{"id":160565,"date":"2022-07-27T20:28:37","date_gmt":"2022-07-27T20:28:37","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/spamjam\/"},"modified":"2026-06-21T16:45:58","modified_gmt":"2026-06-21T16:45:58","slug":"spamjam","status":"publish","type":"plugin","link":"https:\/\/pcd.wordpress.org\/plugins\/spamjam\/","author":9532416,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"2.3.1","stable_tag":"trunk","tested":"7.0","requires":"6.2","requires_php":"7.4","requires_plugins":null,"header_name":"SpamJam","header_author":"Utopique","header_description":"SpamJam prevents comments and registration spam.","assets_banners_color":"bc8c70","last_updated":"2026-06-21 16:45:58","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.paypal.com\/cgi-bin\/webscr?cmd=_s-xclick&hosted_button_id=DNSC3NVBWR66L","header_plugin_uri":"https:\/\/utopique.net\/products\/spamjam\/","header_author_uri":"https:\/\/utopique.net\/","rating":0,"author_block_rating":0,"active_installs":100,"downloads":3394,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":[],"upgrade_notice":{"2.3.1":"

Detection & performance release: adds timing-based bot detection, weighted spam scoring (gray-zone holds instead of hard blocks), per-site salted honeypot field names, WooCommerce review form support, and a no-JS fallback. Performance improvements cut per-request option lookups. Recommended for all users.<\/p>","2.3":"

Reliability patch: fixes a PHP warning on comment submissions, stops false "Form validation failed" errors on themes with custom comment forms, and tolerates longer page dwell times before submitting. Recommended for all users.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":2762608,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":2762608,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":2762608,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":2762608,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":[],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"SpamJam settings page (Pro version)","2":"Zero spam in your comments dashboard","3":"Works invisibly - users never see it"}},"plugin_section":[],"plugin_tags":[4867,598,212451,600,2419],"plugin_category":[54],"plugin_contributors":[78154,81304],"plugin_business_model":[],"class_list":["post-160565","plugin","type-plugin","status-publish","hentry","plugin_tags-comment-spam","plugin_tags-honeypot","plugin_tags-registration-spam","plugin_tags-security","plugin_tags-spam-protection","plugin_category-security-and-spam-protection","plugin_contributors-freemius","plugin_contributors-skyminds","plugin_committers-skyminds"],"banners":{"banner":"https:\/\/ps.w.org\/spamjam\/assets\/banner-772x250.png?rev=2762608","banner_2x":"https:\/\/ps.w.org\/spamjam\/assets\/banner-1544x500.png?rev=2762608","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/spamjam\/assets\/icon-128x128.png?rev=2762608","icon_2x":"https:\/\/ps.w.org\/spamjam\/assets\/icon-256x256.png?rev=2762608","generated":false},"screenshots":[],"raw_content":"\n

Tired of deleting spam comments every day?<\/strong> SpamJam is a lightweight, invisible anti-spam solution that blocks automated spam before it hits your database\u2014without annoying your legitimate users with captchas or verification steps.<\/p>\n\n

Why SpamJam?<\/h4>\n\n

Unlike traditional anti-spam plugins that rely on third-party services or frustrating captchas, SpamJam uses intelligent honeypot techniques<\/strong> and behavioral analysis<\/strong> to silently eliminate spam bots. Your real visitors won't see any difference, but spam bots will be stopped cold.<\/p>\n\n

Free Features<\/h4>\n\n

\u2705 Salted Honeypot Protection<\/strong> - Per-site randomized invisible fields that trap spam bots\n\u2705 Timing Check<\/strong> - Rejects instant bot submissions with a configurable minimum fill time\n\u2705 Weighted Spam Scoring<\/strong> - Signals combine into a score; gray-zone submissions held for moderation instead of hard-blocked\n\u2705 Referrer Validation<\/strong> - Blocks direct form submissions\n\u2705 Nonce Security<\/strong> - CSRF protection for all comment forms\n\u2705 Smart Blocklist<\/strong> - Filters common spam keywords\n\u2705 Zero Configuration<\/strong> - Works immediately after activation\n\u2705 No Captchas<\/strong> - Never annoy your real users\n\u2705 Lightweight<\/strong> - Minimal impact on site performance\n\u2705 WooCommerce Compatible<\/strong> - Works with HPOS and product review forms\n\u2705 No-JS Friendly<\/strong> - JS-disabled visitors are soft-scored, not hard-blocked<\/p>\n\n

