WordPress Zero Spam - Version 5.4.2

Version Description

Download this release

Release Info

Developer bmarshall511
Plugin Icon 128x128 WordPress Zero Spam
Version 5.4.2
Comparing to
See all releases

Code changes from version 5.4.1 to 5.4.2

Files changed (14) hide show
  1. core/admin/class-settings.php +5 -5
  2. core/class-access.php +0 -1
  3. core/class-utilities.php +2 -0
  4. includes/class-plugin.php +35 -3
  5. modules/class-security.php +0 -41
  6. modules/elementor/class-elementor.php +171 -0
  7. modules/elementor/icon-elementor.svg +1 -0
  8. modules/gravityforms/class-gravityforms.php +2 -4
  9. modules/ipbase/class-ipbase.php +184 -0
  10. modules/ipbase/icon-ipbase.svg +1 -0
  11. modules/security/class-security.php +230 -0
  12. modules/security/icon-security.svg +10 -0
  13. readme.txt +14 -7
  14. wordpress-zero-spam.php +2 -2
core/admin/class-settings.php CHANGED
@@ -558,7 +558,7 @@ class Settings {
558
  ?>
559
  <div class="zerospam-block">
560
  <div class="zerospam-block__content zerospam-block__content--supports">
561
- <strong><?php _e( 'Detection Support', 'zero-spam' ); ?>:</strong>
562
  <?php
563
  foreach ( $section['supports'] as $k => $s ) :
564
  switch ( $s ) :
@@ -566,13 +566,13 @@ class Settings {
566
  echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-honeypot.svg" alt="' . esc_attr( __( 'Honeypot', 'zero-spam' ) ) . '" />';
567
  break;
568
  case 'email':
569
- echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-email.svg" alt="' . esc_attr( __( 'Email', 'zero-spam' ) ) . '" />';
570
  break;
571
  case 'davidwalsh':
572
  echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'modules/davidwalsh/icon-david-walsh.png" alt="' . esc_attr( __( 'David Walsh', 'zero-spam' ) ) . '" />';
573
  break;
574
  case 'words':
575
- echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-words.svg" alt="' . esc_attr( __( 'Disallowed Words', 'zero-spam' ) ) . '" />';
576
  break;
577
  endswitch;
578
 
@@ -582,8 +582,8 @@ class Settings {
582
  </div>
583
  <?php
584
  endif;
585
- endforeach;
586
- ?>
587
 
588
  <?php if ( ! in_array( $subview, array( 'export', 'errors' ) ) ) : ?>
589
  <?php
558
  ?>
559
  <div class="zerospam-block">
560
  <div class="zerospam-block__content zerospam-block__content--supports">
561
+ <strong><?php _e( 'Supported Signals', 'zero-spam' ); ?>:</strong>
562
  <?php
563
  foreach ( $section['supports'] as $k => $s ) :
564
  switch ( $s ) :
566
  echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-honeypot.svg" alt="' . esc_attr( __( 'Honeypot', 'zero-spam' ) ) . '" />';
567
  break;
568
  case 'email':
569
+ echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-email.svg" alt="' . esc_attr( __( 'Email Protection', 'zero-spam' ) ) . '" title="' . esc_attr( __( 'Email Protection', 'zero-spam' ) ) . '" />';
570
  break;
571
  case 'davidwalsh':
572
  echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'modules/davidwalsh/icon-david-walsh.png" alt="' . esc_attr( __( 'David Walsh', 'zero-spam' ) ) . '" />';
573
  break;
574
  case 'words':
575
+ echo '<img class="zerospam-small-icon" src="' . plugin_dir_url( ZEROSPAM ) . 'assets/img/icon-words.svg" alt="' . esc_attr( __( 'Disallowed Words', 'zero-spam' ) ) . '" title="' . esc_attr( __( 'Disallowed Words', 'zero-spam' ) ) . '" />';
576
  break;
577
  endswitch;
578
 
582
  </div>
583
  <?php
584
  endif;
585
+ endforeach;
586
+ ?>
587
 
588
  <?php if ( ! in_array( $subview, array( 'export', 'errors' ) ) ) : ?>
589
  <?php
core/class-access.php CHANGED
@@ -16,7 +16,6 @@ defined( 'ABSPATH' ) || die();
16
  * Access
17
  */
18
  class Access {
19
-
20
  /**
21
  * Constructor
22
  */
16
  * Access
17
  */
18
  class Access {
 
19
  /**
20
  * Constructor
21
  */
core/class-utilities.php CHANGED
@@ -849,6 +849,8 @@ class Utilities {
849
  }
850
  }
851
  }
 
 
852
 
853
  // 3. Query the IPinfo API.
854
  $ipinfo_location = ZeroSpam\Modules\IPinfoModule::get_geolocation( $ip );
849
  }
850
  }
851
  }
852
+ // 2. Query ipbase
853
+ $location_details = apply_filters( 'zero_spam_ip_address_details', $ip, $location_details );
854
 
855
  // 3. Query the IPinfo API.
856
  $ipinfo_location = ZeroSpam\Modules\IPinfoModule::get_geolocation( $ip );
includes/class-plugin.php CHANGED
@@ -31,6 +31,7 @@ class Plugin {
31
 
32
  add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );
33
  add_filter( 'zerospam_failed_types', array( $this, 'failed_types' ), 10, 1 );
 
34
  }
35
 
36
  /**
@@ -85,7 +86,7 @@ class Plugin {
85
  new \ZeroSpam\Includes\Updates();
86
 
87
  // Site security
88
- new \ZeroSpam\Modules\Security();
89
 
90
  // Zero Spam module.
91
  new \ZeroSpam\Modules\Zero_Spam();
@@ -96,12 +97,15 @@ class Plugin {
96
  // Project Honeypot module.
97
  new \ZeroSpam\Modules\ProjectHoneypot();
98
 
99
- // ipstack module.
100
- new \ZeroSpam\Modules\ipstack();
101
 
102
  // IPinfo module.
103
  new \ZeroSpam\Modules\IPinfoModule();
104
 
 
 
 
105
  if ( is_admin() ) {
106
  // Google API module.
107
  new \ZeroSpam\Modules\Google();
@@ -122,6 +126,11 @@ class Plugin {
122
  // Used to check if a plugin is installed & active.
123
  include_once ABSPATH . 'wp-admin/includes/plugin.php';
124
 
 
 
 
 
 
125
  // GiveWP plugin module.
126
  if ( is_plugin_active( 'give/give.php' ) ) {
127
  new \ZeroSpam\Modules\Give\Give();
@@ -181,6 +190,29 @@ class Plugin {
181
 
