospam_log_detection( $type, $data );
472
+
473
+ // Check if number attempts should result in a permanent block
474
+ $blocked_ip = wpzerospam_get_blocked_ips( $ip );
475
+ if ( $blocked_ip && $blocked_ip->attempts >= $options['auto_block_permanently'] ) {
476
+ // Permanently block the IP
477
+ wpzerospam_update_blocked_ip( $ip , [
478
+ 'blocked_type' => 'permanent',
479
+ 'reason' => $type . ' (permanently auto-blocked)'
480
+ ]);
481
+
482
+ // Check if the IP should be temporarily auto-blocked
483
+ } elseif ( 'enabled' == $options['auto_block_ips'] ) {
484
+
485
+ $start_block = current_time( 'mysql' );
486
+ $end_block = new DateTime( $start_block );
487
+ $end_block->add( new DateInterval( 'PT' . $options['auto_block_period'] . 'M' ) );
488
+
489
+ wpzerospam_update_blocked_ip( $ip , [
490
+ 'blocked_type' => 'temporary',
491
+ 'start_block' => $start_block,
492
+ 'end_block' => $end_block->format('Y-m-d G:i:s'),
493
+ 'reason' => $type . ' (auto-blocked)'
494
+ ]);
495
+ }
496
+
497
+ // Check if WordPress Zero Spam should handle the error. False for forms
498
+ // that process via AJAX & expect a json response.
499
+ if ( $handle_detection ) {
500
+ if ( 'redirect' == $options['spam_handler'] ) {
501
+ wp_redirect( esc_url( $options['spam_redirect_url'] ) );
502
+ exit();
503
+ } else {
504
+ status_header( 403 );
505
+ die( $options['spam_message'] );
506
+ }
507
+ }
508
+ }
509
+ }
510
+
511
+
512
+
513
+
514
 
515
 
516
 
710
 
711
 
712
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
713
 
 
 
 
 
 
 
 
 
 
 
 
 
 
714
 
715
  /**
716
  * Add a IP address to the blocked table
769
  }
770
  }
771
 
 
 
 
 
 
 
 
 
 
 
772
 
 
 
 
773
 
774
  /**
775
  * Validates a post submission
815
 
816
  $integrations = [
817
  'cf7' => 'contact-form-7/wp-contact-form-7.php',
 
818
  'fluentform' => 'fluentform/fluentform.php',
819
  'wpforms' => [ 'wpforms/wpforms.php', 'wpforms-lite/wpforms.php' ],
820
  'formidable' => 'formidable/formidable.php',
inc/security.php CHANGED
@@ -14,22 +14,6 @@ if ( ! function_exists( 'wpzerospam_filter_hooks' ) ) {
14
  $options = wpzerospam_options();
15
 
16
  add_filter( 'the_generator', 'wpzerospam_remove_generator' );
17
-
18
- if ( 'enabled' == $options['strip_comment_links'] ) {
19
- remove_filter( 'comment_text', 'make_clickable', 9 );
20
-
21
- add_filter( 'comment_text', 'wpzerospam_strip_comment_links_display', 10, 1);
22
- add_filter( 'comment_text_rss', 'wpzerospam_strip_comment_links_display', 10, 1);
23
- add_filter( 'comment_excerpt', 'wpzerospam_strip_comment_links_display', 10, 1);
24
-
25
- add_filter( 'preprocess_comment', 'wpzerospam_strip_comment_links', 10, 1 );
26
- }
27
-
28
- if ( 'enabled' == $options['strip_comment_author_links'] ) {
29
- add_filter( 'get_comment_author_link', 'wpzerospam_remove_comment_author_link', 10, 3 );
30
- add_filter( 'get_comment_author_url', 'wpzerospam_remove_author_url' );
31
- add_filter( 'comment_form_default_fields', 'wpzerospam_remove_author_url_field' );
32
- }
33
  }
34
  }
35
 
@@ -51,49 +35,3 @@ if ( ! function_exists( 'wpzerospam_remove_generator' ) ) {
51
  return '';
52
  }
53
  }
54
-
55
- if ( ! function_exists( 'wpzerospam_remove_author_url_field' ) ) {
56
- function wpzerospam_remove_author_url_field( $fields ) {
57
- if ( isset( $fields['url'] ) ) {
58
- unset( $fields['url'] );
59
- }
60
-
61
- return $fields;
62
- }
63
- }
64
-
65
- if ( ! function_exists( 'wpzerospam_remove_comment_author_link' ) ) {
66
- function wpzerospam_remove_comment_author_link( $return, $author, $comment_ID ) {
67
- return $author;
68
- }
69
- }
70
-
71
- if ( ! function_exists( 'wpzerospam_remove_author_url' ) ) {
72
- function wpzerospam_remove_author_url() {
73
- return false;
74
- }
75
- }
76
-
77
- if ( ! function_exists( 'wpzerospam_strip_comment_links' ) ) {
78
- function wpzerospam_strip_comment_links( $comment ) {
79
- global $allowedtags;
80
-
81
- $tags = $allowedtags;
82
- unset( $tags['a'] );
83
- $content = addslashes( wp_kses( stripslashes( $comment ), $tags) );
84
-
85
- return $comment;
86
- }
87
- }
88
-
89
- if ( ! function_exists( 'wpzerospam_strip_comment_links_display' ) ) {
90
- function wpzerospam_strip_comment_links_display( $comment ) {
91
- global $allowedtags;
92
-
93
- $tags = $allowedtags;
94
- unset( $tags['a'] );
95
- $content = addslashes( wp_kses( stripslashes( $comment ), $tags) );
96
-
97
- return $comment;
98
- }
99
- }
14
  $options = wpzerospam_options();
15
 
16
  add_filter( 'the_generator', 'wpzerospam_remove_generator' );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
17
  }
18
  }
19
 
35
  return '';
36
  }
37
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
inc/utilities.php CHANGED
@@ -14,6 +14,19 @@
14
  */
15
  require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'inc/locations.php';
16
 
 
 
 
 
 
 
 
 
 
 
 
 
