{"id":318796,"date":"2026-05-29T18:44:18","date_gmt":"2026-05-29T18:44:18","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/mentoguard-behavioral-spam-blocker-for-contact-forms\/"},"modified":"2026-05-29T18:43:55","modified_gmt":"2026-05-29T18:43:55","slug":"mentoguard","status":"publish","type":"plugin","link":"https:\/\/ug.wordpress.org\/plugins\/mentoguard\/","author":6389499,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.8.5","stable_tag":"1.8.5","tested":"7.0","requires":"6.0","requires_php":"8.0","requires_plugins":null,"header_name":"MentoGuard: Behavioral Spam Blocker for Contact Forms","header_author":"MentoTex","header_description":"GDPR-friendly behavioral spam protection for WordPress forms. No Google. No external servers. Zero page speed impact. Currently supports Contact Form 7.","assets_banners_color":"","last_updated":"2026-05-29 18:43:55","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/mentotex.dev\/mentoguard","header_author_uri":"https:\/\/mentotex.dev","rating":0,"author_block_rating":0,"active_installs":0,"downloads":11,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.8.5":{"tag":"1.8.5","author":"hbakhtiari","date":"2026-05-29 18:43:55"}},"upgrade_notice":{"1.8.0":"

Important fixes: Plugin Check compliance, score colors, emoji removed from admin UI. Recommended update for all users.<\/p>"},"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.8.5"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Dashboard with spam statistics and recent blocked submissions","2":"Settings page with signal controls, presets, and page time protection","3":"Spam log table with filters and bulk delete","4":"Top Spammers page with one-click blacklisting"}},"plugin_section":[],"plugin_tags":[2656,166108,358,131785,599],"plugin_category":[42,54],"plugin_contributors":[261768,263797],"plugin_business_model":[],"class_list":["post-318796","plugin","type-plugin","status-publish","hentry","plugin_tags-anti-spam","plugin_tags-bot-protection","plugin_tags-contact-form","plugin_tags-gdpr","plugin_tags-spam","plugin_category-contact-forms","plugin_category-security-and-spam-protection","plugin_contributors-hbakhtiari","plugin_contributors-mentotex","plugin_committers-hbakhtiari"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/mentoguard.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"\n

MentoGuard protects your WordPress forms from spam bots using behavioral analysis and server-side token verification \u2014 completely GDPR-compliant with no data sent to Google or any third party.<\/p>\n\n

Currently supports Contact Form 7<\/strong>, with more form builders coming in future releases.<\/p>\n\n

How It Works<\/h4>\n\n

MentoGuard uses three independent protection layers:<\/p>\n\n

    \n
  1. Signed token<\/strong> \u2014 every form load generates a one-time server-side token. Bots submitting without loading the page are instantly blocked.<\/li>\n
  2. Page time check<\/strong> \u2014 measures time between page load and submission entirely server-side. Bots submit in milliseconds; real users take seconds.<\/li>\n
  3. Behavioral score<\/strong> \u2014 JavaScript tracks how the visitor interacts with the form (timing, mouse movement, keyboard vs paste, field order) and assigns a spam score.<\/li>\n<\/ol>\n\n

    Key Features<\/h4>\n\n
      \n
    • GDPR compliant \u2014 zero external servers, zero Google, zero third parties<\/li>\n
    • Contact Form 7 native tag support \u2014 place [mentoguard] inside your CF7 form editor<\/li>\n
    • Scripts load only on pages with active forms \u2014 zero SEO or page speed impact on other pages<\/li>\n
    • Spam log dashboard \u2014 see every blocked submission with IP, score, and signals<\/li>\n
    • Top Spammers page \u2014 aggregate view of worst offenders with one-click blacklisting<\/li>\n
    • IP Blacklist \u2014 manually block IPs or CIDR ranges<\/li>\n
    • Test Mode \u2014 see live spam scores without blocking anyone<\/li>\n
    • Debug Log \u2014 step-by-step validation log for diagnosing issues<\/li>\n
    • Preset modes \u2014 Relaxed, Balanced, Strict<\/li>\n
    • Page time protection \u2014 configurable minimum time in seconds or milliseconds<\/li>\n
    • Fully adjustable \u2014 enable\/disable each signal, adjust point values<\/li>\n
    • No tracking, no upsells, no phone-home<\/li>\n<\/ul>\n\n

      Privacy<\/h4>\n\n

      MentoGuard reads your local WordPress database only. It logs the IP address and behavioral score of blocked submissions. No data is sent to any external server at any time.<\/p>\n\n

      Usage with Contact Form 7<\/h4>\n\n

      Add [mentoguard] inside your CF7 form editor, before the submit button:<\/p>\n\n

      [text* your-name]\n[email* your-email]\n[mentoguard]\n[submit \"Send\"]<\/p>\n\n\n

        \n
      1. Upload the mentoguard folder to \/wp-content\/plugins\/<\/li>\n
      2. Activate through the Plugins menu in WordPress<\/li>\n
      3. Add [mentoguard] inside your CF7 form editor before the submit button<\/li>\n
      4. Configure under MentoGuard > Settings<\/li>\n<\/ol>\n\n\n
        \n

        Does MentoGuard work with Contact Form 7?<\/h3><\/dt>\n

        Yes. MentoGuard registers as a native CF7 form tag so [mentoguard] works directly inside the CF7 form editor.<\/p><\/dd>\n

