內容簡介
LukaCodes AntiSpam Shield 是一款輕量級的 WordPress 外掛,專為保護評論區和聯絡表單免受垃圾郵件攻擊而設計。透過五個獨立工具,提供簡單的設定頁面,讓使用者輕鬆管理防垃圾郵件功能。
【主要功能】
• 移除網址欄位:從評論表單中移除網址欄位
• 自動去除連結:自動刪除評論中的所有超連結
• reCAPTCHA v3:無需勾選或解謎的隱形保護
• Cloudflare Turnstile:隱私友好的 CAPTCHA 替代方案
• 登入與註冊保護:為登入和註冊表單添加 CAPTCHA
• WPForms 整合:將 CAPTCHA 保護應用於 WPForms Lite
外掛標籤
開發者團隊
原文外掛簡介
LukaCodes AntiSpam Shield is a lightweight, no-bloat plugin that protects your WordPress comment section and contact forms from spam. Five independent tools, one settings page. Read the full documentation.
Disable Website Field — Removes the URL/website field from the comment form. Works with all themes, including those that hardcode the field (CSS fallback included).
Strip Links from Comments — Automatically removes all hyperlinks from comment content — both on display and before saving to the database. Spammers get zero benefit from posting links.
reCAPTCHA v3 — Adds Google’s invisible bot-score protection. No checkbox, no puzzle, no friction for real users. Bots are silently blocked server-side.
Cloudflare Turnstile — A privacy-friendly CAPTCHA alternative. Mutually exclusive with reCAPTCHA v3 — enabling one automatically disables the other.
Login Shield — Adds CAPTCHA to the WordPress login form (wp-login.php). Stops brute-force bots silently.
Registration Shield — Adds CAPTCHA to the WordPress registration form. Blocks bot account creation.
WPForms Integration — Apply the same CAPTCHA protection to WPForms Lite — using the same keys you already configured, no extra setup.
All features are independent — enable only what you need.
Login & Registration Shield
Version 1.1.2 adds CAPTCHA protection to wp-login.php:
Login Shield — Hooks into wp_authenticate_user for server-side verification after credentials are checked. Returns a WP_Error if CAPTCHA fails — WordPress displays it as a normal login error.
Registration Shield — Hooks into registration_errors to add CAPTCHA validation during registration. Works alongside all other WordPress registration validations.
Both are independently togglable in the settings panel. Admins already logged in are never affected.
WPForms Integration
Version 1.1.0 introduces CAPTCHA protection for WPForms Lite:
Hooks into wpforms_display_submit_before to inject the CAPTCHA widget before the submit button.
Hooks into wpforms_process for server-side token verification.
Works with both reCAPTCHA v3 (invisible) and Cloudflare Turnstile (visible widget).
Note: WPForms Pro includes its own native CAPTCHA integration — this feature is intended for WPForms Lite users only.
Why AntiSpam Shield?
Most anti-spam plugins are heavy, require accounts, or add ugly CAPTCHAs. LukaCodes AntiSpam Shield is different:
~30 KB total — no external libraries, no jQuery dependency
Settings page with live key testing — verify your reCAPTCHA or Turnstile keys before enabling
Link stripping preview — paste any comment text and see exactly what gets removed
Graceful fallback: if Google’s or Cloudflare’s API is unreachable, comments are held for moderation (never lost)
Trusted users (administrators) bypass CAPTCHA checks automatically
Mutual exclusion: reCAPTCHA v3 and Cloudflare Turnstile cannot be active at the same time
WP Coding Standards compliant — fully escaped output, nonce-protected AJAX
reCAPTCHA v3 — How it works
When a visitor submits a form, JavaScript silently requests a score token from Google. The token is sent with the submission and verified server-side against your minimum score threshold (configurable from 0.1 to 1.0). No user interaction required.
Cloudflare Turnstile — How it works
A Turnstile widget is rendered inside the form. When the visitor completes the challenge, a token is submitted and verified server-side against the Cloudflare API.
Third-Party Services
This plugin optionally uses the following third-party services:
Google reCAPTCHA v3
A service provided by Google LLC.
What it does: Detects bots and spam on your comment form and contact forms without user interaction.
When data is sent: Only when reCAPTCHA v3 is enabled. A token is sent to https://www.google.com/recaptcha/api/siteverify on each form submission.
What data is sent: The visitor’s IP address and a reCAPTCHA token.
Google Privacy Policy: https://policies.google.com/privacy
Google Terms of Service: https://policies.google.com/terms
Cloudflare Turnstile
A service provided by Cloudflare, Inc.
What it does: Presents a privacy-friendly CAPTCHA widget on comment and contact forms.
When data is sent: Only when Cloudflare Turnstile is enabled. A token is sent to https://challenges.cloudflare.com/turnstile/v0/siteverify on each form submission.
What data is sent: The visitor’s IP address and a Turnstile token.
Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/
Cloudflare Terms of Service: https://www.cloudflare.com/website-terms/
Both services are entirely optional. If you do not enter API keys or enable either CAPTCHA, no data is sent to any third party.
