{"id":303491,"date":"2026-05-18T09:24:21","date_gmt":"2026-05-18T09:24:21","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/berestov-anti-spam-for-contact-form-7\/"},"modified":"2026-05-21T07:17:22","modified_gmt":"2026-05-21T07:17:22","slug":"berestov-anti-spam-for-contact-form-7","status":"publish","type":"plugin","link":"https:\/\/de-ch.wordpress.org\/plugins\/berestov-anti-spam-for-contact-form-7\/","author":23366035,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.35","stable_tag":"1.0.35","tested":"7.0","requires":"6.2","requires_php":"7.0","requires_plugins":null,"header_name":"Berestov Anti-spam for Contact Form 7","header_author":"Andrey Berestov","header_description":"Adds a lightweight anti-spam layer to Contact Form 7 using a dynamic honeypot, one-time token, JavaScript marker, behavior marker, and time window checks.","assets_banners_color":"6491a5","last_updated":"2026-05-21 07:17:22","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.myetherwallet.com\/#send\/0x37385DA1388F2921583d4750FB44Def7D76cAb23","header_plugin_uri":"https:\/\/wordpress.org\/plugins\/berestov-anti-spam-for-contact-form-7\/","header_author_uri":"https:\/\/profiles.wordpress.org\/andreyberestov","rating":0,"author_block_rating":0,"active_installs":10,"downloads":106,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.35":{"tag":"1.0.35","author":"andreyberestov","date":"2026-05-21 07:17:22"}},"upgrade_notice":{"1.0.35":"<p>Uses stricter allowlisted request parsing.<\/p>","1.0.34":"<p>Fixes cached form challenge refresh after request allowlist hardening.<\/p>","1.0.33":"<p>Uses stricter allowlisted request parsing for public anti-spam checks.<\/p>","1.0.32":"<p>Improves review compliance and clarifies the 24-hour statistics label.<\/p>","1.0.31":"<p>Refines public-facing descriptions and cleans duplicate 1.0.30 release notes.<\/p>","1.0.30":"<p>Refines statistics visibility and aligns legacy CF7 passed counting with modern behavior.<\/p>","1.0.29":"<p>Fixes WordPress comment protection token validation.<\/p>","1.0.28":"<p>Fixes comment protection token validation for real comment submissions.<\/p>","1.0.27":"<p>Removes the hard Contact Form 7 dependency and refines the admin interface styling.<\/p>","1.0.26":"<p>Refines the admin layout and visual styling for a cleaner native WordPress look.<\/p>","1.0.25":"<p>Refines the settings screen and improves the statistics layout.<\/p>","1.0.24":"<p>Improves comment-module diagnostics and frontend loading behavior.<\/p>","1.0.23":"<p>Adds optional WordPress comment protection and expanded per-module statistics.<\/p>","1.0.22":"<p>Improves legacy fork blocking, fallback refresh, and spam response handling.<\/p>","1.0.18":"<p>Adds a behavior marker layer, built-in protection statistics, and synchronized asset versioning.<\/p>","1.0.17":"<p>Improves admin guidance and overall clarity.<\/p>","1.0.16":"<p>Better balance between spam protection and user experience.<\/p>","1.0.15":"<p>Improved reliability for modern CF7 AJAX\/REST submissions.<\/p>","1.0.12":"<p>Important fix for Contact Form 7 compatibility.<\/p>","1.0.10":"<p>Introduces optional debug logging for troubleshooting.<\/p>","1.0.0":"<p>Initial release.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3535371,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3535371,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3535371,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3535371,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.35"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3535371,"resolution":"1","location":"assets","locale":"","width":1222,"height":766}},"screenshots":{"1":"Plugin settings page."}},"plugin_section":[],"plugin_tags":[2656,109,5445,1152,2419],"plugin_category":[42,54],"plugin_contributors":[247977],"plugin_business_model":[],"class_list":["post-303491","plugin","type-plugin","status-publish","hentry","plugin_tags-anti-spam","plugin_tags-antispam","plugin_tags-cf7","plugin_tags-contact-form-7","plugin_tags-spam-protection","plugin_category-contact-forms","plugin_category-security-and-spam-protection","plugin_contributors-andreyberestov","plugin_committers-andreyberestov"],"banners":{"banner":"https:\/\/ps.w.org\/berestov-anti-spam-for-contact-form-7\/assets\/banner-772x250.png?rev=3535371","banner_2x":"https:\/\/ps.w.org\/berestov-anti-spam-for-contact-form-7\/assets\/banner-1544x500.png?rev=3535371","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/berestov-anti-spam-for-contact-form-7\/assets\/icon-128x128.png?rev=3535371","icon_2x":"https:\/\/ps.w.org\/berestov-anti-spam-for-contact-form-7\/assets\/icon-256x256.png?rev=3535371","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/berestov-anti-spam-for-contact-form-7\/assets\/screenshot-1.png?rev=3535371","caption":"Plugin settings page."}],"raw_content":"<!--section=description-->\n<p>Berestov Anti-spam for Contact Form 7 adds a lightweight, privacy-friendly anti-spam layer without modifying Contact Form 7 core files.<\/p>\n\n<p>Features:<\/p>\n\n<ul>\n<li>Layered anti-spam protection designed for real-world form traffic.