چۈشەندۈرۈش
MentoGuard protects your WordPress forms from spam bots using behavioral analysis and server-side token verification — completely GDPR-compliant with no data sent to Google or any third party.
Currently supports Contact Form 7, with more form builders coming in future releases.
How It Works
MentoGuard uses three independent protection layers:
- Signed token — every form load generates a one-time server-side token. Bots submitting without loading the page are instantly blocked.
- Page time check — measures time between page load and submission entirely server-side. Bots submit in milliseconds; real users take seconds.
- Behavioral score — JavaScript tracks how the visitor interacts with the form (timing, mouse movement, keyboard vs paste, field order) and assigns a spam score.
Key Features
- GDPR compliant — zero external servers, zero Google, zero third parties
- Contact Form 7 native tag support — place [mentoguard] inside your CF7 form editor
- Scripts load only on pages with active forms — zero SEO or page speed impact on other pages
- Spam log dashboard — see every blocked submission with IP, score, and signals
- Top Spammers page — aggregate view of worst offenders with one-click blacklisting
- IP Blacklist — manually block IPs or CIDR ranges
- Test Mode — see live spam scores without blocking anyone
- Debug Log — step-by-step validation log for diagnosing issues
- Preset modes — Relaxed, Balanced, Strict
- Page time protection — configurable minimum time in seconds or milliseconds
- Fully adjustable — enable/disable each signal, adjust point values
- No tracking, no upsells, no phone-home
Privacy
MentoGuard reads your local WordPress database only. It logs the IP address and behavioral score of blocked submissions. No data is sent to any external server at any time.
Usage with Contact Form 7
Add [mentoguard] inside your CF7 form editor, before the submit button:
[text* your-name]
[email* your-email]
[mentoguard]
[submit «Send»]
ئورنىتىش
- Upload the mentoguard folder to /wp-content/plugins/
- Activate through the Plugins menu in WordPress
- Add [mentoguard] inside your CF7 form editor before the submit button
- Configure under MentoGuard > Settings
FAQ
-
Does MentoGuard work with Contact Form 7?
-
Yes. MentoGuard registers as a native CF7 form tag so [mentoguard] works directly inside the CF7 form editor.
-
Will it block real users by mistake?
-
MentoGuard uses a scoring system with multiple signals. Real users almost never reach the block threshold. Use Test Mode to verify on your site before going live.
-
Is it GDPR compliant?
-
Yes. No data leaves your server. Only blocked submissions are logged in your own WordPress database. Log retention is configurable.
-
Does it slow down my website?
-
No. Scripts load only on pages containing a CF7 form with [mentoguard]. All other pages are completely unaffected.
-
Will other form builders be supported?
-
Yes. The core engine is form-builder agnostic. Contact Form 7 is the first integration. More builders are planned for future releases.
-
What does the Debug Log do?
-
Enable Debug Mode in Settings, then submit a form. The Debug Log shows every validation step — which layer ran, what was found, and why the submission was allowed or blocked.
باھالاشلار
بۇ قىستۇرمىغا تېخى باھا يېزىلمىدى.
تۆھپىكار ۋە ئىجادكار
«MentoGuard: Behavioral Spam Blocker for Contact Forms» كودى ئوچۇق يۇمشاق دېتال. تۆۋەندىكى كىشىلەر بۇ قىستۇرمىغا تۆھپە قوشقان.
تۆھپىكار
«MentoGuard: Behavioral Spam Blocker for Contact Forms» نى تىلىڭىزغا تەرجىمە قىلىڭ
ئىجادىيەتكە قىزىقامسىز؟
كودقا كۆز يۈگۈرتۈپ، SVN خەزىنە تەكشۈرۈپ ياكى RSSئارقىلىق ئىجادىيەت خاتىرىسىگە مۇشتەرى بولغىلى بولىدۇ.
ئۆزگىرىش خاتىرىسى
1.8.0
- Fix: Plugin Check warnings — all database queries fully compliant
- Fix: Tested up to header mismatch between plugin file and readme.txt
- Fix: Emoji replaced with Dashicons throughout admin UI
- Fix: Score color in spam log — blocked entries now show orange/red, never green
- Fix: uninstall.php uses esc_sql() for DROP TABLE instead of %1s placeholder
- Fix: uninstall.php now cleans up debug log options
- Add: README.md for GitHub
- Change: Plugin name updated to MentoGuard: Behavioral Spam Blocker for Contact Forms
- Change: Plugin URI updated to https://mentotex.dev/mentoguard
- Change: Description updated to reflect support for all WordPress forms
1.7.2
- Fix: universal_validate() was consuming CF7 token before cf7_validate() could use it
- Fix: Added REQUEST_URI check to skip CF7 REST API requests in universal_validate()
- Fix: Added _wpcf7 POST field check as final safety net
1.7.1
- Add: Debug Mode with step-by-step validation logging
- Add: Debug Log admin page
- Add: Debug Mode toggle in Settings
- Fix: mg_score field missing detection improved
1.7.0
- Fix: CF7 uses REST API not Ajax — switched to wpcf7_spam filter
- Add: Token refresh after successful CF7 submission (no page reload needed)
- Fix: All Plugin Check warnings in logger resolved
- Fix: uninstall.php variables renamed with mentoguard_ prefix
1.6.0
- Add: IP Blacklist with CIDR range support
- Add: Top Spammers page with one-click blacklisting
- Add: Daily cron job for log retention purge
- Add: Bot test script updated for token system
1.5.0
- Fix: CF7 Ajax submissions now correctly validated
- Fix: All database queries use $wpdb->prepare()
- Fix: All $_GET/$_POST/$_SERVER reads include wp_unslash()
- Fix: Log filter form includes nonce verification
- Add: index.php silence files in all directories
- Add: languages/ folder with .pot file
1.4.0
- Add: Page time protection with configurable threshold
- Add: Seconds or milliseconds unit selection
- Add: Hard block or score-based action options
1.3.0
- Add: Signed one-time token system
- Add: JS bypass detection
1.2.0
- Remove: Captcha removed (to be reintroduced in future version)
- Fix: Server-side blocking now correctly reads threshold settings
- Fix: Score badge color logic
- Add: Bulk delete in Spam Logs
1.0.0
- Initial release