        Will it block real users by mistake?<\/h3><\/dt>\n

        MentoGuard uses a scoring system with multiple signals. Real users almost never reach the block threshold. Use Test Mode to verify on your site before going live.<\/p><\/dd>\n

        Is it GDPR compliant?<\/h3><\/dt>\n

        Yes. No data leaves your server. Only blocked submissions are logged in your own WordPress database. Log retention is configurable.<\/p><\/dd>\n

        Does it slow down my website?<\/h3><\/dt>\n

        No. Scripts load only on pages containing a CF7 form with [mentoguard]. All other pages are completely unaffected.<\/p><\/dd>\n

        Will other form builders be supported?<\/h3><\/dt>\n

        Yes. The core engine is form-builder agnostic. Contact Form 7 is the first integration. More builders are planned for future releases.<\/p><\/dd>\n

        What does the Debug Log do?<\/h3><\/dt>\n

        Enable Debug Mode in Settings, then submit a form. The Debug Log shows every validation step \u2014 which layer ran, what was found, and why the submission was allowed or blocked.<\/p><\/dd>\n\n<\/dl>\n\n\n

        1.8.0<\/h4>\n\n
          \n
        • Fix: Plugin Check warnings \u2014 all database queries fully compliant<\/li>\n
        • Fix: Tested up to header mismatch between plugin file and readme.txt<\/li>\n
        • Fix: Emoji replaced with Dashicons throughout admin UI<\/li>\n
        • Fix: Score color in spam log \u2014 blocked entries now show orange\/red, never green<\/li>\n
        • Fix: uninstall.php uses esc_sql() for DROP TABLE instead of %1s placeholder<\/li>\n
        • Fix: uninstall.php now cleans up debug log options<\/li>\n
        • Add: README.md for GitHub<\/li>\n
        • Change: Plugin name updated to MentoGuard: Behavioral Spam Blocker for Contact Forms<\/li>\n
        • Change: Plugin URI updated to https:\/\/mentotex.dev\/mentoguard<\/li>\n
        • Change: Description updated to reflect support for all WordPress forms<\/li>\n<\/ul>\n\n

          1.7.2<\/h4>\n\n
            \n
          • Fix: universal_validate() was consuming CF7 token before cf7_validate() could use it<\/li>\n
          • Fix: Added REQUEST_URI check to skip CF7 REST API requests in universal_validate()<\/li>\n
          • Fix: Added _wpcf7 POST field check as final safety net<\/li>\n<\/ul>\n\n

            1.7.1<\/h4>\n\n
              \n
            • Add: Debug Mode with step-by-step validation logging<\/li>\n
            • Add: Debug Log admin page<\/li>\n
            • Add: Debug Mode toggle in Settings<\/li>\n
            • Fix: mg_score field missing detection improved<\/li>\n<\/ul>\n\n

              1.7.0<\/h4>\n\n
                \n
              • Fix: CF7 uses REST API not Ajax \u2014 switched to wpcf7_spam filter<\/li>\n
              • Add: Token refresh after successful CF7 submission (no page reload needed)<\/li>\n
              • Fix: All Plugin Check warnings in logger resolved<\/li>\n
              • Fix: uninstall.php variables renamed with mentoguard_ prefix<\/li>\n<\/ul>\n\n

                1.6.0<\/h4>\n\n
                  \n
                • Add: IP Blacklist with CIDR range support<\/li>\n
                • Add: Top Spammers page with one-click blacklisting<\/li>\n
                • Add: Daily cron job for log retention purge<\/li>\n
                • Add: Bot test script updated for token system<\/li>\n<\/ul>\n\n

                  1.5.0<\/h4>\n\n
                    \n
                  • Fix: CF7 Ajax submissions now correctly validated<\/li>\n
                  • Fix: All database queries use $wpdb->prepare()<\/li>\n
                  • Fix: All $_GET\/$_POST\/$_SERVER reads include wp_unslash()<\/li>\n
                  • Fix: Log filter form includes nonce verification<\/li>\n
                  • Add: index.php silence files in all directories<\/li>\n
                  • Add: languages\/ folder with .pot file<\/li>\n<\/ul>\n\n

                    1.4.0<\/h4>\n\n
                      \n
                    • Add: Page time protection with configurable threshold<\/li>\n
                    • Add: Seconds or milliseconds unit selection<\/li>\n
                    • Add: Hard block or score-based action options<\/li>\n<\/ul>\n\n

                      1.3.0<\/h4>\n\n
                        \n
                      • Add: Signed one-time token system<\/li>\n
                      • Add: JS bypass detection<\/li>\n<\/ul>\n\n

                        1.2.0<\/h4>\n\n
                          \n
                        • Remove: Captcha removed (to be reintroduced in future version)<\/li>\n
                        • Fix: Server-side blocking now correctly reads threshold settings<\/li>\n
                        • Fix: Score badge color logic<\/li>\n
                        • Add: Bulk delete in Spam Logs<\/li>\n<\/ul>\n\n

                          1.0.0<\/h4>\n\n
                            \n
                          • Initial release<\/li>\n<\/ul>","raw_excerpt":"GDPR-friendly behavioral spam protection for WordPress forms. No Google. No external servers. Zero page speed impact.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/318796","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=318796"}],"author":[{"embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/hbakhtiari"}],"wp:attachment":[{"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=318796"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=318796"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=318796"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=318796"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=318796"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/ug.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=318796"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}