 
17
  /**
18
  * Get the user's current URL
19
  */
@@ -101,7 +114,6 @@ if ( ! function_exists( 'wpzerospam_options' ) ) {
101
  if ( empty( $options['spam_message'] ) ) { $options['spam_message'] = __( 'There was a problem with your submission. Please go back and try again.', 'wpzerospam' ); }
102
  if ( empty( $options['blocked_message'] ) ) { $options['blocked_message'] = __( 'You have been blocked from visiting this site by WordPress Zero Spam due to detected spam activity.', 'wpzerospam' ); }
103
  if ( empty( $options['log_spam'] ) ) { $options['log_spam'] = 'disabled'; }
104
- if ( empty( $options['verify_comments'] ) ) { $options['verify_comments'] = 'enabled'; }
105
  if ( empty( $options['verify_registrations'] ) ) { $options['verify_registrations'] = 'enabled'; }
106
  if ( empty( $options['log_blocked_ips'] ) ) { $options['log_blocked_ips'] = 'disabled'; }
107
  if ( empty( $options['auto_block_permanently'] ) ) { $options['auto_block_permanently'] = 3; }
@@ -120,10 +132,6 @@ if ( ! function_exists( 'wpzerospam_options' ) ) {
120
  $options['share_detections'] = 'enabled';
121
  }
122
 
123
- if ( empty( $options['verify_gform'] ) ) {
124
- $options['verify_gform'] = 'enabled';
125
- }
126
-
127
  if ( empty( $options['verify_bp_registrations'] ) ) {
128
  $options['verify_bp_registrations'] = 'enabled';
129
  }
@@ -144,13 +152,7 @@ if ( ! function_exists( 'wpzerospam_options' ) ) {
144
  $options['stop_forum_spam'] = 'enabled';
145
  }
146
 
147
- if ( empty( $options['strip_comment_links'] ) ) {
148
- $options['strip_comment_links'] = 'disabled';
149
- }
150
-
151
- if ( empty( $options['strip_comment_author_links'] ) ) {
152
- $options['strip_comment_author_links'] = 'disabled';
153
- }
154
 
155
  return $options;
156
  }
14
  */
15
  require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'inc/locations.php';
16
 
17
+ /**
18
+ * Outputs a honeypot field
19
+ *
20
+ * @since 4.9.9
21
+ *
22
+ * @return string Returns a HTML honeypot field.
23
+ */
24
+ if ( ! function_exists( 'wpzerospam_honeypot_field' ) ) {
25
+ function wpzerospam_honeypot_field() {
26
+ return '<input type="text" name="' . wpzerospam_get_honeypot() . '" value="" style="display: none !important;" />';
27
+ }
28
+ }
29
+
30
  /**
31
  * Get the user's current URL
32
  */
114
  if ( empty( $options['spam_message'] ) ) { $options['spam_message'] = __( 'There was a problem with your submission. Please go back and try again.', 'wpzerospam' ); }
115
  if ( empty( $options['blocked_message'] ) ) { $options['blocked_message'] = __( 'You have been blocked from visiting this site by WordPress Zero Spam due to detected spam activity.', 'wpzerospam' ); }
116
  if ( empty( $options['log_spam'] ) ) { $options['log_spam'] = 'disabled'; }
 
117
  if ( empty( $options['verify_registrations'] ) ) { $options['verify_registrations'] = 'enabled'; }
118
  if ( empty( $options['log_blocked_ips'] ) ) { $options['log_blocked_ips'] = 'disabled'; }
119
  if ( empty( $options['auto_block_permanently'] ) ) { $options['auto_block_permanently'] = 3; }
132
  $options['share_detections'] = 'enabled';
133
  }
134
 
 
 
 
 
135
  if ( empty( $options['verify_bp_registrations'] ) ) {
136
  $options['verify_bp_registrations'] = 'enabled';
137
  }
152
  $options['stop_forum_spam'] = 'enabled';
153
  }
154
 
155
+ $options = apply_filters( 'wpzerospam_admin_fields_default', $options );
 
 
 
 
 
 
156
 
157
  return $options;
158
  }
integrations/comments/comments.php CHANGED
@@ -1,51 +1,354 @@
1
  <?php
2
  /**
3
- * Handles checking submitted comments for spam
4
  *
5
  * @package WordPressZeroSpam
6
  * @since 4.3.7
7
  */
8
 
9
  /**
10
- * Add the 'comment' spam type
 
 
 
 
11
  */
12
- add_filter( 'wpzerospam_types', function( $types ) {
13
- $types = array_merge( $types, [ 'comment' => 'Comment' ] );
14
- return $types;
15
- });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
16
 
17
  /**
18
- * Preprocess comment fields
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
19
  */
20
- if ( ! function_exists( 'wpzerospam_preprocess_comment' ) ) {
21
- function wpzerospam_preprocess_comment( $commentdata ) {
22
  $options = get_option( 'wpzerospam' );
23
- if ( 'enabled' != $options['verify_comments'] ) { return $commentdata; }
24
 
25
- if (
26
- is_user_logged_in() && current_user_can( 'moderate_comments' ) ||
27
- wpzerospam_key_check()
28
- ) {
29
- return $commentdata;
 
 
 
 
 
 
 
 
 
30
  }
31
 
32
- // Spam comment detected
33
- do_action( 'wpzerospam_comment_spam', $commentdata );
 
 
 
 
 
 
34
 
35
- wpzerospam_spam_detected( 'comment', $commentdata );
 
 
 
 
36
  }
37
  }
38
- add_action( 'preprocess_comment', 'wpzerospam_preprocess_comment' );
39
 
40
  /**
41
- * Enqueue the comment form JS
42
  */
43
- if ( ! function_exists( 'wpzerospam_comment_form' ) ) {
44
- function wpzerospam_comment_form() {
45
- $options = get_option( 'wpzerospam' );
46
- if ( 'enabled' != $options['verify_comments'] ) { return; }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
47
 
48
- // WordPress Zero Spam comment integration
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
49
  wp_enqueue_script(
50
  'wpzerospam-integration-comments',
51
  plugin_dir_url( WORDPRESS_ZERO_SPAM ) .
@@ -56,4 +359,3 @@ if ( ! function_exists( 'wpzerospam_comment_form' ) ) {
56
  );
57
  }
58
  }
59
- add_action( 'comment_form', 'wpzerospam_comment_form' );
1
  <?php
2
  /**
3
+ * Comment form spam detection
4
  *
5
  * @package WordPressZeroSpam
6
  * @since 4.3.7
7
  */
8
 
