Plugin Directory

Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms

Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms



Stop spam emails, spam comments, spam registration, and spam bots and spammers in general. Run diagnostic tests, view activity, and much more with this well-maintained, mature plugin.

Stop Spammers adds security that should kill off many of your spam worries straight out-of-the-box. Because every website is different (especially if you have integrated a payment gateway), we offer dozens of features you can leverage to meet your website’s specific needs. Our 50+ configuration options make personalization easy.


Extremely granular control, so that any variety of website can create a special custom cocktail just for their particular spam issues:

  • Block suspicious behavior
  • Block spam words, disposable emails, URL shortener links, all URLs TLDs and more
  • Connect third-party spam defense services
  • Block countries
  • Block/allow IPs, emails, and usernames manually
  • Hide admin notices permanently
  • Allow users to request access and send email when allow list request is approved
  • Members-only mode
  • Core forms CAPTCHA
  • Mass lookup and disable registered users and pending comments
  • Disable WordPress automated emails

We sincerely thank everyone who has contributed to the project through donations, feedback, and bug reporting. Every little bit goes a long way.



The most powerful spam prevention for WordPress: 50+ spam-blocking settings, dianostic testing, log reports, and much more.

Go to Plugins > Add New from your WP admin menu, search for Stop Spammers, install, and activate.


  1. Download the plugin and unzip it.
  2. Upload the plugin folder to your wp-content/plugins folder.
  3. Activate the plugin from the plugins page in the admin.


Can I use Stop Spammers with Cloudflare?

Yes. But, you may need to restore visitor IPs: https://support.cloudflare.com/hc/sections/200805497-Restoring-Visitor-IPs.

Can I use Stop Spammers with WooCommerce (and other ecommerce plugins)?

Yes. But, in some configurations, you may need to go to Stop Spammers > Protection Options > Toggle on the option for “Only Use the Plugin for Standard WordPress Forms” > Save if you’re running into any issues.

Can I use Stop Spammers with Akismet?

Yes. Stop Spammers can even check Akismet for an extra layer of protection.

Can I use Stop Spammers with Jetpack?

Yes and no. You can use all Jetpack features except for Jetpack Protect, as it conflicts with Stop Spammers.

Can I use Stop Spammers with Wordfence (and other spam and security plugins)?

Yes. The two can compliment each other. However, if you have only a small amount of hosting resources (mainly memory) or aren’t even allowing registration on your website, using both might be overkill.

Why is 2FA failing?

Toggle off the “Check Credentials on All Login Attempts” option and try again.

Is Stop Spammers GDPR-compliant?

Yes. See: https://law.stackexchange.com/questions/28603/how-to-satisfy-gdprs-consent-requirement-for-ip-logging. Stop Spammers does not collect any data for any other purpose (like marketing or tracking). It is purely for legitimate security purposes only. Additionally, if any of your users ever requested it, all data can be deleted.


May 28, 2024
Our website stopped working for everyone.By turning all plugins off and on one by one we found the culprit.We use this free version plugin, it asks for money with a big message on all pages, covering most of the window, impossible to close. If you click “Close” it takes you to its page.We closed this message by clicking “Always Hide” and, not immediately, found our site not working with:”This feature is temporarily banned for security reasons. Please try again to log in.” After deactivating this plugin everything returned to normal. We do not have time to investigate. Please know. Translated with www.DeepL.com/Translator (free version)
May 26, 2024
I’ve tested many captcha plugins and services, but my site has many many spam registrations. After installing this plugin, my spam registrations reduced to zero. Thanks to developers
May 24, 2024
Stop SPAM did not work!  I mean I spent some time thinking that it might but I still received spammers hitting my site.  The layout is great and simple to use which I liked but when something doesn’t work it just is of no use!  I finally went to the top of the line blockers and had to install a database and upgrade my php data base from 7.4 to 8.0.   Yea a lot more work to do but it works great and I mean the top of the line blocker works.  Look at the reviews for the best blocker and try it too.  Lots more work to do but in the end, it works.   However this Stop SPAM needs more work to do as it has nice features but it does not work.  
May 15, 2024
This yet another big Fail of plugins on Wordpress. Why have a feature that is supposed to restrict countries when it does not work. Block USA and all the spammers come from USA, Block Turkey and they keep coming. This has not decreased any hacker traffic to my website.
April 25, 2024 1 reply
I paid for the premium plugin and in less than a month they’re gone. The website is different and redirects to calculator.io They could have at least had the decency to give a heads up they were shutting down. You don’t cut and run like that.
Read all 242 reviews

Contributors & Developers

“Anti-Spam: Spam Protection | Block Spam Users, Comments, Forms” is open source software. The following people have contributed to this plugin.


