Free Plugin by DrGlenn

Invisible CF7 Spam Shield

Advanced, invisible spam protection for Contact Form 7—no CAPTCHAs. Uses server-side checks (honeypots, session token, timing, link blocking) for maximum compatibility.

Download CF7 Spam Shield (v3.9.0) Features Installation

Overview

DrGlenn’s Invisible CF7 Spam Shield provides robust, multi-layered protection against form spam—completely invisible to real visitors. It replaces annoying CAPTCHAs with smart, server-side checks engineered to work well with popular themes, caching, and optimization plugins.

Just install, activate, and enjoy cleaner submissions.

Optimized for compatibility—no JavaScript tricks required; core logic runs server-side.

Why You’ll Like It

No CAPTCHA Server-side Honeypots Timing Session Token

  • Better UX: Users don’t have to solve anything.
  • Avoid reCAPTCHA fees: Effective, free alternative.
  • High compatibility: Less likely to break with caching or JS minification.
  • Lightweight: Minimal overhead; no settings required.

How It Works & Key Features (v3.9.0)

Invisible Checks

  • Standard Honeypot (new_newsite): hidden field most bots fill; if filled → spam.
  • Time Check: records page-load time; submissions too fast (e.g., < 2s) are flagged.
  • Session Token: server-stored token must match hidden field; prevents direct posts and replays.
  • CSS-Hidden Honeypot (leave_empty_css): catches bots that ignore CSS.

Abuse Controls

  • Link Blocking: rejects submissions containing URL patterns (e.g., http://, https://, [url=, [link=). Can be disabled via filter.
  • Brute-force Throttling: blocks a session after repeated spam validation errors (default 5) without reload.
  • Single Success per Session: prevents accidental double posts without a page reload.
  • Removes CF7 reCAPTCHA: avoids conflicts; this plugin handles spam checks.

Important Considerations

  • PHP Sessions Required: token, throttling, and single-success rely on standard PHP sessions (typical on most hosts).
  • Aggressive Caching: Extremely long full-page cache can stale timestamps; normal caching is fine.
  • Reload Behavior: After certain failures the token is invalidated; users may need to reload to retry.
  • No method is 100%: Combine with other defenses (e.g., WAF) if you face sophisticated attacks.

Installation

  1. Download the zip: cf7-spam-shield.zip
  2. WordPress admin → Plugins → Add NewUpload Plugin → choose the zip → Install Now.
  3. Click Activate.
macOS tip: Hold Option while clicking if your browser tries to open the file instead of downloading.

Usage

  • No settings page—spam checks are automatic.
  • Works with existing CF7 forms out of the box.
  • Combine with backups and a firewall for best results.

Download

Install and enjoy cleaner submissions—no CAPTCHAs.

Download CF7 Spam Shield (v3.9.0) Features
Disclaimer: This plugin significantly reduces spam but cannot guarantee 100% protection. Provided free without warranty or claims of fitness. Maintain backups and comprehensive security practices.

© 2024–2025 DrGlenn. All Rights Reserved. Visit fixmyhackedwebsite.com for services and more.