← All pluginsTest a submission.
Run every rule.
Six layers of defence.
Click around.
Six rules built in.
Clean filter hooks.
Free.
Stop spam.
Get Spam Shield free↗
Live · v1.1.0 · Free
Orravo Spam Shield
Invisible spam protection for WordPress forms — no CAPTCHAs, no friction for real users. Honeypot traps, timing analysis, rate limiting, geo blocking, disposable email detection, and IP / email / keyword blocklists. Works natively with CF7, WPForms, Gravity Forms, and OForms. Free forever.
0Disposable domains blocked
0Blocked per site / day (avg)
0Detection rules
0Form plugins supported
// Feature preview
Test a submission.
See every rule fire.
This simulates what Spam Shield checks on every form submission. Change the email, IP, or timing and re-run to see which rules fire. On a real site this pipeline runs server-side in under 4ms.
Run every rule.
Instant verdict.
Simulated demo. Runs automatically as you scroll.
Demo simulation
honeypot·awaiting check
timing·awaiting check
ratelimit·awaiting check
geo·awaiting check
disposable·awaiting check
ip blocklist·awaiting check
// What it does
Six layers of defence.
Zero user friction.
Every check runs server-side, in under 4ms on warm cache. No external API calls per submission. No CAPTCHA. No JavaScript required for the protection to work.
// 6 detection rules · 4 form plugin integrations · 0 CAPTCHAs
✓Honeypot hidden field — bots fill it, humans never see it
✓Submission timing — flag submissions under 2s threshold
✓Rate limiting — cap submissions per IP per window
✓Geo / country blocking — allow or deny by country code
✓Disposable email detection — 2,800+ throwaway domains
✓IP blocklist — manual or automatic permanent bans
✓Email domain blocklist — block entire sending domains
✓Keyword blocklist — reject messages with banned words
✓CF7 integration — hooks into wpcf7_spam filter
✓WPForms integration — hooks into wpforms_process_before
✓Gravity Forms integration — hooks into gform_validation
✓OForms integration — first-party native hooks
✓REST API — stats, blocklist management, test endpoint
✓WP-CLI — stats, block, unblock, test, flush commands
✓Activity log — every blocked submission recorded
✓Weekly disposable-domain list sync (background cron)
// Explore the product
Click around.
It’s all real.
Four interactive previews of the actual Spam Shield admin. No screenshots — working mock-ups of what ships in the plugin.
312Blocked (7 days)
58%Honeypot rate
3IPs rate-limited now
4msAvg pipeline time
Blocks by rule (7 days)live
| Rule | Count | Share |
|---|---|---|
| Honeypot | 181 | 58% |
| Timing analysis | 74 | 24% |
| Rate limiting | 33 | 11% |
| Geo blocking | 14 | 4% |
| Disposable email | 10 | 3% |
Rule configuration
| Rule | Status | Setting |
|---|---|---|
| Honeypot | enabled | field: _shield_check |
| Timing analysis | enabled | min elapsed: 2.0s |
| Rate limiting | enabled | 10 submissions / 5 min / IP |
| Geo blocking | enabled | blocked: RU, KP, CN (3 countries) |
| Disposable email | enabled | 2,847 domains · synced 2d ago |
| IP blocklist | enabled | 12 IPs blocked |
| Keyword blocklist | enabled | 7 words/phrases |
IP blocklist12 entries
| IP / Range | Added | Reason | Hits |
|---|---|---|---|
| 203.0.113.77 | 3d ago | rate-limit auto-ban | 47 |
| 198.51.100.4 | 1w ago | manual | 12 |
| 10.20.30.0/24 | 2w ago | reported abuse | 3 |
Keyword blocklist7 entries
| casino | free money | click here | buy now |
| cheap meds | 100% free | guaranteed profit |
Recent blockslive
| Time | Rule | Form | IP | Detail |
|---|---|---|---|---|
| 2m ago | honeypot | Contact Us | 198.51.100.4 | _shield_check filled |
| 4m ago | disposable | Newsletter | 203.0.113.55 | mailinator.com |
| 7m ago | timing | Register | 10.0.0.14 | 0.4s < 2s |
| 12m ago | ratelimit | Contact Us | 203.0.113.77 | 14/5min |
| 18m ago | geo | Register | — | country: RU |
// Compare
Six rules built in.
