Title: MentoGuard: Behavioral Spam Blocker for Contact Forms Author: H. Bakhtiari Published: 2026 年 5 月 29 日 Last modified: 2026 年 5 月 29 日 --- 搜尋外掛 ![](https://s.w.org/plugins/geopattern-icon/mentoguard.svg) # MentoGuard: Behavioral Spam Blocker for Contact Forms 由 [H. Bakhtiari](https://profiles.wordpress.org/hbakhtiari/) 開發 [下載](https://downloads.wordpress.org/plugin/mentoguard.1.8.5.zip) * [詳細資料](https://tw.wordpress.org/plugins/mentoguard/#description) * [使用者評論](https://tw.wordpress.org/plugins/mentoguard/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/mentoguard/#installation) * [開發資訊](https://tw.wordpress.org/plugins/mentoguard/#developers) [技術支援](https://wordpress.org/support/plugin/mentoguard/) ## 外掛說明 MentoGuard protects your WordPress forms from spam bots using behavioral analysis and server-side token verification — completely GDPR-compliant with no data sent to Google or any third party. Currently supports **Contact Form 7**, with more form builders coming in future releases. #### How It Works MentoGuard uses three independent protection layers: 1. **Signed token** — every form load generates a one-time server-side token. Bots submitting without loading the page are instantly blocked. 2. **Page time check** — measures time between page load and submission entirely server- side. Bots submit in milliseconds; real users take seconds. 3. **Behavioral score** — JavaScript tracks how the visitor interacts with the form( timing, mouse movement, keyboard vs paste, field order) and assigns a spam score. #### Key Features * GDPR compliant — zero external servers, zero Google, zero third parties * Contact Form 7 native tag support — place [mentoguard] inside your CF7 form editor * Scripts load only on pages with active forms — zero SEO or page speed impact on other pages * Spam log dashboard — see every blocked submission with IP, score, and signals * Top Spammers page — aggregate view of worst offenders with one-click blacklisting * IP Blacklist — manually block IPs or CIDR ranges * Test Mode — see live spam scores without blocking anyone * Debug Log — step-by-step validation log for diagnosing issues * Preset modes — Relaxed, Balanced, Strict * Page time protection — configurable minimum time in seconds or milliseconds * Fully adjustable — enable/disable each signal, adjust point values * No tracking, no upsells, no phone-home #### Privacy MentoGuard reads your local WordPress database only. It logs the IP address and behavioral score of blocked submissions. No data is sent to any external server at any time. #### Usage with Contact Form 7 Add [mentoguard] inside your CF7 form editor, before the submit button: [text* your-name] [email* your-email] [mentoguard] [submit “Send”] ## 安裝方式 1. Upload the mentoguard folder to /wp-content/plugins/ 2. Activate through the Plugins menu in WordPress 3. Add [mentoguard] inside your CF7 form editor before the submit button 4. Configure under MentoGuard > Settings ## 常見問題集 ### Does MentoGuard work with Contact Form 7? Yes. MentoGuard registers as a native CF7 form tag so [mentoguard] works directly inside the CF7 form editor. ### Will it block real users by mistake? MentoGuard uses a scoring system with multiple signals. Real users almost never reach the block threshold. Use Test Mode to verify on your site before going live. ### Is it GDPR compliant? Yes. No data leaves your server. Only blocked submissions are logged in your own WordPress database. Log retention is configurable. ### Does it slow down my website? No. Scripts load only on pages containing a CF7 form with [mentoguard]. All other pages are completely unaffected. ### Will other form builders be supported? Yes. The core engine is form-builder agnostic. Contact Form 7 is the first integration. More builders are planned for future releases. ### What does the Debug Log do? Enable Debug Mode in Settings, then submit a form. The Debug Log shows every validation step — which layer ran, what was found, and why the submission was allowed or blocked. ## 使用者評論 這個外掛目前沒有任何使用者評論。 ## 參與者及開發者 以下人員參與了開源軟體〈MentoGuard: Behavioral Spam Blocker for Contact Forms〉的 開發相關工作。 參與者 * [ H. Bakhtiari ](https://profiles.wordpress.org/hbakhtiari/) * [ mentotex ](https://profiles.wordpress.org/mentotex/) [將〈MentoGuard: Behavioral Spam Blocker for Contact Forms〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/mentoguard) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/mentoguard/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/mentoguard/),或透過 [RSS](https://plugins.trac.wordpress.org/log/mentoguard/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/mentoguard/)。 ## 變更記錄 #### 1.8.0 * Fix: Plugin Check warnings — all database queries fully compliant * Fix: Tested up to header mismatch between plugin file and readme.txt * Fix: Emoji replaced with Dashicons throughout admin UI * Fix: Score color in spam log — blocked entries now show orange/red, never green * Fix: uninstall.php uses esc_sql() for DROP TABLE instead of %1s placeholder * Fix: uninstall.php now cleans up debug log options * Add: README.md for GitHub * Change: Plugin name updated to MentoGuard: Behavioral Spam Blocker for Contact Forms * Change: Plugin URI updated to https://mentotex.dev/mentoguard * Change: Description updated to reflect support for all WordPress forms #### 1.7.2 * Fix: universal_validate() was consuming CF7 token before cf7_validate() could use it * Fix: Added REQUEST_URI check to skip CF7 REST API requests in universal_validate() * Fix: Added _wpcf7 POST field check as final safety net #### 1.7.1 * Add: Debug Mode with step-by-step validation logging * Add: Debug Log admin page * Add: Debug Mode toggle in Settings * Fix: mg_score field missing detection improved #### 1.7.0 * Fix: CF7 uses REST API not Ajax — switched to wpcf7_spam filter * Add: Token refresh after successful CF7 submission (no page reload needed) * Fix: All Plugin Check warnings in logger resolved * Fix: uninstall.php variables renamed with mentoguard_ prefix #### 1.6.0 * Add: IP Blacklist with CIDR range support * Add: Top Spammers page with one-click blacklisting * Add: Daily cron job for log retention purge * Add: Bot test script updated for token system #### 1.5.0 * Fix: CF7 Ajax submissions now correctly validated * Fix: All database queries use $wpdb->prepare() * Fix: All $_GET/$_POST/$_SERVER reads include wp_unslash() * Fix: Log filter form includes nonce verification * Add: index.php silence files in all directories * Add: languages/ folder with .pot file #### 1.4.0 * Add: Page time protection with configurable threshold * Add: Seconds or milliseconds unit selection * Add: Hard block or score-based action options #### 1.3.0 * Add: Signed one-time token system * Add: JS bypass detection #### 1.2.0 * Remove: Captcha removed (to be reintroduced in future version) * Fix: Server-side blocking now correctly reads threshold settings * Fix: Score badge color logic * Add: Bulk delete in Spam Logs #### 1.0.0 * Initial release ## 中繼資料 * 版本 **1.8.5** * 最後更新 **3 天前** * 啟用安裝數 **少於 10 次** * WordPress 版本需求 ** 6.0 或更新版本 ** * 已測試相容的 WordPress 版本 **7.0** * PHP 版本需求 ** 8.0 或更新版本 ** * 語言 * [English (US)](https://wordpress.org/plugins/mentoguard/) * 標籤: * [anti-spam](https://tw.wordpress.org/plugins/tags/anti-spam/)[bot protection](https://tw.wordpress.org/plugins/tags/bot-protection/) [contact form](https://tw.wordpress.org/plugins/tags/contact-form/)[GDPR](https://tw.wordpress.org/plugins/tags/gdpr/) [spam](https://tw.wordpress.org/plugins/tags/spam/) * [進階檢視](https://tw.wordpress.org/plugins/mentoguard/advanced/) ## 評分 這個項目尚無任何評論記錄。 [Your review](https://wordpress.org/support/plugin/mentoguard/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/mentoguard/reviews/) ## 參與者 * [ H. Bakhtiari ](https://profiles.wordpress.org/hbakhtiari/) * [ mentotex ](https://profiles.wordpress.org/mentotex/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/mentoguard/)