182
  return $types;
183
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
184
  }
185
 
186
  Plugin::instance();
31
 
32
  add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );
33
  add_filter( 'zerospam_failed_types', array( $this, 'failed_types' ), 10, 1 );
34
+ add_action( 'zero_spam_flagged_attempt', array( $this, 'flagged_attempt' ), 10, 3 );
35
  }
36
 
37
  /**
86
  new \ZeroSpam\Includes\Updates();
87
 
88
  // Site security
89
+ new \ZeroSpam\Modules\Security\Security();
90
 
91
  // Zero Spam module.
92
  new \ZeroSpam\Modules\Zero_Spam();
97
  // Project Honeypot module.
98
  new \ZeroSpam\Modules\ProjectHoneypot();
99
 
100
+ // ipbase module
101
+ new \ZeroSpam\Modules\ipbase\ipbase();
102
 
103
  // IPinfo module.
104
  new \ZeroSpam\Modules\IPinfoModule();
105
 
106
+ // ipstack module.
107
+ new \ZeroSpam\Modules\ipstack();
108
+
109
  if ( is_admin() ) {
110
  // Google API module.
111
  new \ZeroSpam\Modules\Google();
126
  // Used to check if a plugin is installed & active.
127
  include_once ABSPATH . 'wp-admin/includes/plugin.php';
128
 
129
+ // Elementor plugin module.
130
+ /*if ( is_plugin_active( 'elementor-pro/elementor-pro.php' ) ) {
131
+ new \ZeroSpam\Modules\Elementor\Elementor();
132
+ }*/
133
+
134
  // GiveWP plugin module.
135
  if ( is_plugin_active( 'give/give.php' ) ) {
136
  new \ZeroSpam\Modules\Give\Give();
190
 
191
  return $types;
192
  }
193
+
194
+ /**
195
+ * Action taken for flagged attempts
196
+ *
197
+ * @param string $module The associated module.
198
+ * @param string $signal The associated signal.
199
+ * @param array $data Additional attempt data.
200
+ */
201
+ public function flagged_attempt( $module, $signal, $data ) {
202
+ $details = array(
203
+ 'type' => $module,
204
+ 'failed' => $signal,
205
+ 'data' => $data,
206
+ );
207
+
208
+ if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( $module . '_log_flagged_attempts' ) ) {
209
+ \ZeroSpam\Includes\DB::log( $module, $details );
210
+ }
211
+
212
+ if ( 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'share_data' ) ) {
213
+ do_action( 'zerospam_share_detection', $details );
214
+ }
215
+ }
216
  }
217
 
218
  Plugin::instance();
modules/class-security.php DELETED
@@ -1,41 +0,0 @@
1
- <?php
2
- /**
3
- * Site security
4
- *
5
- * Implement Zero Spam's recommended WordPress security practices.
6
- *
7
- * @package ZeroSpam
8
- */
9
-
10
- namespace ZeroSpam\Modules;
11
-
12
- // Security Note: Blocks direct access to the plugin PHP files.
13
- defined( 'ABSPATH' ) || die();
14
-
15
- /**
16
- * Security class
17
- */
18
- class Security {
19
- /**
20
- * Constructor
21
- */
22
- public function __construct() {
23
- // It can be considered a security risk to make your WP version visible &
24
- // public you should hide it.
25
- remove_action( 'wp_head', 'wp_generator' );
26
-
27
- // XML-RPC can significantly amplify the brute-force attacks.
28
- add_filter( 'xmlrpc_enabled', '__return_false' );
29
-
30
- // Fired on detections.
31
- add_action( 'zero_spam_detection', array( $this, 'handle_detection' ), 10, 2 );
32
- }
33
-
34
- /**
35
- * Handles detections.
36
- *
37
- * @param array $validation_errors Array of validation errors.
38
- */
39
- public function handle_detection( $details, $validation_errors ) {
40
- }
41
- }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
modules/elementor/class-elementor.php ADDED
@@ -0,0 +1,171 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Adds integration for Elementor Pro forms
4
+ *
5
+ * @package ZeroSpam
6
+ */
7
+
8
+ namespace ZeroSpam\Modules\Elementor;
9
+
10
+ // Security Note: Blocks direct access to the plugin PHP files.
11
+ defined( 'ABSPATH' ) || die();
12
+
13
+ /**
14
+ * Elementor
15
+ */
16
+ class Elementor {
17
+ /**
18
+ * Constructor
19
+ */
20
+ public function __construct() {
21
+ add_action( 'init', array( $this, 'init' ) );
22
+ wp_add_inline_style(
23
+ 'zero-spam-admin',
24
+ '
25
+ .zerospam-type-elementor::before {
26
+ background-image: url("../../modules/elementor/icon-elementor.svg");
27
+ }
28
+ '
29
+ );
30
+ }
31
+
32
+ /**
33
+ * Fires after WordPress has finished loading but before any headers are sent
34
+ */
35
+ public function init() {
36
+ add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
37
+ add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 1 );
38
+ add_filter( 'zerospam_types', array( $this, 'types' ), 10, 1 );
39
+
40
+ if (
41
+ 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'elementor_enabled' ) &&
42
+ \ZeroSpam\Core\Access::process()
43
+ ) {
44
+ add_action( 'elementor_pro/forms/validation/email', array( $this, 'validate_email' ), 10, 3 );
45
+ add_action( 'elementor_pro/forms/validation/text', array( $this, 'validate_text' ), 10, 3 );
46
+ add_action( 'elementor_pro/forms/validation/textarea', array( $this, 'validate_text' ), 10, 3 );
47
+ add_action( 'elementor_pro/forms/validation/html', array( $this, 'validate_text' ), 10, 3 );
48
+ }
49
+ }
50
+
51
+ /**
52
+ * Admin setting sections
53
+ *
54
+ * @param array $sections Array of admin setting sections.
55
+ */
56
+ public function sections( $sections ) {
57
+ $sections['elementor'] = array(
58
+ 'title' => __( 'Elementor', 'zero-spam' ),
59
+ 'icon' => 'modules/elementor/icon-elementor.svg',
60
+ 'supports' => array( 'email', 'words' ),
61
+ );
62
+
63
+ return $sections;
64
+ }
65
+
66
+ /**
67
+ * Admin settings
68
+ *
69
+ * @param array $settings Array of available settings.
70
+ */
71
+ public function settings( $settings ) {
72
+ $options = get_option( 'zero-spam-elementor' );
73
+
74
+ $settings['elementor_enabled'] = array(
75
+ 'title' => wp_kses(
76
+ __( 'Protect Form Submissions', 'zero-spam' ),
77
+ array(
78
+ 'a' => array(
79
+ 'href' => array(),
80
+ 'class' => array(),
81
+ 'target' => array(),
82
+ 'rel' => array(),
83
+ ),
84
+ )
85
+ ),
86
+ 'desc' => __( 'Protects & monitors Elementor form submissions.', 'zero-spam' ),
87
+ 'module' => 'elementor',
88
+ 'type' => 'checkbox',
89
+ 'options' => array(
90
+ 'enabled' => false,
91
+ ),
92
+ 'value' => ! empty( $options['elementor_enabled'] ) ? $options['elementor_enabled'] : false,
93
+ 'recommended' => 'enabled',
94
+ );
95
+
96
+ $message = __( 'We were unable to process your submission due to possible malicious activity.', 'zero-spam' );
97
+ $settings['elementor_flagged_msg'] = array(
98
+ 'title' => __( 'Flagged Message', 'zero-spam' ),
99
+ 'desc' => __( 'Message displayed when a submission has been flagged.', 'zero-spam' ),
100
+ 'module' => 'elementor',
101
+ 'type' => 'text',
102
+ 'field_class' => 'large-text',
103
+ 'placeholder' => $message,
104
+ 'value' => ! empty( $options['elementor_flagged_msg'] ) ? $options['elementor_flagged_msg'] : $message,
105
+ 'recommended' => $message,
106
+ );
107
+
108
+ $settings['elementor_log_flagged_attempts'] = array(
109
+ 'title' => __( 'Log Flagged Attempts', 'zero-spam' ),
110
+ 'module' => 'elementor',
111
+ 'type' => 'checkbox',
112
+ 'desc' => wp_kses(
113
+ __( 'When enabled, stores blocked form submissions in the database.', 'zero-spam' ),
114
+ array( 'strong' => array() )
115
+ ),
116
+ 'options' => array(
117
+ 'enabled' => false
118
+ ),
119
+ 'value' => ! empty( $options['elementor_log_flagged_attempts'] ) ? $options['elementor_log_flagged_attempts'] : false,
120
+ 'recommended' => 'enabled',
121
+ );
122
+
123
+ return $settings;
124
+ }
125
+
126
+ /**
127
+ * Register custom fields
128
+ *
129
+ * @param \ElementorPro\Modules\Forms\Registrars\Form_Fields_Registrar $form_fields_registrar
130
+ */
131
+ public function register_fields( $form_fields_registrar ) {
132
+ //require_once ZEROSPAM_PATH . 'modules/elementor/fields/class-honeypot.php';
133
+ }
134
+
135
+ /**
136
+ * Validates form on submission
137
+ */
138
+ public function validate_form( $record, $ajax_handler ) {
139
+
140
+ }
141
+
142
+ /**
143
+ * Validates an email address
144
+ */
145
+ public function validate_email( $field, $record, $ajax_handler ) {
146
+ if ( \ZeroSpam\Core\Utilities::is_email_domain_blocked( $field['value'] ) ) {
147
+ $ajax_handler->add_error( $field['id'], \ZeroSpam\Core\Utilities::detection_message( 'elementor_flagged_msg' ) );
148
+ return;
149
+ }
150
+ }
151
+
152
+ /**
153
+ * Validates text content
154
+ */
155
+ public function validate_text( $field, $record, $ajax_handler ) {
156
+ if ( \ZeroSpam\Core\Utilities::is_disallowed( $field['value'] ) ) {
157
+ do_action(
158
+ 'zero_spam_flagged_attempt',
159
+ 'elementor',
160
+ 'disallowed_list',
161
+ array(
162
+ 'field' => $field,
163
+ 'record' => $record,
164
+ )
165
+ );
166
+
167
+ $ajax_handler->add_error( $field['id'], \ZeroSpam\Core\Utilities::detection_message( 'elementor_flagged_msg' ) );
168
+ return;
169
+ }
170
+ }
171
+ }
modules/elementor/icon-elementor.svg ADDED
@@ -0,0 +1 @@
 