Change log


  • [Fix] Documentation has been restored (but probably needs work https://github.com/bhadaway/stop-spammers/wiki)


  • [Fix] AJAX script JSON error handling
  • [New] Added version numbering to enqueued script and style files


  • [Enhanced] Security


  • [Notice] New owner (https://github.com/bhadaway/stop-spammers/issues/188)
  • [Notice] Premium has been discontinued
  • [Notice] HiveMind API has been discontinued


  • [Notice] We’re making a big push to audit Stop Spammers — now’s the time to jump in if you know how to code and can contribute fixes: https://github.com/bhadaway/stop-spammers.


  • [Notice] We’re making a big push to audit Stop Spammers — now’s the time to jump in if you know how to code and can contribute fixes: https://github.com/bhadaway/stop-spammers.


  • [Update] readme


  • [Fix] Arithmetic captcha


  • [Update] Toggle hotfix


  • [New] Check for any URL posted in a comment


  • [New] User filter/lookup to find spam registrations based on email top level domain, where first name = last name, and comment history
  • [New] Mass disable users
  • [New] Mass delete pending comments


  • [New] Disable WordPress admin email notifications


  • [Fix] Escape code


  • [Enhanced] Security


  • [Enhanced] Security


  • [Update] Thank you message


  • [New] Add IP addresses from comments to allow or block list
  • [Update] Thank you message


  • [Fix] JavaScript error


  • [Update] Allowing users with older versions of PHP to upgrade


  • [New] Fundraising campaign


  • [New] HiveMindᴮᴱᵀᴬ — A community IP block list (limited)
  • [Fix] CAPTCHAs


  • [Fix] PHP 8 error


  • [New] Enable CAPTCHA on WordPress core forms


  • [Enhanced] Security


  • [New] hCaptcha integration


  • [New] Allow Square


  • [Fix] Checking for periods in emails
  • [Fix] jQuery error


  • [Fix] Network toggle fix
  • [Fix] Design issue with icons on some browsers


  • [Update] Cloudflare IPs
  • [Fix] SFS report


  • [Fix] Minor fixes


  • [Fix] Settings fix


  • [Enhanced] Security


  • [Enhanced] Security


  • [Update] UI improvements
  • [Enhanced] Notification Control feature
  • [Fix] Math question


  • [Update] PayPal IPs
  • [Enhanced] Cleanup


  • [New] Notification Control feature
  • [New] Sortable registered date column on Users page
  • [Enhanced] Security
  • [Enhanced] Code audit and cleanup


  • [Fix] Email fix


  • [Fix] SFS report fix


  • [Fix] Error fixes


  • [Fix] Login issue


  • [New] Strings are now translation-ready
  • [Update] UI improvements
  • [Update] Safety checks for WooCommerce
  • [Enhanced] When approving allow requests, the email address is now whitelisted
  • [Enhanced] Code audit and cleanup
  • [Fix] “Clear the Requests” toggles off other settings
  • [Fix] Too many periods feature


  • [Update] Third-party service IP lists


  • [New] Private mode feature
  • [Update] UI improvements
  • [Enhanced] Too many periods feature
  • [Enhanced] Emails are now off by default (to avoid potential issues with server reputation)
  • [Enhanced] Code audit and cleanup
  • [Fix] Shortened URL option only checks for exact matches now


  • [Update] Minor UI improvements
  • [Fix] Duplicate email issue


  • [Fix] PHP notice


  • [New] Send email when allow list request is approved (community request)
  • [New] Approve or Block action in request email with link to Allow List page (community request)
  • [Update] Update Stop Spammers menu icon to ‘S’ logo
  • [Fix] Conditional fields hidden on page load when option is enabled
  • [Fix] Updates to multisite (community reported)
  • [Fix] Shortcode and HTML support on Spam Message (community reported)
  • [Fix] Wrong key used for the spam reason in the allow request email template sent to the web admin


  • [Fix] Block if email has too many periods


  • [New] Block URL shortening service links


  • [New] Notice


  • [Fix] PHP warnings


  • [Enhanced] Code cleanup


  • [Revert] Removed gettext


  • [Fix] Hotfix


  • [New] Force username-only login
  • [New] Force email-only login
  • [New] Disable custom passwords
  • [Enhanced] 2,500+ disposable email domains added to block list
  • [Update] Support notice


  • [Update] Usability updates


  • [Update] Plugin audit and cleanup


  • [Update] Various hotfixes


  • [New] Check for Tor Exit Nodes
  • [New] Check for too many periods
  • [New] Check for too many hyphens
  • [New] Allow Stripe
  • [New] Allow Authorize.Net
  • [New] Allow Braintree
  • [New] Allow Recurly
  • [Update] Admin UI enhancements


  • New owner