9
  /**
10
+ * Adds admin settings for comment submission protection.
11
+ *
12
+ * @since 4.9.9
13
+ *
14
+ * @return void
15
  */
16
+ if ( ! function_exists( 'wpzerospam_comments_admin_fields' ) ) {
17
+ function wpzerospam_comments_admin_fields() {
18
+ // Option to strips links in comments
19
+ add_settings_field( 'strip_comment_links', __( 'Strip Comment Links', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_onsite', [
20
+ 'label_for' => 'strip_comment_links',
21
+ 'type' => 'checkbox',
22
+ 'multi' => false,
23
+ 'desc' => 'Spambots commonly post spam links in comments. Enable this option to strip links from comments.',
24
+ 'options' => [
25
+ 'enabled' => __( 'Enabled', 'wpzerospam' )
26
+ ]
27
+ ]);
28
+
29
+ // Option to remove author links
30
+ add_settings_field( 'strip_comment_author_links', __( 'Strip Comment Author Links', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_onsite', [
31
+ 'label_for' => 'strip_comment_author_links',
32
+ 'type' => 'checkbox',
33
+ 'multi' => false,
34
+ 'desc' => 'Spammers are well-known at injecting malicious links in the comment author website field, this option disables it.',
35
+ 'options' => [
36
+ 'enabled' => __( 'Enabled', 'wpzerospam' )
37
+ ]
38
+ ]);
39
+
40
+ // Add option to enable/disable comment form submission protection.
41
+ add_settings_field( 'verify_comments', __( 'Detect Comment Spam', 'wpzerospam' ), 'wpzerospam_field_cb', 'wpzerospam', 'wpzerospam_spam_checks', [
42
+ 'label_for' => 'verify_comments',
43
+ 'type' => 'checkbox',
44
+ 'multi' => false,
45
+ 'desc' => 'Enables comment form submission protection.',
46
+ 'options' => [
47
+ 'enabled' => __( 'Enabled', 'wpzerospam' )
48
+ ]
49
+ ]);
50
+ }
51
+ }
52
+ add_action( 'wpzerospam_admin_fields', 'wpzerospam_comments_admin_fields' );
53
 
54
  /**
55
+ * Add validation to the comment form submission protection admin fields.
56
+ *
57
+ * @since 4.9.9
58
+ *
59
+ * @param array $fields Array on available admin fields.
60
+ */
61
+ if ( ! function_exists( 'wpzerospam_comments_admin_validation' ) ) {
62
+ function wpzerospam_comments_admin_validation( $fields ) {
63
+ if ( empty( $fields['verify_comments'] ) ) { $fields['verify_comments'] = 'disabled'; }
64
+ if ( empty( $fields['strip_comment_links'] ) ) { $fields['strip_comment_links'] = 'disabled'; }
65
+ if ( empty( $fields['strip_comment_author_links'] ) ) { $fields['strip_comment_author_links'] = 'disabled'; }
66
+
67
+ return $fields;
68
+ }
69
+ }
70
+ add_filter( 'wpzerospam_admin_validation', 'wpzerospam_comments_admin_validation' );
71
+
72
+ if ( ! function_exists( 'wpzerospam_comment_admin_fields_default' ) ) {
73
+ function wpzerospam_comment_admin_fields_default( $defaults ) {
74
+ if ( empty( $defaults['verify_comments'] ) ) { $defaults['verify_comments'] = 'enabled'; }
75
+ if ( empty( $defaults['strip_comment_links'] ) ) { $defaults['strip_comment_links'] = 'disabled'; }
76
+ if ( empty( $defaults['strip_comment_author_links'] ) ) { $defaults['strip_comment_author_links'] = 'disabled'; }
77
+
78
+ return $defaults;
79
+ }
80
+ }
81
+ add_filter( 'wpzerospam_admin_fields_default', 'wpzerospam_comment_admin_fields_default' );
82
+
83
+ if ( ! function_exists( 'wpzerospam_comment_admin_submission_data_item' ) ) {
84
+ function wpzerospam_comment_admin_submission_data_item( $key, $value ) {
85
+ switch( $key ) {
86
+ case 'comment_post_ID':
87
+ $post = get_post( $value );
88
+ if ( $post ) {
89
+ $item_value = '<a href="' . get_the_permalink( $value ) . '">' . get_the_title( $value ) . '</a>';
90
+ } else {
91
+ $item_value = 'N/A';
92
+ }
93
+ echo wpzerospam_admin_details_item( __( 'Comment Post', 'wpzerospam' ), $item_value );
94
+ break;
95
+ case 'comment_author':
96
+ echo wpzerospam_admin_details_item( __( 'Author', 'wpzerospam' ), $value );
97
+ break;
98
+ case 'comment_author_email':
99
+ echo wpzerospam_admin_details_item( __( 'Email', 'wpzerospam' ), $value );
100
+ break;
101
+ case 'comment_author_url':
102
+ echo wpzerospam_admin_details_item( __( 'Website', 'wpzerospam' ), $value );
103
+ break;
104
+ case 'comment_content':
105
+ echo wpzerospam_admin_details_item( __( 'Comment', 'wpzerospam' ), sanitize_text_field( $value ) );
106
+ break;
107
+ case 'comment_type':
108
+ echo wpzerospam_admin_details_item( __( 'Comment Type', 'wpzerospam' ), $value );
109
+ break;
110
+ case 'comment_parent':
111
+ echo wpzerospam_admin_details_item( __( 'Comment Parent ID', 'wpzerospam' ), '<a href="' . get_comment_link( $value ) . '">' . $value . '</a>' );
112
+ break;
113
+ case 'comment_as_submitted':
114
+ foreach( $value as $k => $v ):
115
+ if ( ! $v ) { continue; }
116
+ switch( $k ):
117
+ case 'comment_author':
118
+ if ( empty( $author_shown ) ) {
119
+ echo wpzerospam_admin_details_item( __( 'Author', 'wpzerospam' ), $v );
120
+ }
121
+ break;
122
+ case 'comment_author_email':
123
+ if ( empty( $author_email ) ) {
124
+ echo wpzerospam_admin_details_item( __( 'Email', 'wpzerospam' ), $v );
125
+ }
126
+ break;
127
+ case 'comment_author_url':
128
+ if ( empty( $author_url ) ) {
129
+ echo wpzerospam_admin_details_item( __( 'Website', 'wpzerospam' ), $v );
130
+ }
131
+ break;
132
+ case 'comment_content':
133
+ echo wpzerospam_admin_details_item( __( 'Comment', 'wpzerospam' ), sanitize_text_field( $v ) );
134
+ break;
135
+ case 'user_ip':
136
+ echo wpzerospam_admin_details_item( __( 'User IP', 'wpzerospam' ), '<a href="https://zerospam.org/ip-lookup/' . urlencode( $v ) .'" target="_blank" rel="noopener noreferrer">' . $v . '</a>' );
137
+ break;
138
+ case 'user_agent':
139
+ echo wpzerospam_admin_details_item( __( 'User Agent', 'wpzerospam' ), $v );
140
+ break;
141
+ case 'blog':
142
+ echo wpzerospam_admin_details_item( __( 'Site', 'wpzerospam' ), $v );
143
+ break;
144
+ case 'blog_lang':
145
+ echo wpzerospam_admin_details_item( __( 'Site Language', 'wpzerospam' ), $v );
146
+ break;
147
+ case 'blog_charset':
148
+ echo wpzerospam_admin_details_item( __( 'Site Charset', 'wpzerospam' ), $v );
149
+ break;
150
+ case 'permalink':
151
+ echo wpzerospam_admin_details_item( __( 'Permalink', 'wpzerospam' ), '<a href="' . $v . '" target="_blank">' . $v . '</a>' );
152
+ break;
153
+ default:
154
+ echo wpzerospam_admin_details_item( $k, $v );
155
+ endswitch;
156
+ endforeach;
157
+ break;
158
+ case 'akismet_result':
159
+ echo wpzerospam_admin_details_item( __( 'Akismet Result', 'wpzerospam' ), $value );
160
+ break;
161
+ case 'akismet_pro_tip':
162
+ echo wpzerospam_admin_details_item( __( 'Akismet Pro Tip', 'wpzerospam' ), $value );
163
+ break;
164
+ }
165
+ }
166
+ }
167
+ add_action( 'wpzerospam_admin_submission_data_items', 'wpzerospam_comment_admin_submission_data_item', 10, 2 );
168
+
169
+ /**
170
+ * Runs the comment form spam detections.
171
+ *
172
+ * Runs all action & filter hooks needed for monitoring comment submissions for
173
+ * spam (when enabled via the 'Detect Comment Spam' option).
174
+ *
175
+ * @since 4.9.9
176
+ *
177
+ * @return void
178
  */
179
+ if ( ! function_exists( 'wpzerospam_comments_after_setup_theme' ) ) {
180
+ function wpzerospam_comments_after_setup_theme() {
181
  $options = get_option( 'wpzerospam' );
 