Pro Features (Premium)<\/h4>\n\n

\ud83d\ude80 Registration Spam Protection<\/strong> - Protect user registration forms with email verification\n\ud83d\ude80 Premium Blocklist<\/strong> - Auto-updating list of 15,000+ spam terms\n\ud83d\ude80 Custom Blocklist<\/strong> - Add your own keywords and patterns to block\n\ud83d\ude80 Geographic Blocking<\/strong> - Block comments from specific countries\n\ud83d\ude80 IP Blocking<\/strong> - Block specific IP addresses or ranges\n\ud83d\ude80 Rate Limiting<\/strong> - Prevent spam floods with configurable limits\n\ud83d\ude80 Email Whitelist<\/strong> - Always allow trusted email addresses\n\ud83d\ude80 Spam Logging & Analytics<\/strong> - Track and analyze blocked spam attempts\n\ud83d\ude80 Content Validation<\/strong> - Set minimum comment length and maximum links\n\ud83d\ude80 Contact Form Protection<\/strong> - Protect Contact Form 7, WPForms, Gravity Forms\n\ud83d\ude80 User Enumeration Blocking<\/strong> - Enhanced security against attacks\n\ud83d\ude80 Priority Support<\/strong> - Get help when you need it<\/p>\n\n

Upgrade to SpamJam Pro \u2192<\/a><\/p>\n\n

Perfect For<\/h4>\n\n
    \n
  • Blogs with active comment sections<\/li>\n
  • Membership sites<\/li>\n
  • WooCommerce stores<\/li>\n
  • Community websites<\/li>\n
  • Any WordPress site tired of spam<\/li>\n<\/ul>\n\n

    How It Works<\/h4>\n\n

    SpamJam uses multiple layers of protection:<\/p>\n\n

      \n
    1. Salted Honeypot Fields<\/strong> - Per-site randomized hidden fields that only bots fill out<\/li>\n
    2. Timing Check<\/strong> - HMAC-signed server timestamp detects instant bot submissions<\/li>\n
    3. Weighted Scoring Engine<\/strong> - Signals combine into a score; hard signals block immediately, soft signals accumulate; gray-zone submissions are held for moderation<\/li>\n
    4. Referrer Checking<\/strong> - Verifies submissions come from your site<\/li>\n
    5. Hash Validation<\/strong> - Cryptographic HMAC verification of form integrity<\/li>\n
    6. Keyword Filtering<\/strong> - Blocks known spam patterns<\/li>\n<\/ol>\n\n

      All of this happens invisibly<\/strong> in the background. Your legitimate users never see a captcha or verification step.<\/p>\n\n

      Privacy First<\/h4>\n\n

      SpamJam doesn't send your data to third-party services. Everything happens on your server, keeping your users' information private and your site GDPR-compliant.<\/p>\n\n\n

      Automatic Installation<\/h4>\n\n
        \n
      1. Log in to your WordPress admin panel<\/li>\n
      2. Go to Plugins \u2192 Add New<\/li>\n
      3. Search for \"SpamJam\"<\/li>\n
      4. Click \"Install Now\" and then \"Activate\"<\/li>\n
      5. That's it! SpamJam is now protecting your site<\/li>\n<\/ol>\n\n

        Manual Installation<\/h4>\n\n
          \n
        1. Download the plugin ZIP file<\/li>\n
        2. Go to Plugins \u2192 Add New \u2192 Upload Plugin<\/li>\n
        3. Choose the ZIP file and click \"Install Now\"<\/li>\n
        4. Activate the plugin<\/li>\n
        5. SpamJam starts working immediately\u2014no configuration needed!<\/li>\n<\/ol>\n\n

          After Activation<\/h4>\n\n

          SpamJam works automatically with zero configuration. For Pro features, visit SpamJam<\/strong> in your WordPress admin menu to configure advanced options.<\/p>\n\n\n

          \n

          Do I need to configure anything?<\/h3><\/dt>\n

          No! SpamJam works immediately after activation. Just install, activate, and forget about spam.<\/p><\/dd>\n

          Will this slow down my site?<\/h3><\/dt>\n

          No. SpamJam is extremely lightweight and uses efficient caching. Most users see zero performance impact.<\/p><\/dd>\n

          Will my users see captchas?<\/h3><\/dt>\n

          Never. SpamJam is completely invisible to legitimate users. No captchas, no verification steps, no friction.<\/p><\/dd>\n

          Does this work with my theme?<\/h3><\/dt>\n

          Yes! SpamJam works with any WordPress theme that uses standard comment forms. It's compatible with popular themes like Astra, GeneratePress, OceanWP, and more.<\/p><\/dd>\n

          Is this compatible with WooCommerce?<\/h3><\/dt>\n

          Yes! SpamJam is fully compatible with WooCommerce and supports High-Performance Order Storage (HPOS).<\/p><\/dd>\n

