New: Optional AbuseIPDB integration — enter your free API key in Settings to check submitter IPs against a global abuse database; results cached 1 hour per IP; IPs scoring ≥ 90 are auto-blacklisted
Improved: Disposable email detection expanded from 6 to 200+ known temporary mail domains (Mailinator, Guerrilla Mail, 10MinuteMail, YopMail, and hundreds of variants)
Improved: Rate limiting now enforces three thresholds — submissions less than 30 seconds apart, more than 20 per hour, or more than 50 per day from the same IP are blocked
Improved: Content spam detection expanded — 60+ spam domains (URL shorteners, gambling, crypto, adult, SEO spam) and 50+ spam phrases (money, lottery, health, social media)
Improved: Behavioral JS pre-check now actively blocks form submissions — score stored in a short-lived transient and read by the server-side validator on every form submit
Fixed: Duplicate comment spam check removed — FormShieldSpamProtection was running preprocess_comment in parallel with FormShieldWPCommentsIntegration, causing potential double-blocking
Fixed: find_*_page() methods no longer load all posts (get_posts(-1)) — capped at 50 posts with 5-minute object cache
Fixed: WPForms integration was computing $entry_count but always passing 0 to the dashboard counter
Fixed: Happy Forms enable_forms() used object notation ($form->ID) on array data — fixed to $form[‘ID’]
Fixed: WS Form get_forms() mixed array/object access for count_submit; enable_forms() passed wrong number of arguments to db_read_all()
Fixed: Honeypot check added to Ninja Forms, Elementor, WeForms, and Quform integrations (previously missing in these four)
1.1.7
Reworked anti-bot engine to reduce false positives: removed behavioral confidence scoring and switched to deterministic checks
Added content-based spam validation for all protected integrations (custom blacklist/whitelist, multi-URL detection, built-in spam phrases/domains)
Added custom spam filter controls in Settings: “Blocked Keywords / Domains” and “Safe Words / Whitelist”
Added automatic whitelist for the site’s own domain to prevent false blocking of internal links
Improved Contact Form 7 reliability: canonical numeric form IDs, legacy slug migration, robust badge rendering, and stronger honeypot handling (fs_hp_*)
Disabled Divi 4/5 integration while in development to avoid exposing unfinished protection flows
1.1.6
Fixed plugin loading issue – removed blocking directory validation checks that prevented plugin from loading
Fixed Settings link in plugin list – now correctly points to Settings page
Improved admin menu initialization – added safety checks to ensure menu displays correctly
All spam blocking features from 1.1.5 are working correctly
1.1.5
MAJOR SECURITY UPDATE: Real spam blocking for Divi Contact Forms – spam submissions are now completely blocked instead of just flagged
MAJOR SECURITY UPDATE: Real spam blocking for WordPress Comments – spam comments are now completely blocked with error message instead of just marked as spam
Added instant block patterns for YouTube shorts links and marketing spam combinations
Enhanced Divi form protection with server-side hooks for complete spam blocking
Improved JavaScript form interception – now blocks submission and waits for server validation
Added instant block detection for “затруднявате се” + URL combinations
Enhanced comment spam protection with instant block patterns matching Divi protection
Added more short URL service detection (rb.gy, cutt.ly, tiny.cc, surl.li)
Improved marketing keyword detection in Bulgarian and English
Comments with spam patterns now show error message to user instead of silently going to spam folder
Updated WordPress compatibility to 6.9 (tested and verified)
Fixed issue where spam submissions were flagged but still sent via email
1.1.4
Improved Divi Contact Form spam protection with enhanced detection patterns
Added detection for short URL services (ow.ly, bit.ly) in Divi form submissions
Enhanced marketing keyword detection for AI-driven spam and promotional content
Added YouTube shorts link detection for Divi forms
Improved spam scoring system with combination penalties (URL + marketing text)
Lowered spam threshold from 50 to 40 for more aggressive protection
Fixed badge duplication issue – badges now display only once per form
Fixed badge display for Divi forms using correct form identification format
Added multilingual support for all badge texts
Added multilingual support for scanner description texts
1.1.3
Fixed WooCommerce compatibility issue – FormShield no longer blocks WooCommerce forms
Fixed “Sorry, we could not process your submission” error on WooCommerce pages
FormShield now properly excludes WooCommerce forms until official integration is added
1.1.2
Significantly improved comment spam detection for marketing spam
Added detection for YouTube links (especially shorts) in comments
Enhanced marketing keyword detection (AI, traffic, clients, advertising in English and Bulgarian)
Improved spam scoring for marketing phrases combined with URLs
Added immediate spam flagging for short URL services (ow.ly, bit.ly, etc.)
Better detection of promotional content with links
Fixed false negatives for marketing spam comments
1.1.1
Enhanced WordPress comments spam protection with improved detection patterns
Added automatic spam detection for URL-only comments and short URL services
Lowered spam threshold for comments (50 instead of 70) for more aggressive protection
Added separate option to completely disable comments site-wide
Added option to enable/disable comment spam protection independently
Improved comment spam scoring system with better pattern matching
Comments can now be disabled globally from settings (posts, pages, images, all content types)
Enhanced comment protection with immediate spam flagging for obvious spam patterns
1.1.0
Added advanced spam scoring and filtering system for Divi Contact Forms
Introduced developer hooks (filters & actions) for full customization and integrations
Added formshield_divi_custom_score_delta filter for extending spam scoring logic
Added granular filters to modify spam patterns, behavioral data, scores, and thresholds
Added action hooks for suspicious and legitimate submissions, enabling CRM and logging integrations
Improved duplicate Divi form detection using post ID and form ID
Enhanced deduplication logic to prevent the same form from being detected multiple times
Added configurable suspicion and email notification thresholds
Improved internal architecture for better extensibility and future integrations
1.0.2-beta
Added Location column to show where forms are detected (pages, posts, etc.)
Enhanced form location tracking for better visibility
Improved table layout and responsive design
1.0.1-beta
Enhanced Divi Contact Form detection
Specialized scanning for Divi 4 and Divi 5
REST API endpoints for form detection
WP-CLI support for command line scanning
Admin rescan button with real-time results
Improved caching and performance
Better error handling and logging
1.0.1
Fixed Contact Form 7 badge display issue
Improved form ID matching for slug-based forms
Fixed JavaScript syntax error in badge generation
Removed debug logging for cleaner console output
Enhanced badge compatibility with different CF7 form configurations
