=== SolverGuard Spam Shield ===
Contributors:      solverwp
Tags:              anti-spam, spam, honeypot, recaptcha, comment-spam
Requires at least: 5.8
Tested up to:      7.0
Requires PHP:      7.4
Stable tag:        1.0.2
License:           GPLv2 or later
License URI:       https://www.gnu.org/licenses/gpl-2.0.html

Powerful multi-layered anti-spam protection for Contact Form 7 — honeypot, time check, IP blocker, keyword filter, rate limiter, and reCAPTCHA v3.

== Description ==

**Anti-Spam Protection** adds six independent spam-fighting layers to every Contact Form 7 form on your site — plus a dedicated multi-layered comment spam protection system — with zero shortcodes and zero form editing required.

= CF7 Form Protection =

* **🍯 Honeypot** — Invisible field traps bots that fill in every input.
* **⏱ Time-Based Check** — Blocks submissions that arrive too fast (bots) or from stale sessions.
* **🚫 IP Blocker** — Block individual IPs or entire CIDR ranges (e.g. `10.0.0.0/8`).
* **🔤 Keyword Filter** — Case-insensitive keyword/phrase matching across all submitted fields.
* **📈 Rate Limiter** — Caps submissions per IP within a configurable sliding time window.
* **🤖 reCAPTCHA v3** — Silent Google reCAPTCHA v3 score-based blocking (no checkbox).

= Comment Spam Protection =

* **🍯 Comment Honeypot** — Hidden field injected into every comment form.
* **⏱ Comment Time Check** — Blocks comments submitted too quickly or from expired sessions.
* **🚫 IP Blocking** — Reuses the shared blocked-IP list automatically.
* **📈 Comment Rate Limiter** — Separate per-IP comment rate limiting.
* **🔤 Comment Keywords** — Global keyword list + comment-specific blocked phrases.
* **🔗 Link Count Limit** — Block comments containing too many hyperlinks.
* **📧 Email Domain Blocking** — Block comments from disposable/spam email domains.
* **🤖 User-Agent Filtering** — Block known spam bot user-agents; optionally block empty UA.
* **⏳ Hold Comments With URL** — Sends author-URL comments to moderation automatically.
* **🌐 REST API Protection** — All checks also apply to Gutenberg/headless REST submissions.

= Features =

* Works automatically with all CF7 forms — no per-form setup needed.
* Every module can be individually enabled or disabled.
* Detailed spam log with IP, form ID, and blocking reason.
* Automatic log cleanup based on configurable retention period.
* Settings link directly on the Plugins page.
* 100% WordPress Coding Standards compliant.


== External Services ==

This plugin optionally integrates with Google reCAPTCHA v3 for spam scoring on Contact Form 7 form submissions. This feature is **disabled by default** and must be explicitly enabled by the site administrator by entering their own reCAPTCHA site and secret keys.

**What is it used for?**
Google reCAPTCHA v3 silently scores form submissions to determine whether they are likely from a bot or a human.

**What data is sent and when?**
When reCAPTCHA is enabled, the following data is sent to Google's servers at the time of a form submission:
- The reCAPTCHA response token generated in the visitor's browser.
- The visitor's IP address.

**No data is sent to Google if the reCAPTCHA module is disabled.**

**Service details:**
- Service: Google reCAPTCHA v3
- Provider: Google LLC
- Terms of Service: https://policies.google.com/terms
- Privacy Policy: https://policies.google.com/privacy

== Installation ==

1. Upload the `solverguard-spam-shield` folder to `/wp-content/plugins/`.
2. Activate the plugin from **Plugins → Installed Plugins**.
3. Go to **Anti-Spam Protection → Settings** to configure each module.

== Frequently Asked Questions ==

= Does this work with all CF7 forms automatically? =

Yes. All protection layers are applied globally to every CF7 form without any per-form configuration.

= How do I use reCAPTCHA v3? =

1. Go to [Google reCAPTCHA admin console](https://www.google.com/recaptcha/admin).
2. Register a new site with **reCAPTCHA v3**.
3. Copy your **Site Key** and **Secret Key** into the plugin settings.
4. Enable reCAPTCHA v3 and set your score threshold.

= Can I block entire countries? =

You can block CIDR ranges in the IP Blocker tab. For country-level blocking, combine this with a Cloudflare firewall rule or similar service.

== Changelog ==

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.0 =
Initial release.
