[WordPress] 外掛分享: VMS Elements Form Guard

首頁外掛目錄 › VMS Elements Form Guard
WordPress 外掛 VMS Elements Form Guard 的封面圖片
全新外掛
安裝啟用
尚無評分
7 天前
最後更新
問題解決
WordPress 6.0+ PHP 7.4+ v1.0.1 上架:2026-06-17

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.0.1) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「VMS Elements Form Guard」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

VMS Elements Form Guard is a comprehensive spam protection plugin that validates email domains, blocks disposable emails, and protects your forms from malicious submissions using multiple security layers.
VMS Elements Form Guard Pro adds Form Guard, Contact Guard, Subscribe Guard, AI summaries, email templates, and more.
Key Features
Core Protection

Disposable Email Detection – Block 10,000+ temporary/disposable email domains automatically
Email Domain Validation – Verify email domains have valid MX records and HTTPS
Real-time Validation – Instant feedback before form submission
Custom Whitelist – Always allow trusted domains
Custom Blocklist – Add your own blocked domains

Security API Integrations

Google Web Risk API – Enterprise-grade malware and phishing detection
VirusTotal Integration – Multi-engine domain scanning with support for multiple API keys
Google reCAPTCHA – Both v2 and v3 support for bot protection

AI-Powered Features

AI Spam Detection – Intelligent comment analysis using leading AI providers
AI Post Summaries – Auto-generate summaries for blog posts
AI Product Summaries – Auto-generate WooCommerce product summaries
Multiple AI Providers – OpenAI (GPT-4), Anthropic (Claude), Google Gemini, DeepSeek

Form Protection Guards

Contact Guard – Protect contact forms from spam
Subscribe Guard – Protect newsletter subscription forms
Registration Guard – Protect WordPress user registration
Login Guard – Protect login forms with validation
Comment Guard – Advanced comment spam protection with custom rules
Product Review Guard – Protect WooCommerce product reviews

Additional Features

Activity Dashboard – Monitor all validation events with analytics
Detailed Logging – Track every blocked attempt with reasons
Blocked Users Management – View and manage blocked users
Custom Error Messages – Customize all validation messages
Email Templates – Customizable notification emails
Translation Ready – Full internationalization support

Supported Forms
VMS Elements Form Guard works with any HTML form including:

Contact Form 7
WPForms
Gravity Forms
Ninja Forms
Formidable Forms
Newsletter Plugin
Mailchimp Forms
WooCommerce Forms
WordPress Registration
WordPress Comments
Any Custom HTML Form

How It Works

Install and Activate – Simple one-click installation
Add Form Mapping – Tell the plugin which forms to protect
Configure Validation – Choose your protection level
Automatic Protection – Forms are protected in real-time

API Keys (Optional)
Basic protection works without any API keys. For enhanced security:

Google Web Risk – Detect malware and phishing domains
VirusTotal – Multi-engine scanning (free tier: 500 requests/day)
AI Providers – Enable intelligent spam detection

Privacy & GDPR

Only email domains are processed for validation, not full email addresses (unless you enable features that require them).
Data is sent to third-party services only when you enter API keys and enable those features.
No personal data is stored on VMS Elements servers by default.
Full GDPR compliance depends on your configuration and privacy policy.

Privacy Policy
VMS Elements Form Guard does not collect, store, or send any data from your website on its own. Every outbound network call is opt-in and only happens after you explicitly configure the corresponding API key or feature in the plugin settings.
Third-party services used by this plugin
The plugin can connect to the following third-party services. Each one is only contacted when you actively enable the matching feature and provide the required API key:

Google Web Risk — Sends the email domain or URL hostname being validated to https://webrisk.googleapis.com/v1/uris:search. Requires your own Google API key. Terms of Service · Privacy Policy.
VirusTotal — Sends the email domain or URL hostname being validated to https://www.virustotal.com/api/v3/domains/. Requires your own VirusTotal API key. Terms of Service · Privacy Policy.
Google reCAPTCHA — Loaded only when you enable reCAPTCHA on a form. The visitor’s browser exchanges a verification token with https://www.google.com/recaptcha/. Terms · Privacy Policy.
OpenAI — Sends the message body being moderated to https://api.openai.com/v1/chat/completions. Requires your own OpenAI API key. Terms · Privacy Policy.
Anthropic — Sends the message body being moderated to https://api.anthropic.com/v1/messages. Requires your own Anthropic API key. Terms · Privacy Policy.
Google Gemini — Sends the message body being moderated to https://generativelanguage.googleapis.com/. Requires your own Gemini API key. Terms · Privacy Policy.
DeepSeek — Sends the message body being moderated to https://api.deepseek.com/chat/completions. Requires your own DeepSeek API key. Terms · Privacy Policy.
Amazon Bedrock — Sends the message body being moderated to the AWS Bedrock Runtime endpoint https://bedrock-runtime.{region}.amazonaws.com/model/{model}/invoke (the region and model are the ones you configure). Requires your own AWS access key, secret key, and model ID. Terms · Privacy Policy.