1
+ <svg xmlns="http://www.w3.org/2000/svg" width="400" height="400" viewBox="0 0 400 400" fill="none"><g clip-path="url(#clip0)"><path d="M200 0C89.5321 0 0 89.5321 0 200C0 310.431 89.5321 400 200 400C310.468 400 400 310.468 400 200C399.964 89.5321 310.431 0 200 0ZM150.009 283.306H116.694V116.658H150.009V283.306ZM283.306 283.306H183.324V249.991H283.306V283.306ZM283.306 216.639H183.324V183.324H283.306V216.639ZM283.306 149.973H183.324V116.658H283.306V149.973Z" fill="#92003B"></path></g><defs><clipPath id="clip0"><rect width="400" height="400" fill="white"></rect></clipPath></defs></svg>
modules/gravityforms/class-gravityforms.php CHANGED
@@ -5,7 +5,6 @@
5
  * Malicious user detection techniques available:
6
  *
7
  * 1. Zero Spam honeypot field
8
- * 2. Checks blocked email domains
9
  *
10
  * @package ZeroSpam
11
  */
@@ -74,7 +73,7 @@ class GravityForms {
74
  $sections['gravityforms'] = array(
75
  'title' => __( 'Gravity Forms', 'zero-spam' ),
76
  'icon' => 'modules/gravityforms/icon-gravity-forms.svg',
77
- 'supports' => array( 'honeypot', 'email' ),
78
  );
79
 
80
  return $sections;
@@ -205,8 +204,7 @@ class GravityForms {
205
  'recommended' => 'enabled',
206
  );
207
 
208
- $message = __( 'We were unable to process your submission: IP address has been flagged as possible spam.', 'zero-spam' );
209
-
210
  $settings['gravityforms_spam_message'] = array(
211
  'title' => __( 'Flagged Message', 'zero-spam' ),
212
  'desc' => __( 'Message displayed when a submission has been flagged.', 'zero-spam' ),
5
  * Malicious user detection techniques available:
6
  *
7
  * 1. Zero Spam honeypot field
 
8
  *
9
  * @package ZeroSpam
10
  */
73
  $sections['gravityforms'] = array(
74
  'title' => __( 'Gravity Forms', 'zero-spam' ),
75
  'icon' => 'modules/gravityforms/icon-gravity-forms.svg',
76
+ 'supports' => array( 'honeypot' ),
77
  );
78
 
79
  return $sections;
204
  'recommended' => 'enabled',
205
  );
206
 
207
+ $message = __( 'We were unable to process your submission due to possible malicious activity.', 'zero-spam' );
 
