Installation

Installation

Orravo Form Spam Shield (v1.1.0) protects WordPress forms with a stack of invisible checks. It integrates out of the box with Contact Form 7, WPForms, Gravity Forms, OForms, and Fluent Forms, plus a generic fallback.

Requirements

• WordPress 6.5+
• PHP 8.0+
• Orravo Core installed and active

Steps

1. Upload orravo-spam-shield/ to /wp-content/plugins/
2. Activate via Plugins -> Installed Plugins
3. Navigate to Orravo Core -> Spam Shield in the sidebar (top-level fallback also exists if Orravo Core isn't active)
4. The defaults are sensible; activate and your forms are already protected

What activation creates

Three custom tables (created in OSpam_DB::activate()):

• wp_ospam_log - every checked submission, with form_plugin, form_id, ip, email, reason, score, blocked
• wp_ospam_blocklist - blocked entries by type (ip, email, domain, keyword)
• wp_ospam_allowlist - allowlisted entries (ip, email, domain)

Two cron jobs:

• ospam_prune_log - weekly, drops log rows older than ospam_log_retention_days (default 30)
• ospam_email_digest - optional, fires on ospam_digest_frequency (default weekly)

Constants