182
 
183
+ // Determines is author links should be stripped.
184
+ if ( 'enabled' == $options['strip_comment_author_links'] ) {
185
+ add_filter( 'get_comment_author_link', 'wpzerospam_remove_comment_author_link', 10, 3 );
186
+ add_filter( 'get_comment_author_url', 'wpzerospam_remove_author_url' );
187
+ add_filter( 'comment_form_default_fields', 'wpzerospam_remove_author_url_field' );
188
+ }
189
+
190
+ // Determines if comment links should be stripped.
191
+ if ( 'enabled' == $options['strip_comment_links'] ) {
192
+ remove_filter( 'comment_text', 'make_clickable', 9 );
193
+ add_filter( 'comment_text', 'wpzerospam_strip_comment_links_display', 10, 1);
194
+ add_filter( 'comment_text_rss', 'wpzerospam_strip_comment_links_display', 10, 1);
195
+ add_filter( 'comment_excerpt', 'wpzerospam_strip_comment_links_display', 10, 1);
196
+ add_filter( 'preprocess_comment', 'wpzerospam_strip_comment_links', 10, 1 );
197
  }
198
 
199
+ // Check if detecting comments is enabled & user is unauthenticated.
200
+ if ( 'enabled' != $options['verify_comments'] || is_user_logged_in() ) { return false; }
201
+
202
+ // Add the 'comment' spam type.
203
+ add_filter( 'wpzerospam_types', 'wpzerospam_comments_types' );
204
+
205
+ // Add the 'honeypot' field to the comment form.
206
+ add_filter( 'comment_form_defaults', 'wpzerospam_comments_form_defaults' );
207
 
208
+ // Preprocess comment submissions.
209
+ add_action( 'preprocess_comment', 'wpzerospam_comments_preprocess' );
210
+
211
+ // Register & enqueue needed CSS & JS files, only when the comment form is on the page.
212
+ add_action( 'comment_form', 'wpzerospam_comments_enqueue_scripts' );
213
  }
214
  }
215
+ add_action( 'after_setup_theme', 'wpzerospam_comments_after_setup_theme' );
216
 
217
  /**
218
+ * Strips links from comment submissions.
219
  */
220
+ if ( ! function_exists( 'wpzerospam_strip_comment_links' ) ) {
221
+ function wpzerospam_strip_comment_links( $comment ) {
222
+ global $allowedtags;
223
+
224
+ $tags = $allowedtags;
225
+ unset( $tags['a'] );
226
+ $content = addslashes( wp_kses( stripslashes( $comment ), $tags) );
227
+
228
+ return $comment;
229
+ }
230
+ }
231
+
232
+ /**
233
+ * Strips links from comments when displayed.
234
+ */
235
+ if ( ! function_exists( 'wpzerospam_strip_comment_links_display' ) ) {
236
+ function wpzerospam_strip_comment_links_display( $comment ) {
237
+ global $allowedtags;
238
+
239
+ $tags = $allowedtags;
240
+ unset( $tags['a'] );
241
+ $content = addslashes( wp_kses( stripslashes( $comment ), $tags) );
242
+
243
+ return $comment;
244
+ }
245
+ }
246
+
247
+ /**
248
+ * Removes the comment author link.
249
+ */
250
+ if ( ! function_exists( 'wpzerospam_remove_comment_author_link' ) ) {
251
+ function wpzerospam_remove_comment_author_link( $return, $author, $comment_ID ) {
252
+ return $author;
253
+ }
254
+ }
255
 