208
  $settings['gravityforms_spam_message'] = array(
209
  'title' => __( 'Flagged Message', 'zero-spam' ),
210
  'desc' => __( 'Message displayed when a submission has been flagged.', 'zero-spam' ),
modules/ipbase/class-ipbase.php ADDED
@@ -0,0 +1,184 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Adds integration for ipbase.com IP lookup service
4
+ *
5
+ * @package ZeroSpam
6
+ */
7
+
8
+ namespace ZeroSpam\Modules\ipbase;
9
+
10
+ // Security Note: Blocks direct access to the plugin PHP files.
11
+ defined( 'ABSPATH' ) || die();
12
+
13
+ /**
14
+ * ipbase
15
+ */
16
+ class ipbase {
17
+ /**
18
+ * Constructor
19
+ */
20
+ public function __construct() {
21
+ add_action( 'init', array( $this, 'init' ) );
22
+ }
23
+
24
+ /**
25
+ * Fires after WordPress has finished loading but before any headers are sent
26
+ */
27
+ public function init() {
28
+ add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
29
+ add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 1 );
30
+ add_filter( 'zero_spam_ip_address_details', array( $this, 'ip_address_details' ), 10, 2 );
31
+ }
32
+
33
+ /**
34
+ * Admin setting sections
35
+ *
36
+ * @param array $sections Array of admin setting sections.
37
+ */
38
+ public function sections( $sections ) {
39
+ $sections['ipbase'] = array(
40
+ 'title' => __( 'ipbase (geolocation)', 'zero-spam' ),
41
+ 'icon' => 'modules/ipbase/icon-ipbase.svg',
42
+ );
43
+
44
+ return $sections;
45
+ }
46
+
47
+ /**
48
+ * Admin settings
49
+ *
50
+ * @param array $settings Array of available settings.
51
+ */
52
+ public function settings( $settings ) {
53
+ $options = get_option( 'zero-spam-ipbase' );
54
+
55
+ $settings['ipbase_api_key'] = array(
56
+ 'title' => __( 'API Key', 'zero-spam' ),
57
+ 'desc' => sprintf(
58
+ wp_kses(
59
+ /* translators: %1$s: Replaced with the ipbase URL */
60
+ __( 'Enter your ipbase API key. Don\'t have an API key? <a href="%1$s" target="_blank" rel="noopener noreferrer"><strong>Get one for free!</strong></a>', 'zero-spam' ),
61
+ array(
62
+ 'strong' => array(),
63
+ 'a' => array(
64
+ 'target' => array(),
65
+ 'href' => array(),
66
+ 'rel' => array(),
67
+ ),
68
+ )
69
+ ),
70
+ esc_url( 'https://app.ipbase.com/register' )
71
+ ),
72
+ 'module' => 'ipbase',
73
+ 'type' => 'text',
74
+ 'field_class' => 'regular-text',
75
+ 'placeholder' => __( 'Enter your ipbase API key.', 'zero-spam' ),
76
+ 'value' => ! empty( $options['ipbase_api_key'] ) ? $options['ipbase_api_key'] : false,
77
+ );
78
+
79
+ $settings['ipbase_api_timeout'] = array(
80
+ 'title' => __( 'API Timeout', 'zero-spam' ),
81
+ 'module' => 'ipbase',
82
+ 'type' => 'number',
83
+ 'field_class' => 'small-text',
84
+ 'suffix' => __( 'seconds', 'zero-spam' ),
85
+ 'placeholder' => __( '5', 'zero-spam' ),
86
+ 'desc' => __( 'Controls how long to wait for the api to return a response, 5 seconds is recommended. Too high could result in degraded performance, too low & it won\'t have time to respond.', 'zero-spam' ),
87
+ 'value' => ! empty( $options['ipbase_api_timeout'] ) ? $options['ipbase_api_timeout'] : 5,
88
+ 'recommended' => 5,
89
+ );
90
+
91
+ $settings['ipbase_cache'] = array(
92
+ 'title' => __( 'Cache Expiration', 'zero-spam' ),
93
+ 'module' => 'ipbase',
94
+ 'type' => 'number',
95
+ 'field_class' => 'small-text',
96
+ 'suffix' => __( 'day(s)', 'zero-spam' ),
97
+ 'placeholder' => __( 'Number of days', 'zero-spam' ),
98
+ 'desc' => __( 'Controls how long IP data is cached, 30 days is recommended. Too low could result in degraded performance.', 'zero-spam' ),
99
+ 'value' => ! empty( $options['ipbase_cache'] ) ? $options['ipbase_cache'] : 30,
100
+ 'recommended' => 30,
101
+ );
102
+
103
+ return $settings;
104
+ }
105
+
106
+ /**
107
+ * Returns an IP addresses' details
108
+ *
109
+ * @param string $ip_address_details IP address details.
110
+ */
111
+ public function ip_address_details( $ip_address, $ip_address_details ) {
112
+ $response_mapping = array(
113
+ 'country_code' => 'country_code',
114
+ 'country_name' => 'country_name',
115
+ 'region_code' => 'region_code',
116
+ 'region_name' => 'region_name',
117
+ 'city' => 'city',
118
+ 'zip_code' => 'zip',
119
+ 'time_zone' => 'timezone',
120
+ 'latitude' => 'latitude',
121
+ 'longitude' => 'longitude',
122
+ );
123
+
124
+ $api_response = self::query_ip_address( $ip_address );
125
+ if ( $api_response ) {
126
+ foreach ( $response_mapping as $api_key => $details_key ) {
127
+ if ( ! empty( $api_response[ $api_key ] ) ) {
128
+ $ip_address_details[ $details_key ] = sanitize_text_field( $api_response[ $api_key ] );
129
+ }
130
+ }
131
+ }
132
+
133
+ return $ip_address_details;
134
+ }
135
+
136
+ /**
137
+ * Query an IP address
138
+ *
139
+ * @param string $ip_address IP address to query.
140
+ */
141
+ public static function query_ip_address( $ip_address ) {
142
+ $plugin_settings = \ZeroSpam\Core\Settings::get_settings();
143
+
144
+ if ( empty( $plugin_settings['ipbase_api_key']['value'] ) || ! rest_is_ip_address( $ip_address ) ) {
145
+ return false;
146
+ }
147
+
148
+ $queried_cache_key = \ZeroSpam\Core\Utilities::cache_key(
149
+ array(
150
+ 'ipinfo',
151
+ $ip,
152
+ )
153
+ );
154
+
155
+ $result = wp_cache_get( $queried_cache_key );
156
+ if ( false === $result ) {
157
+ $endpoint = esc_url( "https://api.ipbase.com/json/$ip_address?apikey=" . $plugin_settings['ipbase_api_key']['value'] );
158
+
159
+ $response_timeout = 5;
160
+ if ( ! empty( $settings['ipbase_api_timeout'] ) ) {
161
+ $timeout = intval( $settings['ipbase_api_timeout']['value'] );
162
+ }
163
+
164
+ $response = \ZeroSpam\Core\Utilities::remote_get( $endpoint, array( 'timeout' => $timeout ) );
165
+ if ( $response ) {
166
+ $result = json_decode( $response, true );
167
+
168
+ if ( empty( $result ) || ! empty( $result['message'] ) ) {
169
+ \ZeroSpam\Core\Utilities::log( 'ipbase_api: ' . $result['message'] );
170
+ return false;
171
+ }
172
+
173
+ $cache_expiration = 14 * DAY_IN_SECONDS;
174
+ if ( ! empty( $settings['ipbase_cache']['value'] ) ) {
175
+ $expiration = $settings['ipbase_cache']['value'] * DAY_IN_SECONDS;
176
+ }
177
+
178
+ wp_cache_set( $cache_key, $result, 'zerospam', $expiration );
179
+ }
180
+ }
181
+
182
+ return $result;
183
+ }
184
+ }
modules/ipbase/icon-ipbase.svg ADDED
@@ -0,0 +1 @@
 
