WordPress Zero Spam


Quit forcing users to answer silly questions, read confusing captchas, or take additional steps just to prove they’re not spam. Stop malicious bots & hackers in their tracks before they ever have a chance to infiltrate your site — introducing WordPress Zero Spam.

WordPress Zero Spam uses AI in combination with proven spam detection techniques and a database of known malicious IPs from around the world to detect and block unwanted visitors.

In addition, it integrates with other popular plugins to provide all around protection. Just install, activate, and enjoy a spam-free site!

WordPress Zero Spam features

  • Blocks 99.9% of spam submissions
  • No captcha, spam isn’t a users’ problem
  • No moderation queues, spam isn’t a administrators’ problem
  • Multiple spam detection techniques, including honeypot.
  • Site security enhancements, no config required
  • Blocks malicious IPs from ever seeing your site
  • IP blacklist spam checks (Zero Spam, Stop Forum Spam, BotScout)
  • Auto-block IPs when a spam detection is triggered
  • Manually block IPs either temporarily or permanently
  • Whitelist IPs to avoid getting blocked
  • Geolocate IP addresses to see where spammers are coming from
  • Detailed logging to catch & block recurring spammers
  • Charts & statistics for easy to understand spam analytics
  • Advanced settings for complete control over spammers
  • Developer-friendly, integrate with any theme, plugin or form

WordPress Zero Spam also protects

WordPress Zero Spam is great at blocking spam — as a site owner there’s more you can do to stop WordPress spam in its tracks.

Multilingual Supported

We’ve integrated multi language support within the framework of our plugin, so you get a translated dashboard out of the box, and developer options to add even more languages. Contribute new languages via translate.wordpress.org.

Developer API

WordPress Zero Spam is free and open source. It’s the perfect solution to stopping spam and can be extended and integrated further. It was created and developed with the developer in mind, and we have already seen some truly remarkable addons already developed.

To help you get started and learn just how to integrate with WordPress Zero Spam, visit the plugin’s documentation.

Help test & contribute to WordPress Zero Spam

WordPress Zero Spam can only stay up-to-date and bug-free with the help of contributors and testers. You can help test upcoming releases and contribute by forking the project on GitHub.

Plugin Support

WordPress Zero Spam needs your support

WordPress Zero Spam is free — completely free & always will be. It’s hard to continue development and provide support without contributions. If you find using WordPress Zero Spam useful, please consider making a donation. Your donation will help encourage and support the plugin’s continued development and user support.


  • WordPress Zero Spam dashboard
  • WordPress Zero Spam detections log
  • WordPress Zero Spam blocked IPs
  • WordPress Zero Spam blacklisted IPs
  • WordPress Zero Spam settings


  1. Upload the entire wordpress-zero-spam folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the Plugins screen (Plugins > Installed Plugins).
  3. Visit the plugin setting to configure as needed (Settings > WP Zero Spam).

For more information & developer documentation, see the plugin’s website.


Does WordPress Zero Spam check Ninja Forms submissions?

No. As of v4.10.0, WordPress Zero Spam no longer checks Ninja Form submissions. Support was dropped due to its requirement of JavaScript and how it submits forms. JavaScript is one of the techniques WordPress Zero Spam uses to determine if a submission is spam. Ninja Forms employs a similar method and has its own spam detection feature.

Does this mean WPZP won’t do you any good? Absolutely not. WPZS employs other techniques and IP blacklist checks that will help prevent malicious IP and spambots from ever seeing your site. You will still get all of the benefits of this plugin, it just won’t provide the extra check on Ninja Form submissions.

Does WordPress Zero Spam check Gravity Form submissions?

No. As of v4.9.9, WordPress Zero Spam no longer checks Gravity Form submissions. Support was dropped due the numerous addon plugins that can be installed & alter GF submissions. These addons will often conflict with how WPZS validates submissions. In addition, Gravity Forms already has a spam detection option that works similar to how this plugin detects forms. You can enable it by going to the form settings and checking the Enable anti-spam honeypot option. For more information, see Gravity Forms documentation.

Does this mean WPZP won’t do you any good? Absolutely not. WPZS employs other techniques and IP blacklist checks that will help prevent malicious IP and spambots from ever seeing your site. You will still get all of the benefits of this plugin, it just won’t provide the extra check on Gravity Form submissions.

Does WordPress Zero Spam check Jetpack comments?

No. WordPress Zero Spam is unable to integrate Jetpack. For more information, see https://wordpress.org/support/topic/incompatible-with-jetpack-comments.