256
+ /**
257
+ * Removes the comment author url from display.
258
+ */
259
+ if ( ! function_exists( 'wpzerospam_remove_author_url' ) ) {
260
+ function wpzerospam_remove_author_url() {
261
+ return false;
262
+ }
263
+ }
264
+
265
+ /**
266
+ * Removed the comment author url field.
267
+ */
268
+ if ( ! function_exists( 'wpzerospam_remove_author_url_field' ) ) {
269
+ function wpzerospam_remove_author_url_field( $fields ) {
270
+ if ( isset( $fields['url'] ) ) {
271
+ unset( $fields['url'] );
272
+ }
273
+
274
+ return $fields;
275
+ }
276
+ }
277
+
278
+ /**
279
+ * Adds the 'comment' spam type.
280
+ *
281
+ * @param array An array of the current spam types.
282
+ * @return array The resulting current spam types.
283
+ */
284
+ if ( ! function_exists( 'wpzerospam_comments_types' ) ) {
285
+ function wpzerospam_comments_types( $types ) {
286
+ $types = array_merge( $types, [ 'comment' => __( 'Comment', 'wpzerospam' ) ] );
287
+
288
+ return $types;
289
+ }
290
+ }
291
+
292
+ /**
293
+ * Add a 'honeypot' field to the comment form.
294
+ *
295
+ * @since 4.9.9
296
+ *
297
+ * @link https://developer.wordpress.org/reference/hooks/comment_form_defaults/
298
+ *
299
+ * @return array The default comment form arguments.
300
+ */
301
+ if ( ! function_exists( 'wpzerospam_comments_form_defaults' ) ) {
302
+ function wpzerospam_comments_form_defaults( $defaults ) {
303
+ $defaults['fields']['wpzerospam_hp'] = wpzerospam_honeypot_field();
304
+
305
+ return $defaults;
306
+ }
307
+ }
308
+
309
+ /**
310
+ * Preprocess comment fields.
311
+ *
312
+ * @since 4.3.7
313
+ *
314
+ * @link https://codex.wordpress.org/Plugin_API/Filter_Reference/preprocess_comment
315
+ *
316
+ * @return array The $commentdata array which may have been manipulated during the execution of the handler.
317
+ */
318
+ if ( ! function_exists( 'wpzerospam_comments_preprocess' ) ) {
319
+ function wpzerospam_comments_preprocess( $commentdata ) {
320
+ $options = get_option( 'wpzerospam' );
321
+ $honeypot = wpzerospam_get_honeypot();
322
+
323
+ if (
324
+ // First, check the 'honeypot' field.
325
+ ( ! isset( $_REQUEST[ $honeypot ] ) || $_REQUEST[ $honeypot ] ) ||
326
+ // Next, check the 'wpzerospam_key' field.
327
+ ( empty( $_REQUEST['wpzerospam_key'] ) || wpzerospam_get_key() != $_REQUEST['wpzerospam_key'] )
328
+ ) {
329
+ // Spam comment selected.
330
+ do_action( 'wpzerospam_comment_spam', $commentdata );
331
+ wpzerospam_spam_detected( 'comment', $commentdata );
332
+
333
+ return false;
334
+ }
335
+
336
+ return $commentdata;
337
+ }
338
+ }
339
+
340
+ /**
341
+ * Register & enqueue CSS & JS files for comment spam detection.
342
+ *
343
+ * @since 4.9.9
344
+ *
345
+ * @link https://developer.wordpress.org/reference/hooks/wp_enqueue_scripts/
346
+ *
347
+ * @return void
348
+ */
349
+ if ( ! function_exists( 'wpzerospam_comments_enqueue_scripts' ) ) {
350
+ function wpzerospam_comments_enqueue_scripts() {
351
+ // Load the 'wpzerospam_key' form field JS
352
  wp_enqueue_script(
353
  'wpzerospam-integration-comments',
354
  plugin_dir_url( WORDPRESS_ZERO_SPAM ) .
359
  );
360
  }
361
  }
 
integrations/comments/js/comments.js CHANGED
@@ -1,48 +1,57 @@
1
  /**
2
- * WordPress Zero Spam addon for handling core comment submissions.
3
  */
4
- WordPressZeroSpamIntegrations.comments = {
5
- init: function() {
6
- // Make sure the WordPress Zero Spam key is available.
7
- if ( typeof wpzerospam.key == "undefined" ) { return; }
 
 
 
 
 
 
 
 
8
 
9
- // #ast-commentform - Astra theme support (changes the comment if to #ast-commentform)
10
- // @TODO - Find a better way to support the Astra theme by checking if it's enabled.
11
- var $form = jQuery( '#commentform, #ast-commentform' );
 
 
 
 
12
 
13
- // If the form can't be found & should be, send a message to the console.
14
- if ( ! $form.length ) {
15
  console.log(
16
- 'WordPress Zero Spam was unable to locate any comment forms (#commentform)'
17
  );
18
- return true;
19
- }
20
-
21
- console.log(
22
- 'WordPress Zero Spam located ' + $form.length + ' comment form(s) (#commentform)'
23
- );
24
 
25
- $form.attr( 'data-wpzerospam', 'protected' );
26
 
27
- // Triggered when the comment form is submitted
28
- $form.on( "submit", function() {
29
- // Make sure the WordPress Zero Spam key isn't already on the form, if
30
- // not, add it.
31
- if ( ! jQuery( '[name="wpzerospam_key"]', jQuery( this ) ).length ) {
32
- jQuery( "<input>" )
33
- .attr( "type", "hidden" )
34
- .attr( "name", "wpzerospam_key" )
35
- .attr( "value", wpzerospam.key )
36
- .appendTo( jQuery(this) );
37
- } else {
38
- jQuery( '[name="wpzerospam_key"]', jQuery( this ) ).value( wpzerospam.key );
39
- }
40
 
41
- return true;
42
- });
 
43
  }
44
- }
45
 
46
- jQuery(function() {
47
- WordPressZeroSpamIntegrations.comments.init();
48
- });
 
 
 
 
 
1
  /**
2
+ * Spam detection for comment submissions.
3
  */
4
+ try {
5
+ WordPressZeroSpamIntegrations.comments = {
6
+ init: function() {
7
+ // Make sure the WordPress Zero Spam key is available.
8
+ if ( typeof wpzerospam.key == "undefined" ) {
9
+ console.log("WordPress Zero Spam was unable to locate the key for comment submission protection.");
10
+ return;
11
+ }
12
+
13
+ // #ast-commentform - Astra theme support (changes the comment if to #ast-commentform)
14
+ // @TODO - Find a better way to support the Astra theme by checking if it's enabled.
15
+ var $form = jQuery( '#commentform, #ast-commentform' );
16
 