1
+ <?xml version="1.0" encoding="UTF-8"?><svg version="1.1" width="342px" height="342px" viewBox="0 0 342.0 342.0" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><defs><clipPath id="i0"><path d="M48,0 C74.5,0 96,21.5 96,48 L96,294 C96,320.235 74.92785,341.5695 48.7934835,341.993567 L48,342 C21.5,342 0,320.5 0,294 L0,48 C0,21.765 21.07215,0.4305 47.2065165,0.0064335 L48,0 Z"></path></clipPath><linearGradient id="i1" x1="45.0696px" y1="326.3085px" x2="48.0562px" y2="168.0193px" gradientUnits="userSpaceOnUse"><stop stop-color="#2893FF" offset="0%"></stop><stop stop-color="#0033BF" offset="100%"></stop></linearGradient><clipPath id="i2"><path d="M48,0 C74.5,0 96.0003474,21.5 96.0003474,48 L96.0003474,173 C96.0990035,199.235 75.02784,220.5695 48.7964535,220.993566 L48,221 C21.5,221 0,199.5 0,173 L0,48 C0,21.765 21.07215,0.4305 47.2065165,0.0064335 L48,0 Z"></path></clipPath><linearGradient id="i3" x1="48.0002px" y1="-118.6891px" x2="48.0002px" y2="212.1005px" gradientUnits="userSpaceOnUse"><stop stop-color="#45A2FF" offset="0%"></stop><stop stop-color="#2660FF" offset="100%"></stop></linearGradient><linearGradient id="i4" x1="48px" y1="2.3109px" x2="48px" y2="333.1005px" gradientUnits="userSpaceOnUse"><stop stop-color="#45A2FF" offset="0%"></stop><stop stop-color="#2660FF" offset="100%"></stop></linearGradient><clipPath id="i5"><path d="M48,0 C74.5,0 96,21.5 96,48 L96,123 C96,149.235 74.92785,170.5695 48.7934835,170.993566 L48,171 C21.5,171 0,149.5 0,123 L0,48 C0,21.765 21.07215,0.4305 47.2065165,0.0064335 L48,0 Z"></path></clipPath><clipPath id="i6"><path d="M47.7,0 C74.0439826,0 95.4,21.3560174 95.4,47.7 C95.4,74.0439826 74.0439826,95.4 47.7,95.4 C21.3560174,95.4 0,74.0439826 0,47.7 C0,21.3560174 21.3560174,0 47.7,0 Z"></path></clipPath><linearGradient id="i7" x1="47.7px" y1="5.5699px" x2="47.7px" y2="124.5238px" gradientUnits="userSpaceOnUse"><stop stop-color="#45A2FF" offset="0%"></stop><stop stop-color="#2660FF" offset="100%"></stop></linearGradient></defs><g transform="translate(246.0 0.0)"><g clip-path="url(#i0)"><polygon points="0,0 96,0 96,342 0,342 0,0" stroke="none" fill="url(#i1)"></polygon></g></g><g transform="translate(0.0 121.0)"><g clip-path="url(#i2)"><polygon points="0,0 96.0006924,0 96.0006924,221 0,221 0,0" stroke="none" fill="url(#i3)"></polygon></g></g><g transform="translate(123.0 0.0)"><g clip-path="url(#i0)"><polygon points="0,0 96,0 96,342 0,342 0,0" stroke="none" fill="url(#i4)"></polygon></g></g><g transform="translate(246.0 0.0)"><g clip-path="url(#i5)"><polygon points="0,0 96,0 96,171 0,171 0,0" stroke="none" fill="url(#i4)"></polygon></g></g><g transform="translate(0.29999999999999716 0.0)"><g clip-path="url(#i6)"><polygon points="0,0 95.4,0 95.4,95.4 0,95.4 0,0" stroke="none" fill="url(#i7)"></polygon></g></g></svg>
modules/security/class-security.php ADDED
@@ -0,0 +1,230 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ <?php
2
+ /**
3
+ * Site security
4
+ *
5
+ * Implement Zero Spam's recommended WordPress security practices.
6
+ *
7
+ * @package ZeroSpam
8
+ */
9
+
10
+ namespace ZeroSpam\Modules\Security;
11
+
12
+ // Security Note: Blocks direct access to the plugin PHP files.
13
+ defined( 'ABSPATH' ) || die();
14
+
15
+ /**
16
+ * Security class
17
+ */
18
+ class Security {
19
+ /**
20
+ * Constructor
21
+ */
22
+ public function __construct() {
23
+ add_action( 'init', array( $this, 'init' ) );
24
+ }
25
+
26
+ /**
27
+ * Fires after WordPress has finished loading but before any headers are sent
28
+ */
29
+ public function init() {
30
+ add_filter( 'zerospam_setting_sections', array( $this, 'sections' ) );
31
+ add_filter( 'zerospam_settings', array( $this, 'settings' ), 10, 1 );
32
+
33
+ // It can be considered a security risk to make your WP version visible &
34
+ // public you should hide it.
35
+ remove_action( 'wp_head', 'wp_generator' );
36
+ remove_action( 'opml_head', 'the_generator' );
37
+
38
+ // XML-RPC can significantly amplify the brute-force attacks.
39
+ add_filter( 'xmlrpc_enabled', '__return_false' );
40
+
41
+ // Fired on detections.
42
+ add_action( 'zero_spam_detection', array( $this, 'handle_detection' ), 10, 2 );
43
+
44
+ // Block XMLRPC. Accessing this file can allow an attacker to exhaust your
45
+ // server’s resources quite easily as well as potentially enumerate your
46
+ // WordPress authors and brute force your WordPress logins among other
47
+ // vectors.
48
+ add_action( 'init', array( $this, 'block_xmlrpc' ) );
49
+
50
+ if (
51
+ 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'remove_resource_query_parameters' )
52
+ ) {
53
+ remove_action( 'wp_head', 'print_emoji_detection_script', 7 );
54
+ remove_action( 'admin_print_scripts', 'print_emoji_detection_script' );
55
+ remove_action( 'wp_print_styles', 'print_emoji_styles' );
56
+ remove_action( 'admin_print_styles', 'print_emoji_styles' );
57
+ remove_filter( 'the_content_feed', 'wp_staticize_emoji' );
58
+ remove_filter( 'comment_text_rss', 'wp_staticize_emoji' );
59
+ remove_filter( 'wp_mail', 'wp_staticize_emoji_for_email' );
60
+ add_filter( 'tiny_mce_plugins', 'disable_emojis_tinymce' );
61
+ }
62
+
63
+ if (
64
+ 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'disable_emojis' )
65
+ ) {