<\/li>\n<li>Fresh protection data can be refreshed on rendered forms, which helps on cached pages.<\/li>\n<li>Front-end assets load only where protected forms are present.<\/li>\n<li>Optional diagnostic logging to the plugin log file.<\/li>\n<li>Built-in statistics for allowed and blocked requests.<\/li>\n<li>Optional WordPress comment protection module.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to the <code>\/wp-content\/plugins\/<\/code> directory.<\/li>\n<li>Activate the plugin through the <code>Plugins<\/code> screen in WordPress.<\/li>\n<li>Make sure Contact Form 7 is installed and active.<\/li>\n<li>Go to <code>Settings &gt; CF7 Anti-spam<\/code> and keep protection enabled.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20change%20contact%20form%207%20core%20files%3F\"><h3>Does this plugin change Contact Form 7 core files?<\/h3><\/dt>\n<dd><p>No. It integrates through hooks and front-end injection only.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20cached%20pages%3F\"><h3>Does it work with cached pages?<\/h3><\/dt>\n<dd><p>Yes. The script requests a fresh anti-spam challenge for rendered forms, so cached HTML is less likely to cause stale hidden values.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.35<\/h4>\n\n<ul>\n<li>Refined public request parsing to read only expected anti-spam fields.<\/li>\n<\/ul>\n\n<h4>1.0.34<\/h4>\n\n<ul>\n<li>Restored cached form challenge refresh support with allowlisted unit tags.<\/li>\n<\/ul>\n\n<h4>1.0.33<\/h4>\n\n<ul>\n<li>Restricted public request parsing to allowlisted anti-spam fields.<\/li>\n<\/ul>\n\n<h4>1.0.32<\/h4>\n\n<ul>\n<li>Addressed WordPress.org review feedback for admin assets, metadata, and output handling.<\/li>\n<li>Renamed the 24-hour statistics row for clarity.<\/li>\n<\/ul>\n\n<h4>1.0.31<\/h4>\n\n<ul>\n<li>Reduced implementation detail in admin and readme text and cleaned duplicate 1.0.30 entries.<\/li>\n<\/ul>\n\n<h4>1.0.30<\/h4>\n\n<ul>\n<li>Show statistics only for enabled protection modules.<\/li>\n<li>Unified legacy CF7 passed statistics with modern behavior.<\/li>\n<\/ul>\n\n<h4>1.0.29<\/h4>\n\n<ul>\n<li>Fixed WordPress comment protection token validation by switching comments and challenge refresh to the same shared anti-spam token store.<\/li>\n<\/ul>\n\n<h4>1.0.28<\/h4>\n\n<ul>\n<li>Fixed comment protection token handling to use the shared challenge token store.<\/li>\n<\/ul>\n\n<h4>1.0.27<\/h4>\n\n<ul>\n<li>Removed the hard dependency on Contact Form 7 so the comments module can be used independently.<\/li>\n<li>Refined the admin interface styling with cleaner native WordPress sections and reduced visual framing.<\/li>\n<\/ul>\n\n<h4>1.0.26<\/h4>\n\n<ul>\n<li>Refined the admin interface layout and visual styling for a cleaner native WordPress look.<\/li>\n<\/ul>\n\n<h4>1.0.25<\/h4>\n\n<ul>\n<li>Refined the settings UI and improved the statistics layout.<\/li>\n<\/ul>\n\n<h4>1.0.24<\/h4>\n\n<ul>\n<li>Improved comment-module debug logging and frontend loading hygiene.<\/li>\n<\/ul>\n\n<h4>1.0.23<\/h4>\n\n<ul>\n<li>Added optional WordPress comment protection module.<\/li>\n<li>Expanded protection statistics with today, 7-day, 30-day, and all-time ranges.<\/li>\n<li>Split protection statistics per module for Contact Form 7 and comments.<\/li>\n<\/ul>\n\n<h4>1.0.22<\/h4>\n\n<ul>\n<li>Improved legacy fork blocking and fallback challenge refresh when admin AJAX is restricted.<\/li>\n<li>Reduced duplicate challenge refresh requests and improved legacy spam response messaging.<\/li>\n<\/ul>\n\n<h4>1.0.18<\/h4>\n\n<ul>\n<li>Added a behavior marker layer for pointer, touch, and keyboard interaction.<\/li>\n<li>Added protection statistics for passed and blocked submissions.<\/li>\n<li>Fixed asset versioning so the front-end script version matches the current plugin version.<\/li>\n<\/ul>\n\n<h4>1.0.17<\/h4>\n\n<ul>\n<li>Improved admin hints for clarity and accuracy.<\/li>\n<\/ul>\n\n<h4>1.0.16<\/h4>\n\n<ul>\n<li>Adjusted minimum submission time window for better UX.<\/li>\n<\/ul>\n\n<h4>1.0.15<\/h4>\n\n<ul>\n<li>Improved REST compatibility and challenge handling.<\/li>\n<\/ul>\n\n<h4>1.0.12<\/h4>\n\n<ul>\n<li>Fixed compatibility with Contact Form 7 REST API submissions.<\/li>\n<\/ul>\n\n<h4>1.0.10<\/h4>\n\n<ul>\n<li>Added diagnostic logging system.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Protect Contact Form 7 and optionally WordPress comments with privacy-friendly anti-spam protection.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/303491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=303491"}],"author":[{"embeddable":true,"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/andreyberestov"}],"wp:attachment":[{"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=303491"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=303491"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=303491"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=303491"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=303491"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/de-ch.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=303491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}