17
+ // If the form can't be found & should be, send a message to the console.
18
+ if ( ! $form.length ) {
19
+ console.log(
20
+ 'WordPress Zero Spam was unable to locate any comment forms (#commentform) on this page.'
21
+ );
22
+ return true;
23
+ }
24
 
 
 
25
  console.log(
26
+ `WordPress Zero Spam located ${$form.length} comment form(s) (#commentform) on this page.`
27
  );
 
 
 
 
 
 
28
 
29
+ $form.attr( 'data-wpzerospam', 'protected' );
30
 
31
+ // Triggered when the comment form is submitted
32
+ $form.on( "submit", function() {
33
+ // Make sure the WordPress Zero Spam key isn't already on the form, if
34
+ // not, add it.
35
+ if ( ! jQuery( '[name="wpzerospam_key"]', jQuery( this ) ).length ) {
36
+ jQuery( "<input>" )
37
+ .attr( "type", "hidden" )
38
+ .attr( "name", "wpzerospam_key" )
39
+ .attr( "value", wpzerospam.key )
40
+ .appendTo( jQuery(this) );
41
+ } else {
42
+ jQuery( '[name="wpzerospam_key"]', jQuery( this ) ).value( wpzerospam.key );
43
+ }
44
 
45
+ return true;
46
+ });
47
+ }
48
  }
 
49
 
50
+ jQuery(function() {
51
+ WordPressZeroSpamIntegrations.comments.init();
52
+ });
53
+ }
54
+ catch( err ) {
55
+ console.log( 'WordPress Zero Spam was unable to initialize comment submission protection.' );
56
+ console.log( err );
57
+ }
integrations/gravity-forms/gravity-forms.php DELETED
@@ -1,48 +0,0 @@
1
- <?php
2
- /**
3
- * Handles checking submitted Gravity Forms forms for spam
4
- *
5
- * @package WordPressZeroSpam
6
- * @since 4.1.0
7
- */
8
-
9
- /**
10
- * Add the 'gform' spam type
11
- */
12
- add_filter( 'wpzerospam_types', function( $types ) {
13
- $types = array_merge( $types, [ 'gform' => 'Gravity Forms' ] );
14
- return $types;
15
- });
16
-
17
- /**
18
- * Validation for Gravity Form submissions
19
- */
20
- if ( ! function_exists( 'wpzerospam_gform_validate' ) ) {
21
- function wpzerospam_gform_validate( $form ) {
22
- if ( is_user_logged_in() || wpzerospam_key_check() ) {
23
- return;
24
- }
25
-
26
- do_action( 'wpzerospam_gform_spam' );
27
-
28
- wpzerospam_spam_detected( 'gform', $form );
29
- }
30
- }
31
- add_action( 'gform_pre_submission', 'wpzerospam_gform_validate' );
32
-
33
- /**
34
- * Enqueue the Gravity Forms JS
35
- */
36
- if ( ! function_exists( 'wpzerospam_gravity_forms' ) ) {
37
- function wpzerospam_gravity_forms( $form, $is_ajax ) {
38
- wp_enqueue_script(
39
- 'wpzerospam-integration-gravity-forms',
40
- plugin_dir_url( WORDPRESS_ZERO_SPAM ) .
41
- 'integrations/gravity-forms/js/gravity-forms.js',
42
- [ 'wpzerospam' ],
43
- WORDPRESS_ZERO_SPAM_VERSION,
44
- true
45
- );
46
- }
47
- }
48
- add_action( 'gform_enqueue_scripts', 'wpzerospam_gravity_forms', 10, 2 );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
integrations/gravity-forms/js/gravity-forms.js DELETED
@@ -1,37 +0,0 @@
1
- /**
2
- * WordPress Zero Spam addon for handling Gravity Form submissions.
3
- */
4
- WordPressZeroSpamIntegrations.gravityForms = {
5
- init: function() {
6
- // Make sure the WordPress Zero Spam key is available.
7
- if ( typeof wpzerospam.key == "undefined" ) { return; }
8
-
9
- var $form = jQuery( '.gform_wrapper form' );
10
-
11
- // If the form can't be found & should be, send a message to the console.
12
- if ( ! $form.length ) {
13
- console.log(
14
- 'WordPress Zero Spam was unable to locate any Gravity Forms (.gform_wrapper form)'
15
- );
16
- return true;
17
- }
18
-
19
- console.log(
20
- 'WordPress Zero Spam located ' + $form.length + ' Gravity Forms (.gform_wrapper form)'
21
- );
22
-
23
- $form.attr( 'data-wpzerospam', 'protected' );
24
-
25
- jQuery( document ).on( "gform_post_render", function() {
26
- jQuery( "<input>" )
27
- .attr( "type", "hidden" )
28
- .attr( "name", "wpzerospam_key" )
29
- .attr( "value", wpzerospam.key )
30
- .appendTo( $form );
31
- });
32
- }
33
- }
34
-
35
- jQuery(function() {
36
- WordPressZeroSpamIntegrations.gravityForms.init();
37
- });
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
integrations/registrations/js/registrations.js CHANGED
@@ -1,5 +1,5 @@
1
  /**
2
- * WordPress Zero Spam integration for handling core comment submissions.
3
  */
4
  WordPressZeroSpamIntegrations.registrations = {
5
  init: function() {
1
  /**
2
+ * WordPress Zero Spam integration for handling core registration submissions.
3
  */
4
  WordPressZeroSpamIntegrations.registrations = {
5
  init: function() {
readme.txt CHANGED
@@ -5,7 +5,7 @@ Donate link: https://benmarshall.me/donate/?utm_source=wordpress_zero_spam&utm_m
5
  Requires at least: 5.2
6
  Tested up to: 5.4.2
7
  Requires PHP: 7.1
8
- Stable tag: 4.9.8
9
  License: GNU GPLv3
10
  License URI: https://choosealicense.com/licenses/gpl-3.0/
11
 
@@ -21,26 +21,26 @@ In addition, it integrates with other popular plugins to provide all around prot
21
 