Spam coments are still getting through, help!

WordPress Zero Spam relies on the default core form id (#commentform) in order to check comment submissions. Verify your comment forms have this ID or add the class wpzerospam to enable it on your site.

All registrations are marked as spam, help!

This is most likely due to a plugin or theme overriding the default markup of the registration form. Verify the form has an id of registerform or add the wpzerospam class to it.

Example with registerform id:

<form name="registerform" id="registerform" action="https://yourdomain.local/login/?action=register" method="post" novalidate="novalidate">

Example with wpzerospam class:

<form name="registerform" class="wpzerospam" action="https://yourdomain.local/login/?action=register" method="post" novalidate="novalidate">

If you need help, please don’t hesitate to reach out.

How do I integrate this into another plugin or theme?

It’s easy as adding the class wpzerospam to the form element, then adding a check in the form processor that the wpzerospam_key post value matches the option value in the database using the wpzerospam_key_check() helper function. See the plugin’s documentation for more information on available hooks & functions.

Is JavaScript required to check form submissions?

Yes. One of the many techniques WordPress Zero Spam employs requires JavaScript be enabled to work properly.


9 de diciembre de 2020
connects to services and websites that are not available, don't work or super slow. Couldn't get it to work at all. Don't waste time on this one.
22 de noviembre de 2020
Ero continuamente colpito da attacchi spam. Ma appena ho installato wp zero spam questo si è messo subito in azione. Vi consiglio di aggiungere, seguite le indicazioni, la chiave api di botscaut. Se avete problemi di spam(e prima o poi li avrete) utilizzate questo plug in.
14 de agosto de 2020
99% of Spam is gone. Thanks!
10 de agosto de 2020
Thank you for originally providing this plugin which since more than one year effectively (not like the Gravity Forms honeypot) blocked spam comments through Gravity Forms. After a burst of nearly daily updates this plugin managed in short time to block out users using a VPN, on one site the Google crawler was blocked and the site is wrongly indexed now and after long time I received Gravity Forms Spam again. This is so sad because you work hard on this and wish to improve something that is already good enough. Hopefully, this plugin will stabilize again and the release process will be in the future more considerate of commercial websites and the damage it may cause.
3 de agosto de 2020
Great plugin with frequent updates. Ben was very helpful & quickly resolved an issue I was having. Thank you!
Leer todas las 105 reseñas

Colaboradores y desarrolladores

«WordPress Zero Spam» es un software de código abierto. Las siguientes personas han colaborado con este plugin.


Traduce «WordPress Zero Spam» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios


  • Added composer. See #150.
  • Temporarily disabled sharing spam detection information.


  • Update to comply with the GDPR/CCPA. See #216.


  • Fix – PHP notice Warning: array_merge(): Expected parameter 2 to be an array, bool given in /wp-content/plugins/zero-spam/classes/class-wordpress-zero-spam.php on line 532. See https://wordpress.org/support/topic/warning-array_merge-14/#post-13319702.
  • Fix – StopForumSpam & BotScout being queried even if the options are disabled. See https://wordpress.org/support/topic/api-timeout/#post-13323551.
  • Enhancement – Moved the security functions into the new WordPress_Zero_Spam_Security class.
  • Enhancement – General code clean-up & documentation.


  • Enhancement – Various performance improvements & caching added.
  • Enhancement – Easier to use class methods for integrating Zero Spam into any plugin or theme.
  • Enhancement – New WordPress_Zero_Spam class added.
  • Enhancement – IPs are now checked against known, safe hosts and user agents (i.e. search engine crawlers).
  • Enhancement – Added advanced debugging functionality.


  • Fix – PHP notices for comment options #209


  • Enhancement – Added support for the French & Italian languages. See #207.
  • Enhancement – Strengthened spam detection for registrations using a ‘honeypot’ field.
  • Enhancement – Strengthened spam detection for Contact Form 7 using a ‘honeypot’ field.
  • Fix – Fix for Contact Form 7 protection not firing.


  • Optimization – Converted the WPZS JS to be a jQuery plugin to initialize and manage easier.
  • Fix – Fix for WPZS failing when the Autoptimize plugin is set to aggregate JS files. See #205.



  • Enhancement – Strengthened spam detection for comment submission using a ‘honeypot’ field.
  • Enhancement – Added a ‘honeypot’ helper functions (wpzerospam_honeypot_field(), wpzerospam_get_honeypot()) to allow other forms, plugins, and themes to easily integrate a ‘honeypot’ check into submissions.
  • Enhancement – IP lookup links integrated in the admin dashboard and tables.
  • Deprecation – Gravity Forms is no longer supported — for the time being. See the plugin FAQs for more information.