What data is sent
For each enabled service the plugin sends ONLY:

The domain part of the submitted email or the URL hostname, for reputation checks (Web Risk, VirusTotal).
The message text the visitor typed in a guarded textarea, for AI spam moderation (OpenAI, Anthropic, Gemini, DeepSeek, Amazon Bedrock). The chosen AI provider receives the body of the field plus a fixed system prompt.
The reCAPTCHA token generated by the visitor’s browser, for bot-protection verification (Google reCAPTCHA).

The plugin does NOT send the full submitted form, IP addresses, user accounts, or any other personal data to these third parties.
Data stored locally
The plugin writes only to the WordPress site database. The following tables and options may be created:

*_vms_elements_form_guard_whitelist_domains, *_vms_elements_form_guard_disposable_domains — Email-domain reputation lists you manage.
*_vms_elements_form_guard_logs — Validation events (domain, decision, timestamp). No personal data.
*_vms_elements_form_guard_api_keys — Encrypted copies of the API keys you entered.
*_vms_elements_form_guard_comment_enforcement — IP/user-ID strike counters for the optional Block User feature.
vefg-google-config, vefg-virustotal-config, vefg-ai-span-config, vefg-recaptcha-config, vefg-error-messages, vefg-registration-guard — Plugin settings.

All tables and options are removed when you uninstall the plugin.
Cookies
The plugin itself does not set any cookies. Google reCAPTCHA sets its own cookies when you enable it.
GDPR
Because every outbound request requires an administrator to first enable the matching feature and provide an API key, your site only becomes a “data processor” toward these third parties after you opt in. We recommend listing each enabled service in your site’s own privacy policy.
External services
This plugin relies on the following third-party / external services. Each service is contacted ONLY after a site administrator enables the matching feature and provides the required API key or credentials. Nothing is sent by default.

Google Web Risk — Used to detect malware and phishing domains. The email domain or URL hostname being validated is sent to https://webrisk.googleapis.com/v1/uris:search each time a guarded field is validated and this feature is enabled. Provided by Google. Terms of Service — Privacy Policy.

VirusTotal — Used for multi-engine domain reputation scanning. The email domain or URL hostname being validated is sent to https://www.virustotal.com/api/v3/domains/ each time a guarded field is validated and this feature is enabled. Provided by VirusTotal (Google). Terms of Service — Privacy Policy.

Google reCAPTCHA — Used for bot protection on guarded forms. When enabled, the visitor’s browser exchanges a verification token with https://www.google.com/recaptcha/. Provided by Google. Terms of Service — Privacy Policy.

OpenAI — Used for AI spam moderation. The message text typed in a guarded field is sent to https://api.openai.com/v1/chat/completions when AI moderation is enabled with this provider. Provided by OpenAI. Terms of Use — Privacy Policy.

Anthropic — Used for AI spam moderation. The message text typed in a guarded field is sent to https://api.anthropic.com/v1/messages when AI moderation is enabled with this provider. Provided by Anthropic. Terms — Privacy Policy.

Google Gemini — Used for AI spam moderation. The message text typed in a guarded field is sent to https://generativelanguage.googleapis.com/ when AI moderation is enabled with this provider. Provided by Google. Terms — Privacy Policy.

DeepSeek — Used for AI spam moderation. The message text typed in a guarded field is sent to https://api.deepseek.com/chat/completions when AI moderation is enabled with this provider. Provided by DeepSeek. Terms — Privacy Policy.

Amazon Bedrock — Used for AI spam moderation. The message text typed in a guarded field is sent to the AWS Bedrock Runtime endpoint https://bedrock-runtime.{region}.amazonaws.com/model/{model}/invoke (region and model are the ones you configure) when AI moderation is enabled with this provider. Provided by Amazon Web Services. Service Terms — Privacy Policy.

延伸相關外掛

文章
Filter
Mastodon