66
+ add_filter( 'style_loader_src', array( $this, 'remove_resource_query_params' ), 10, 2);
67
+ add_filter( 'script_loader_src', array( $this, 'remove_resource_query_params' ), 10, 2);
68
+ }
69
+
70
+ if (
71
+ 'enabled' === \ZeroSpam\Core\Settings::get_settings( 'disable_rss_feed' )
72
+ ) {
73
+ add_action( 'do_feed', array( $this, 'disable_rss'), 1 );
74
+ add_action( 'do_feed_rdf', array( $this, 'disable_rss'), 1 );
75
+ add_action( 'do_feed_rss', array( $this, 'disable_rss'), 1 );
76
+ add_action( 'do_feed_rss2', array( $this, 'disable_rss'), 1 );
77
+ add_action( 'do_feed_atom', array( $this, 'disable_rss'), 1 );
78
+ add_action( 'do_feed_rss2_comments', array( $this, 'disable_rss'), 1 );
79
+ add_action( 'do_feed_atom_comments', array( $this, 'disable_rss'), 1 );
80
+ add_filter(
81
+ 'the_generator',
82
+ function() {
83
+ return '';
84
+ }
85
+ );
86
+ }
87
+ }
88
+
89
+ /**
90
+ * Admin setting sections
91
+ *
92
+ * @param array $sections Array of admin setting sections.
93
+ */
94
+ public function sections( $sections ) {
95
+ $sections['security'] = array(
96
+ 'title' => __( 'Security', 'zero-spam' ),
97
+ 'icon' => 'modules/security/icon-security.svg',
98
+ );
99
+
100
+ return $sections;
101
+ }
102
+
103
+ /**
104
+ * Admin settings
105
+ *
106
+ * @param array $settings Array of available settings.
107
+ */
108
+ public function settings( $settings ) {
109
+ $options = get_option( 'zero-spam-security' );
110
+
111
+ $settings['remove_resource_query_parameters'] = array(
112
+ 'title' => __( 'Remove Resource Query Parameters', 'zero-spam' ),
113
+ 'desc' => wp_kses(
114
+ __( 'Web scanners love the <code>&ver=x.x.x</code> type arguments that are appended to your CSS and JS files. This is useful for caching systems and implementing this change could affect the quality of your cache. As long as you are aware of the effects or risks, there really shouldn’t be any other detrimental effects.', 'zero-spam' ),
115
+ array(
116
+ 'code' => array(),
117
+ 'strong' => array(),
118
+ 'a' => array(
119
+ 'target' => array(),
120
+ 'href' => array(),
121
+ 'rel' => array(),
122
+ ),
123
+ )
124
+ ),
125
+ 'module' => 'security',
126
+ 'type' => 'checkbox',
127
+ 'options' => array(
128
+ 'enabled' => false,
129
+ ),
130
+ 'value' => ! empty( $options['remove_resource_query_parameters'] ) ? $options['remove_resource_query_parameters'] : false,
131
+ );
132
+
133
+ $settings['disable_emojis'] = array(
134
+ 'title' => __( 'Disable WordPress Emoj\'s', 'zero-spam' ),
135
+ 'desc' => wp_kses(
136
+ __( 'WordPress emoji’s are one of the vectors scanners use in order to enumerate version information, disable them if you\'re not using them.', 'zero-spam' ),
137
+ array(
138
+ 'code' => array(),
139
+ 'strong' => array(),
140
+ 'a' => array(
141
+ 'target' => array(),
142
+ 'href' => array(),
143
+ 'rel' => array(),
144
+ ),
145
+ )
146
+ ),
147
+ 'module' => 'security',
148
+ 'type' => 'checkbox',
149
+ 'options' => array(
150
+ 'enabled' => false,
151
+ ),
152
+ 'value' => ! empty( $options['disable_emojis'] ) ? $options['disable_emojis'] : false,
153
+ 'recommended' => 'enabled',
154
+ );
155
+
156
+ $settings['disable_rss_feed'] = array(
157
+ 'title' => __( 'Disable WordPress RSS Feed', 'zero-spam' ),
158
+ 'desc' => wp_kses(
159
+ __( 'Having the RSS feed exposed is another way that scanners use to detect your WordPress version as well as other pertinent information such as authors, disable it if you\'re not using it.', 'zero-spam' ),
160
+ array(
161
+ 'code' => array(),
162
+ 'strong' => array(),
163
+ 'a' => array(
164
+ 'target' => array(),
165
+ 'href' => array(),
166
+ 'rel' => array(),
167
+ ),
168
+ )
169
+ ),
170
+ 'module' => 'security',
171
+ 'type' => 'checkbox',
172
+ 'options' => array(
173
+ 'enabled' => false,
174
+ ),
175
+ 'value' => ! empty( $options['disable_rss_feed'] ) ? $options['disable_rss_feed'] : false,
176
+ );
177
+
178
+ return $settings;
179
+ }
180
+
181
+ /**
182
+ * Disables RSS feeds
183
+ */
184
+ public function disable_rss() {
185
+ wp_die( __( 'No feed available.', 'zero-spam' ) );
186
+ }
187
+
188
+ /**
189
+ * Removes resource query parameters
190
+ */
191
+ public function remove_resource_query_params( $src ) {
192
+ if ( strpos( $src, 'ver=' . get_bloginfo( 'version' ) ) ) {
193
+ $src = remove_query_arg( 'ver', $src );
194
+ }
195
+
196
+ return $src;
197
+ }
198
+
199
+ /**
200
+ * Handles detections.
201
+ *
202
+ * @param array $details Detection details.
203
+ */
204
+ public function handle_detection( $details ) {
205
+
206
+ }
207
+
208
+ /**
209
+ * Block access to xmlrpc.php
210
+ */
211
+ public function block_xmlrpc() {
212
+ $current_url = rtrim( $_SERVER['REQUEST_URI'], '/' );
213
+ add_filter(
214
+ 'bloginfo_url',
215
+ function( $output, $property ) {
216
+ return ( $property == 'pingback_url' ) ? null : $output;
217
+ },
218
+ 11,
219
+ 2
220
+ );
221
+
222
+ add_filter( 'xmlrpc_enabled', '__return_false' );
223
+
224
+ if ( strpos( $current_url, '/xmlrpc.php' ) !== false ) {
225
+ status_header( 404 );
226
+ nocache_headers();
227
+ wp_die( __('This file is not accessible.', 'zero-spam') );
228
+ }
229
+ }
230
+ }
modules/security/icon-security.svg ADDED
@@ -0,0 +1,10 @@
 