  • Fix – Fix for a reporting issue during detections.


  • Enhancement – Added enhanced site security features (no configuration required)
  • Enhancement – Added plugin version to the information shared to Zero Spam (optional).
  • Optimization – Misc. code clean-up


  • Fix – Gravity Forms not catching spam.


  • Enhancement – Added the BotScout Count Minimum field in settings to allow sites to control when a BotScout result should be marked spam/malicious. See BotScout’s documentation for more information.
  • Enhancement – Improved performance by only querying the blacklist API once every X number of days (set in the admin settings).
  • Fix – Removed double slashes in some required PHP & JS paths.


  • Fixed issued with BuddyPress checks not running.


  • Added a confidence threshold for Stop Form Spam checks. See #202;
  • Added an API timeout field to adjust how long a response is allowed to take.
  • Restructred several functions which fixed some interment bugs users were experiencing.
  • Added ability to delete all entries from a table.
  • This update will delete all exisiting blacklisted IPs to ensure visitors aren’t getting blocked when that shouldn’t be.


  • Removed Ninja Form submission support. See FAQs for more details.
  • Fix for PHP notice on the log page in the view details modal.
  • Fix for double slashes in the JS URLs.
  • Fix for BotScout not checking IPs
  • Fix for table not found notice on activation


Fix for PHP notice on the modals for spam detections


  • Added support for Formidable Forms. See #112.
  • Added additional country regions
  • UI enhancments to the admin tables
  • Added a spam detection world map to the dashboard


  • Fix for admin table paging keeping set filters


  • Fix for charts not showing up in the dashboard


  • Added filter & seach options to admin tables
  • Various performance enhancements
  • Added ability to whitelist IP addresses


  • Update to the WP Zero Spam API


  • Various performance enhancements
  • Updates to the admin tables
  • Improved UI
  • Added functionality & option to permanently auto-block after X spam detections
  • Added ability to share spam detections with WordPress Zero Spam to strengthen it’s ability to detect spammers


  • Added option to strip links from comments
  • Added option to strip & disable the comment author website field
  • Added integration with the BotScout blacklist API


  • Added integration with the Stop Forum Spam known spammy IPs
  • Fixed issue with Gravity Forms not being enabled by default


  • Fix for Gravity Forms not submitting


  • Misc. code clean-up
  • Added support for the Fluent Forms plugin


  • Updated get_plugin_data calls to use a constant. See #196
  • Added additional country regions for geolocation lookup
  • Renamed ‘addons’ to ‘integrations’
  • Fixed issue with WPForm spam detections
  • Fix for plugin deactivation from v3 to v4 upgrade


  • Fix for Notice: Undefined index: verify_ninja_form. See #195


  • Fix for Call to undefined function wpzerospam_tables() error


  • Optimized scripts & when they get loaded (only when needed)
  • Fixed bug with incrementing spam detections in the blocked IPs log


  • Added a check for the is_plugin_active functions to ensure they’re available before calling it


  • Fix for Uncaught Error: Call to undefined function get_plugin_data(). See #193.


  • Fixed issue with adding/updating IP addresses manually
  • Fixed PHP notice for missing submission data on the log chart
  • Fixed PHP notice for «Undefined index: log_blocked_ips». See #191
  • Updated the admin scripts to only login on the plugin admin pages
  • Fixed an issue with default add-on plugin options being disabled on first save. See #192


  • Fix for REFERRER_ANALYTICS unknown constant


  • Fix for Gravity Forms PHP notice. See #188
  • Add more stats & charts. See #184


  • Fixing plugin version


  • Added the ability to manually add blocked IPs. See #185
  • Fixed the ignored start & end date of blocked IPs
  • Added the ability to auto-block an IP when spam is detected. See #185
  • Added raw data to spammer log table
  • Added the ability to uninstall options on Multisite. See #187


  • Re-implemented logging & added admin pages to prepare for charts & statistics. See #181


  • Fixed JS errors for some 3rd-party plugins. See #178
  • Fixed caching conflicts issue relating to using cookies to set & get keys. See #177
  • When plugin is uninstalled, plugin-related data is now deleted. See #179
  • Added an option in the plugin settings to determine how spam detections are handled. See #180


  • Fixed issue with plugin settings not saving. See #176.
  • Fixed some PHP notices. See #175.


  • Fixed missing JS for new 3rd-party plugin support



  • A complete rewrite of the original plugin