          What's the difference between Free and Pro?<\/h3><\/dt>\n

          The free version protects comment forms with honeypots, nonce validation, and basic blocklists.<\/p>\n\n

          Pro adds 10+ advanced features including:\n- Registration form protection with email verification\n- Premium auto-updating blocklist (15,000+ terms)\n- Custom blocklist for your specific needs\n- Geographic and IP blocking\n- Rate limiting to prevent spam floods\n- Email whitelist for trusted users\n- Spam logging and analytics\n- Content validation rules\n- Contact form protection (CF7, WPForms, Gravity Forms)\n- Priority support<\/p><\/dd>\n

          How does geographic blocking work?<\/h3><\/dt>\n

          Pro users can block comments from specific countries by entering country codes (e.g., CN, RU, UA). This uses IP geolocation to identify the commenter's country and blocks them before they can submit spam.<\/p><\/dd>\n

          What is rate limiting?<\/h3><\/dt>\n

          Rate limiting prevents spam floods by limiting how many comments a single IP address can submit within a time period. For example, you can set it to allow maximum 5 comments per hour per IP address.<\/p><\/dd>\n

          Can I see what spam was blocked?<\/h3><\/dt>\n

          Yes! Pro users can enable spam logging to track all blocked attempts. You can see IP addresses, countries, blocked content, and reasons for blocking. Logs are automatically cleaned up based on your retention settings.<\/p><\/dd>\n

          Does this work with other anti-spam plugins?<\/h3><\/dt>\n

          SpamJam can work alongside other plugins, but for best results, we recommend using it as your primary anti-spam solution to avoid conflicts.<\/p><\/dd>\n

          How effective is SpamJam?<\/h3><\/dt>\n

          SpamJam blocks 99%+ of automated spam bots. The multi-layered approach catches what single-method solutions miss.<\/p><\/dd>\n

          Do you offer support?<\/h3><\/dt>\n

          Yes! Free users can get community support through WordPress.org forums. Pro users get priority email support.<\/p><\/dd>\n

          Is my data sent to third parties?<\/h3><\/dt>\n

          No. SpamJam processes everything on your server. Your data stays private and GDPR-compliant.<\/p><\/dd>\n\n<\/dl>\n\n\n

          2.3.1 - 2026-06-15<\/h4>\n\n
            \n
          • Security - Form-fill timing check: signed HMAC timestamp injected at page render; submissions arriving faster than the configurable minimum (default 3 s) are scored as a bot signal<\/li>\n
          • Security - Weighted scoring engine replaces flat hard-blocks: hard signals (honeypot, trap field, blocklist) block immediately; soft signals (nonce, token, referer, timing) accumulate a score; gray-zone submissions are held for moderation rather than rejected<\/li>\n
          • Security - Honeypot field name is now derived from wp_salt() per site, making it opaque to bots that learn field names by scraping other installations<\/li>\n
          • Security - WooCommerce review detection improved: product pages now target #review_form so the sj5 token reaches WooCommerce review forms; verified-purchase gate still respected<\/li>\n
          • Security - No-JS fallback: server-rendered hidden sj5_nojs field lets JS-disabled visitors submit; absence of the JS token is now a soft signal (weight 10) rather than a hard block<\/li>\n
          • Performance - Premium feature flags consolidated into a single cached array; replaces ~10 individual get_option() calls per request; cache invalidated on every settings save<\/li>\n
          • Performance - Duplicate is_singular() + comments_open() gate merged into a static-cached helper; evaluated once per request<\/li>\n
          • Performance - Removed dead enqueue_comment_styles() function; the CSS targeted a display:none element and was silently dropped on classic themes<\/li>\n<\/ul>\n\n

            2.3 - 2026-06-09<\/h4>\n\n
              \n
            • Fixed - Resolved \"Undefined array key email_confirm\" PHP warning by guarding the honeypot field check when the field is absent from the submission<\/li>\n
            • Fixed - Comment form token (sj5) now attaches to themes with custom comment form IDs via a broadened, filterable selector (spamjam_comment_form_selector), preventing false \"Form validation failed\" blocks<\/li>\n
            • Enhancement - sj5 token validation now tolerates longer page dwell time by accepting the current plus the last three hourly windows (filterable via spamjam_token_window_tolerance); still verified with hash_equals()<\/li>\n<\/ul>","raw_excerpt":"Stop 99% of spam comments and registrations automatically. Zero captchas, zero hassle. Your visitors won't even notice it's there.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/160565","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=160565"}],"author":[{"embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/skyminds"}],"wp:attachment":[{"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=160565"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=160565"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=160565"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=160565"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=160565"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/pcd.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=160565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}