 
 
 
 
 
 
 
 
 
1
+ <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="256" height="256" viewBox="0 0 256 256" xml:space="preserve">
2
+
3
+ <defs>
4
+ </defs>
5
+ <g style="stroke: none; stroke-width: 0; stroke-dasharray: none; stroke-linecap: butt; stroke-linejoin: miter; stroke-miterlimit: 10; fill: none; fill-rule: nonzero; opacity: 1;" transform="translate(1.4065934065934016 1.4065934065934016) scale(2.81 2.81)" >
6
+ <path d="M 70.774 90 H 19.226 c -3.586 0 -6.494 -2.907 -6.494 -6.494 V 41.755 c 0 -3.586 2.907 -6.494 6.494 -6.494 h 51.549 c 3.586 0 6.494 2.907 6.494 6.494 v 41.751 C 77.268 87.093 74.361 90 70.774 90 z" style="stroke: none; stroke-width: 1; stroke-dasharray: none; stroke-linecap: butt; stroke-linejoin: miter; stroke-miterlimit: 10; fill: rgb(255,189,72); fill-rule: nonzero; opacity: 1;" transform=" matrix(1 0 0 1 0 0) " stroke-linecap="round" />
7
+ <path d="M 51.483 57.308 c 0 -4.038 -3.691 -7.213 -7.883 -6.337 c -2.439 0.51 -4.414 2.477 -4.932 4.915 c -0.604 2.842 0.656 5.45 2.784 6.845 v 9.575 c 0 1.959 1.588 3.548 3.548 3.548 h 0 c 1.959 0 3.548 -1.588 3.548 -3.548 v -9.575 C 50.314 61.573 51.483 59.578 51.483 57.308 z" style="stroke: none; stroke-width: 1; stroke-dasharray: none; stroke-linecap: butt; stroke-linejoin: miter; stroke-miterlimit: 10; fill: rgb(102,102,102); fill-rule: nonzero; opacity: 1;" transform=" matrix(1 0 0 1 0 0) " stroke-linecap="round" />
8
+ <path d="M 66.961 35.262 V 20.155 C 66.961 9.024 57.937 0 46.806 0 h -3.612 C 32.063 0 23.039 9.024 23.039 20.155 v 15.107 l 7.993 0 V 22.92 c 0 -8.244 6.683 -14.927 14.927 -14.927 l 0 0 c 7.185 0 13.009 5.824 13.009 13.009 v 14.26 L 66.961 35.262 z" style="stroke: none; stroke-width: 1; stroke-dasharray: none; stroke-linecap: butt; stroke-linejoin: miter; stroke-miterlimit: 10; fill: rgb(102,102,102); fill-rule: nonzero; opacity: 1;" transform=" matrix(1 0 0 1 0 0) " stroke-linecap="round" />
9
+ </g>
10
+ </svg>
readme.txt CHANGED
@@ -5,15 +5,15 @@ Donate link: https://www.zerospam.org/subscribe/
5
  Requires at least: 5.2
6
  Tested up to: 6.0.2
7
  Requires PHP: 7.3
8
- Stable tag: 5.4.1
9
  License: GNU GPLv3
10
  License URI: https://choosealicense.com/licenses/gpl-3.0/
11
 
12
- Protection against spam & malicious users using cutting-edge AI. Firewall, real-time monitoring & more.
13
 
14
  == Description ==
15
 
16
- Protect against spam & malicious users using an advanced, highly-configurable firewall, real-time monitoring, integration with popular blacklists & plugins like [WooCommerce](https://wordpress.org/plugins/woocommerce/), [GiveWP](https://givewp.com/ref/1118/), [Gravity Forms](https://www.gravityforms.com/) & more.
17
 
18
  **Install, activate, configure, then put your mind at ease!**
19
 
@@ -21,9 +21,10 @@ Protect against spam & malicious users using an advanced, highly-configurable fi
21
 
22
  * No captcha, spam isn't a users' problem
23
  * No moderation queues, spam isn't a administrators' problem
24
- * [Zero Spam](https://www.zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/) &amp; [Project Honeypot](https://www.projecthoneypot.org/) integration
25
- * Automatically & manually block IPs temporarily or permanently
26
- * Geolocate IP addresses to see where offenders are coming from
 
27
  * Block entire countries, regions, zip/postal codes & cities
28
  * Optional disallowed list using [splorp's Comment Blacklist](https://github.com/splorp/wordpress-comment-blacklist)
29
  * Block known disposable &amp; malicious email domains using [disposable](https://github.com/disposable)
@@ -50,6 +51,7 @@ Zero Spam allows you to integrate with other services to improve the ability to
50
  * **[Stop Forum Spam](https://www.stopforumspam.com/)** - Sends the visitor's IP to check if they've been reported. Review their [Privacy Policy](https://www.stopforumspam.com/privacy) & [Terms of Use](https://www.stopforumspam.com/legal).
51
  * **[Project Honeypot](https://www.projecthoneypot.org/)** - Sends the visitor's IP to check if they've been reported. Review their [Privacy Policy](https://www.projecthoneypot.org/privacy_policy.php) & [Terms of Use](https://www.projecthoneypot.org/terms_of_use.php).
52
  * **[ipinfo.io](https://ipinfo.io/)** - Sends the visitor's IP to gather detailed geolocation information. Review their [Privacy Policy](https://ipinfo.io/privacy-policy) & [Terms of Use](https://ipinfo.io/terms-of-service).
 