No subscription needed.
Akismet requires a subscription for commercial sites. CleanTalk is a paid third-party service. hCaptcha replaces one UX problem (spam) with another (puzzle friction). Spam Shield is server-side, free, and invisible.
| Akismet | CleanTalk | hCaptcha | Orravo Spam Shield | |
|---|---|---|---|---|
| Honeypot field protection | ✓ | ✓ | no | Built in |
| Submission timing analysis | no | partial | no | Built in |
| Rate limiting (per-IP) | no | ✓ | no | Built in |
| Geo / country blocking | paid | ✓ | no | Built in |
| Disposable email detection | no | paid | no | Built in |
| IP blocklist | ✓ | ✓ | no | Built in |
| Keyword blocklist | no | no | no | Built in |
| Email domain blocklist | no | no | no | Built in |
| Works with CF7 / WPForms / GF | ✓ | ✓ | no | Built in |
| Works with OForms (native) | no | no | no | Built in |
| No external API dependency | no | no | ✓ | Built in |
| CAPTCHA required | no | ✓ | no | Never |
| Pricing model | Free | $99/yr | Dev time | Free forever |
// Built like real software
Clean filter hooks.
Full CLI + REST surface.
Three extension points cover every integration scenario: PHP filter hooks for custom rules, WP-CLI for scripted management, and a REST API for remote stats and blocklist control.
// Hook into the spam-shield decision pipeline. Return true to block the submission. add_filter('orv_spam_shield_is_spam', function(bool $is_spam, array $context): bool { // $context keys: form_id, post_data, ip, user_agent, elapsed_seconds, email if (str_contains($context['user_agent'], 'BadBot')) { return true; } return $is_spam; }, 10, 2); // Log every spam event for your own analytics. add_action('orv_spam_shield_blocked', function(array $event) { // $event: reason, ip, form_id, elapsed, email, timestamp error_log('[spam-shield] blocked: ' . wp_json_encode($event)); }); // Add a custom keyword to the blocklist at runtime (without saving to DB). add_filter('orv_spam_shield_keyword_blocklist', function(array $words): array { $words[] = 'casino'; $words[] = 'free money'; return $words; });
// Pricing
Free.
Forever.
Every protection rule, unlimited forms, unlimited sites. No subscription. No API key to manage. No CAPTCHA tax on your users.
// free
Orravo Spam Shield.
All six detection rules. All four form plugin integrations. No limits.
$0
free forever
- Honeypot + timing + rate limiting
- Geo blocking + disposable email + IP blocklist
- CF7 · WPForms · Gravity Forms · OForms
- REST API + WP-CLI
- Activity log + weekly domain list sync
// Common questions
Asked & answered.
Does it use CAPTCHA or require users to solve puzzles? +
Never. Spam Shield is invisible to legitimate users. It uses honeypot fields (hidden inputs bots fill in, humans never see), submission timing (bots submit in under a second), rate limiting, geo rules, and blocklists. No distorted text, no image grids, no friction for real people.
Which form plugins does it support? +
Contact Form 7, WPForms (Lite and Pro), Gravity Forms, and Orravo OForms natively. There is also a generic filter — orv_spam_shield_is_spam — that any plugin or custom form can hook into. If you use a form plugin not on the list, open a GitHub issue; most integrations are a single filter hook.
Will it slow down form submissions? +
The honeypot check is a field-presence test (microseconds). Timing analysis reads a single transient. Rate limiting does one Redis/memcached or DB read. Geo blocking is an in-memory GeoIP lookup from a bundled MaxMind Lite database (updated monthly). The full pipeline adds less than 4ms to a form submission on warm cache.
How does disposable email detection work? +
Spam Shield ships with a curated blocklist of ~2,800 known disposable / throwaway email domains (mailinator, guerrillamail, tempmail, etc.) and updates it via a weekly background sync. The check is purely local — no external API call per submission. You can add your own domains via the orv_spam_shield_email_domain_blocklist filter.