22
  = WordPress Zero Spam features =
23
 
24
- * **Site security enhancements**, no config required
25
  * **No captcha**, spam isn't a users' problem
26
  * **No moderation queues**, spam isn't a administrators' problem
27
- * **Blocks 99.9% of spam** submissions
 
28
  * **Blocks malicious IPs** from ever seeing your site
29
  * **IP blacklist spam checks** ([Zero Spam](https://zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/), [BotScout](https://botscout.com/))
30
  * **Auto-block IPs** when a spam detection is triggered
31
  * **Manually block IPs** either temporarily or permanently
32
- * **Developer-friendly**, integrate with any theme, plugin or form
33
- * **Detailed logging** to catch & block recurring spammers
34
- * **Geolocate IP addresses** to see where spammers are coming from
35
  * **Whitelist IPs** to avoid getting blocked
36
- * **Advanced settings** for complete control over spammers
 
37
  * **Charts &amp; statistics** for easy to understand spam analytics
 
 
38
 
39
  = WordPress Zero Spam also protects =
40
 
41
  * WordPress core comments & user registrations
42
  * [Contact Form 7](https://wordpress.org/plugins/contact-form-7/) submissions
43
- * [Gravity Forms](https://www.gravityforms.com/) submissions
44
  * [BuddyPress](https://wordpress.org/plugins/buddypress/) registrations
45
  * [WPForms](https://wordpress.org/plugins/wpforms-lite/) submissions
46
  * [WP Fluent Form](https://wordpress.org/plugins/fluentform/) submissions
@@ -73,7 +73,15 @@ For more information & developer documentation, see the [plugin’s website](htt
73
 
74
  = Does WordPress Zero Spam check Ninja Forms submissions? =
75
 
76
- No. As of v4.10.0, WordPress Zero Spam no longer checks Ninja Form submissions. Support was dropped due its [requirement of JavaScript](https://developer.ninjaforms.com/codex/loading-the-form-via-ajax/) and how it submits forms. JavaScript is one of the techniques WordPress Zero Spam uses to determine if a submission is spam. Ninja Forms employs a similar method and has its own [spam detection](https://ninjaforms.com/blog/spam-wordpress-form/) feature.
 
 
 
 
 
 
 
 
77
 
78
  = Does WordPress Zero Spam check Jetpack comments? =
79
 
@@ -119,6 +127,13 @@ Yes. It does not store any kind of personally identifiable information. Only one
119
 
120
  == Changelog ==
121
 
 
 
 
 
 
 
 
122
  = 4.9.8 =
123
 
124
  * Fix - Fix for a reporting issue during detections.
5
  Requires at least: 5.2
6
  Tested up to: 5.4.2
7
  Requires PHP: 7.1
8
+ Stable tag: 4.9.9
9
  License: GNU GPLv3
10
  License URI: https://choosealicense.com/licenses/gpl-3.0/
11
 
21
 
22
  = WordPress Zero Spam features =
23
 
24
+ * **Blocks 99.9% of spam** submissions
25
  * **No captcha**, spam isn't a users' problem
26
  * **No moderation queues**, spam isn't a administrators' problem
27
+ * **Multiple spam detection techniques**, including *honeypot*.
28
+ * **Site security enhancements**, no config required
29
  * **Blocks malicious IPs** from ever seeing your site
30
  * **IP blacklist spam checks** ([Zero Spam](https://zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/), [BotScout](https://botscout.com/))
31
  * **Auto-block IPs** when a spam detection is triggered
32
  * **Manually block IPs** either temporarily or permanently
 
 
 
33
  * **Whitelist IPs** to avoid getting blocked
34
+ * **Geolocate IP addresses** to see where spammers are coming from
35
+ * **Detailed logging** to catch & block recurring spammers
36
  * **Charts &amp; statistics** for easy to understand spam analytics
37
+ * **Advanced settings** for complete control over spammers
38
+ * **Developer-friendly**, integrate with any theme, plugin or form
39
 
40
  = WordPress Zero Spam also protects =
41
 
42
  * WordPress core comments & user registrations
43
  * [Contact Form 7](https://wordpress.org/plugins/contact-form-7/) submissions
 
44
  * [BuddyPress](https://wordpress.org/plugins/buddypress/) registrations
45
  * [WPForms](https://wordpress.org/plugins/wpforms-lite/) submissions
46
  * [WP Fluent Form](https://wordpress.org/plugins/fluentform/) submissions
73
 
74
  = Does WordPress Zero Spam check Ninja Forms submissions? =
75
 
76
+ No. As of v4.10.0, WordPress Zero Spam no longer checks Ninja Form submissions. Support was dropped due to its [requirement of JavaScript](https://developer.ninjaforms.com/codex/loading-the-form-via-ajax/) and how it submits forms. JavaScript is one of the techniques WordPress Zero Spam uses to determine if a submission is spam. Ninja Forms employs a similar method and has its own [spam detection](https://ninjaforms.com/blog/spam-wordpress-form/) feature.
77
+
78
+ Does this mean WPZP won't do you any good? **Absolutely not.** WPZS employs other techniques and IP blacklist checks that will help prevent malicious IP and spambots from ever seeing your site. You will still get all of the benefits of this plugin, it just won't provide the extra check on Ninja Form submissions.
79
+
80
+ = Does WordPress Zero Spam check Gravity Form submissions? =
81
+
82
+ No. As of v4.9.9, WordPress Zero Spam no longer checks Gravity Form submissions. Support was dropped due the numerous addon plugins that can be installed & alter GF submissions. These addons will often conflict with how WPZS validates submissions. In addition, Gravity Forms already has a spam detection option that works similar to how this plugin detects forms. You can enable it by going to the form settings and checking the *Enable anti-spam honeypot* option. For more information, see [Gravity Forms documentation](https://docs.gravityforms.com/form-settings/).
83
+
84
+ Does this mean WPZP won't do you any good? **Absolutely not.** WPZS employs other techniques and IP blacklist checks that will help prevent malicious IP and spambots from ever seeing your site. You will still get all of the benefits of this plugin, it just won't provide the extra check on Gravity Form submissions.
85
 