53
  * **[ipstack](https://ipstack.com/)** - Sends the visitor's IP to gather detailed geolocation information. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://ipstack.com/terms).
54
  * **[Google Maps](https://developers.google.com/maps)** - Enables the ability to plot attack locations. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://developers.google.com/terms/site-terms).
55
 
@@ -105,6 +107,11 @@ If hosting with Pantheon, see their [known issues page](https://pantheon.io/docs
105
 
106
  == Changelog ==
107
 
 
 
 
 
 
108
  = v5.4.1 =
109
 
110
  * feat(dashboard): dashboard ui enhancements
@@ -112,7 +119,7 @@ If hosting with Pantheon, see their [known issues page](https://pantheon.io/docs
112
  * fix(memberpress): removed memberpress support, they made fundamental changes to their plugin that's ganna require a rework
113
  * fix(uninstall): fix issue where the plugin couldn't be deleted
114
  * fix(cli): resolves #33
115
- * chore(charts): updated chart.js tp 3.9.1
116
 
117
  = v5.4.0 =
118
 
5
  Requires at least: 5.2
6
  Tested up to: 6.0.2
7
  Requires PHP: 7.3
8
+ Stable tag: 5.4.2
9
  License: GNU GPLv3
10
  License URI: https://choosealicense.com/licenses/gpl-3.0/
11
 
12
+ Protection against spam, malicious users & common attacks using an advanced behavior detection engine. Integrates with other 3rd-party plugins.
13
 
14
  == Description ==
15
 
16
+ Protect against spam, malicious users, attacks like web & port scans, brute force, and others. Zero Spam uses multiple methods to detect & stop threats including an advanced behavior detection engine that integrates with [Zero Spam](https://www.zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/) &amp; [Project Honeypot](https://www.projecthoneypot.org/). Integration with popular plugins like [WooCommerce](https://wordpress.org/plugins/woocommerce/), [GiveWP](https://givewp.com/ref/1118/), [Gravity Forms](https://www.gravityforms.com/) & more help provides an extra level of protection.
17
 
18
  **Install, activate, configure, then put your mind at ease!**
19
 
21
 
22
  * No captcha, spam isn't a users' problem
23
  * No moderation queues, spam isn't a administrators' problem
24
+ * Advanced behavior detection engine able to dynamically block threats
25
+ * Integrates with global IP reputation providers
26
+ * Allows admins to block IPs temporarily or permanently
27
+ * Geolocation integration to track where threats are coming from
28
  * Block entire countries, regions, zip/postal codes & cities
29
  * Optional disallowed list using [splorp's Comment Blacklist](https://github.com/splorp/wordpress-comment-blacklist)
30
  * Block known disposable &amp; malicious email domains using [disposable](https://github.com/disposable)
51
  * **[Stop Forum Spam](https://www.stopforumspam.com/)** - Sends the visitor's IP to check if they've been reported. Review their [Privacy Policy](https://www.stopforumspam.com/privacy) & [Terms of Use](https://www.stopforumspam.com/legal).
52
  * **[Project Honeypot](https://www.projecthoneypot.org/)** - Sends the visitor's IP to check if they've been reported. Review their [Privacy Policy](https://www.projecthoneypot.org/privacy_policy.php) & [Terms of Use](https://www.projecthoneypot.org/terms_of_use.php).
53
  * **[ipinfo.io](https://ipinfo.io/)** - Sends the visitor's IP to gather detailed geolocation information. Review their [Privacy Policy](https://ipinfo.io/privacy-policy) & [Terms of Use](https://ipinfo.io/terms-of-service).
54
+ * **[ipbase.com](https://ipbase.com/)** - Sends the visitor's IP to gather detailed geolocation information. Review their [Privacy Policy](https://ipbase.com/privacy-policy/) & [Terms of Use](https://www.iubenda.com/terms-and-conditions/41661719).
55
  * **[ipstack](https://ipstack.com/)** - Sends the visitor's IP to gather detailed geolocation information. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://ipstack.com/terms).
56
  * **[Google Maps](https://developers.google.com/maps)** - Enables the ability to plot attack locations. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://developers.google.com/terms/site-terms).
57
 
107
 
108
  == Changelog ==
109
 
110
+ = v5.4.2 =
111
+
112
+ * feat(ipbase): added support for ipbase.com
113
+ * feat(security): added additional advanced security protections
114
+
115
  = v5.4.1 =
116
 
117
  * feat(dashboard): dashboard ui enhancements
119
  * fix(memberpress): removed memberpress support, they made fundamental changes to their plugin that's ganna require a rework
120
  * fix(uninstall): fix issue where the plugin couldn't be deleted
121
  * fix(cli): resolves #33
122
+ * chore(charts): updated chart.js to 3.9.1
123
 
124
  = v5.4.0 =
125
 
wordpress-zero-spam.php CHANGED
@@ -13,7 +13,7 @@
13
  * Plugin Name: Zero Spam for WordPress
14
  * Plugin URI: https://www.highfivery.com/projects/zero-spam/
15
  * Description: Tired of all the ineffective WordPress anti-spam & security plugins? Zero Spam for WordPress makes blocking spam &amp; malicious activity a cinch. <strong>Just activate, configure, and say goodbye to spam.</strong>
16
- * Version: 5.4.1
17
  * Requires at least: 5.2
18
  * Requires PHP: 7.3
19
  * Author: Highfivery LLC
@@ -31,7 +31,7 @@ defined( 'ABSPATH' ) || die();
31
  define( 'ZEROSPAM', __FILE__ );
32
  define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) );
33
  define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) );
34
- define( 'ZEROSPAM_VERSION', '5.4.1' );
35
 
36
  if ( defined( 'ZEROSPAM_DEVELOPMENT_URL' ) ) {
37
  define( 'ZEROSPAM_URL', ZEROSPAM_DEVELOPMENT_URL );
13
  * Plugin Name: Zero Spam for WordPress
14
  * Plugin URI: https://www.highfivery.com/projects/zero-spam/
15
  * Description: Tired of all the ineffective WordPress anti-spam & security plugins? Zero Spam for WordPress makes blocking spam &amp; malicious activity a cinch. <strong>Just activate, configure, and say goodbye to spam.</strong>
16
+ * Version: 5.4.2
17
  * Requires at least: 5.2
18
  * Requires PHP: 7.3
19
  * Author: Highfivery LLC
31
  define( 'ZEROSPAM', __FILE__ );
32
  define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) );
33
  define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) );
34
+ define( 'ZEROSPAM_VERSION', '5.4.2' );
35
 
36
  if ( defined( 'ZEROSPAM_DEVELOPMENT_URL' ) ) {
37
  define( 'ZEROSPAM_URL', ZEROSPAM_DEVELOPMENT_URL );