86
  = Does WordPress Zero Spam check Jetpack comments? =
87
 
127
 
128
  == Changelog ==
129
 
130
+ = 4.9.9 =
131
+
132
+ * Enhancement - Strengthened spam detection for comment submission using a 'honeypot' field.
133
+ * Enhancement - Added a 'honeypot' helper functions (`wpzerospam_honeypot_field()`, `wpzerospam_get_honeypot()`) to allow other forms, plugins, and themes to easily integrate a 'honeypot' check into submissions.
134
+ * Enhancement - IP lookup links integrated in the admin dashboard and tables.
135
+ * Deprecation - Gravity Forms is no longer supported &mdash; for the time being. See the plugin FAQs for more information.
136
+
137
  = 4.9.8 =
138
 
139
  * Fix - Fix for a reporting issue during detections.
templates/ip-list.php CHANGED
@@ -43,7 +43,7 @@ $chart_limit = 20;
43
  <?php endif; ?>
44
  </span>
45
  <span class="wpzerospam-list-cell wpzerospam-list-cell-ip">
46
- <a href="https://whatismyipaddress.com/ip/<?php echo $ip; ?>" target="_blank" rel="noopener noreferrer"><strong><?php echo $ip; ?></strong></a>
47
  </span>
48
  <span class="wpzerospam-list-cell wpzerospam-list-cell-country<?php if ( empty( $ary['country'] ) ): ?> wpzerospam-list-cell-na<?php endif; ?>">
49
  <?php if ( ! empty( $ary['country'] ) ): ?>
43
  <?php endif; ?>
44
  </span>
45
  <span class="wpzerospam-list-cell wpzerospam-list-cell-ip">
46
+ <a href="https://zerospam.org/ip-lookup/<?php echo urlencode( $ip ); ?>" target="_blank" rel="noopener noreferrer"><strong><?php echo $ip; ?></strong></a>
47
  </span>
48
  <span class="wpzerospam-list-cell wpzerospam-list-cell-country<?php if ( empty( $ary['country'] ) ): ?> wpzerospam-list-cell-na<?php endif; ?>">
49
  <?php if ( ! empty( $ary['country'] ) ): ?>
wordpress-zero-spam.php CHANGED
@@ -13,7 +13,7 @@
13
  * Plugin Name: WordPress Zero Spam
14
  * Plugin URI: https://benmarshall.me/wordpress-zero-spam
15
  * Description: Tired of all the useless and bloated WordPress spam plugins? The WordPress Zero Spam plugin makes blocking spam a cinch. <strong>Just install, activate and say goodbye to spam.</strong> Based on work by <a href="http://davidwalsh.name/wordpress-comment-spam" target="_blank">David Walsh</a>.
16
- * Version: 4.9.8
17
  * Requires at least: 5.2
18
  * Requires PHP: 7.2
19
  * Author: Ben Marshall
@@ -31,7 +31,7 @@ defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
31
  // Define plugin constants
32
  define( 'WORDPRESS_ZERO_SPAM', __FILE__ );
33
  define( 'WORDPRESS_ZERO_SPAM_DB_VERSION', '0.5' );
34
- define( 'WORDPRESS_ZERO_SPAM_VERSION', '4.9.8' );
35
 
36
  /**
37
  * Utility helper functions
@@ -147,10 +147,6 @@ if ( wpzerospam_plugin_integration_enabled( 'cf7' ) ) {
147
  require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'integrations/contact-form-7/contact-form-7.php';
148
  }
149
 
150
- if ( wpzerospam_plugin_integration_enabled( 'gform' ) ) {
151
- require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'integrations/gravity-forms/gravity-forms.php';
152
- }
153
-
154
  if ( wpzerospam_plugin_integration_enabled( 'bp_registrations' ) ) {
155
  require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'integrations/buddypress/buddypress.php';
156
  }
@@ -205,6 +201,7 @@ if ( ! function_exists( 'wpzerospam_uninstall' ) ) {
205
 
206
  delete_option( 'wpzerospam' );
207
  delete_option( 'wpzerospam_key' );
 
208
  delete_option( 'wpzerospam_db_version' );
209
  delete_option( 'wpzerospam_update_version' );
210
 
@@ -218,6 +215,7 @@ if ( ! function_exists( 'wpzerospam_uninstall' ) ) {
218
  } else {
219
  delete_option( 'wpzerospam' );
220
  delete_option( 'wpzerospam_key' );
 
221
  delete_option( 'wpzerospam_db_version' );
222
  delete_option( 'wpzerospam_update_version' );
223
 
13
  * Plugin Name: WordPress Zero Spam
14
  * Plugin URI: https://benmarshall.me/wordpress-zero-spam
15
  * Description: Tired of all the useless and bloated WordPress spam plugins? The WordPress Zero Spam plugin makes blocking spam a cinch. <strong>Just install, activate and say goodbye to spam.</strong> Based on work by <a href="http://davidwalsh.name/wordpress-comment-spam" target="_blank">David Walsh</a>.
16
+ * Version: 4.9.9
17
  * Requires at least: 5.2
18
  * Requires PHP: 7.2
19
  * Author: Ben Marshall
31
  // Define plugin constants
32
  define( 'WORDPRESS_ZERO_SPAM', __FILE__ );
33
  define( 'WORDPRESS_ZERO_SPAM_DB_VERSION', '0.5' );
34
+ define( 'WORDPRESS_ZERO_SPAM_VERSION', '4.9.9' );
35
 
36
  /**
37
  * Utility helper functions
147
  require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'integrations/contact-form-7/contact-form-7.php';
148
  }
149
 
 
 
 
 
150
  if ( wpzerospam_plugin_integration_enabled( 'bp_registrations' ) ) {
151
  require plugin_dir_path( WORDPRESS_ZERO_SPAM ) . 'integrations/buddypress/buddypress.php';
152
  }
201
 
202
  delete_option( 'wpzerospam' );
203
  delete_option( 'wpzerospam_key' );
204
+ delete_option( 'wpzerospam_honeypot' );
205
  delete_option( 'wpzerospam_db_version' );
206
  delete_option( 'wpzerospam_update_version' );
207
 
215
  } else {
216
  delete_option( 'wpzerospam' );
217
  delete_option( 'wpzerospam_key' );
218
+ delete_option( 'wpzerospam_honeypot' );
219
  delete_option( 'wpzerospam_db_version' );
220
  delete_option( 'wpzerospam_update_version' );
221