Title: SpamJam
Author: Matt Biscay
Published: <strong>2022 年 7 月 27 日</strong>
Last modified: 2026 年 6 月 21 日

---

搜尋外掛

![](https://ps.w.org/spamjam/assets/banner-772x250.png?rev=2762608)

![](https://ps.w.org/spamjam/assets/icon-256x256.png?rev=2762608)

# SpamJam

 由 [Matt Biscay](https://profiles.wordpress.org/skyminds/) 開發

[下載](https://downloads.wordpress.org/plugin/spamjam.zip)

 * [詳細資料](https://tw.wordpress.org/plugins/spamjam/#description)
 * [使用者評論](https://tw.wordpress.org/plugins/spamjam/#reviews)
 *  [安裝方式](https://tw.wordpress.org/plugins/spamjam/#installation)
 * [開發資訊](https://tw.wordpress.org/plugins/spamjam/#developers)

 [技術支援](https://wordpress.org/support/plugin/spamjam/)

## 外掛說明

**Tired of deleting spam comments every day?** SpamJam is a lightweight, invisible
anti-spam solution that blocks automated spam before it hits your database—without
annoying your legitimate users with captchas or verification steps.

#### Why SpamJam?

Unlike traditional anti-spam plugins that rely on third-party services or frustrating
captchas, SpamJam uses **intelligent honeypot techniques** and **behavioral analysis**
to silently eliminate spam bots. Your real visitors won’t see any difference, but
spam bots will be stopped cold.

#### Free Features

✅ **Salted Honeypot Protection** – Per-site randomized invisible fields that trap
spam bots
 ✅ **Timing Check** – Rejects instant bot submissions with a configurable
minimum fill time ✅ **Weighted Spam Scoring** – Signals combine into a score; gray-
zone submissions held for moderation instead of hard-blocked ✅ **Referrer Validation**–
Blocks direct form submissions ✅ **Nonce Security** – CSRF protection for all comment
forms ✅ **Smart Blocklist** – Filters common spam keywords ✅ **Zero Configuration**–
Works immediately after activation ✅ **No Captchas** – Never annoy your real users
✅ **Lightweight** – Minimal impact on site performance ✅ **WooCommerce Compatible**–
Works with HPOS and product review forms ✅ **No-JS Friendly** – JS-disabled visitors
are soft-scored, not hard-blocked

#### Pro Features (Premium)

🚀 **Registration Spam Protection** – Protect user registration forms with email
verification
 🚀 **Premium Blocklist** – Auto-updating list of 15,000+ spam terms
🚀 **Custom Blocklist** – Add your own keywords and patterns to block 🚀 **Geographic
Blocking** – Block comments from specific countries 🚀 **IP Blocking** – Block specific
IP addresses or ranges 🚀 **Rate Limiting** – Prevent spam floods with configurable
limits 🚀 **Email Whitelist** – Always allow trusted email addresses 🚀 **Spam Logging&
Analytics** – Track and analyze blocked spam attempts 🚀 **Content Validation** –
Set minimum comment length and maximum links 🚀 **Contact Form Protection** – Protect
Contact Form 7, WPForms, Gravity Forms 🚀 **User Enumeration Blocking** – Enhanced
security against attacks 🚀 **Priority Support** – Get help when you need it

[Upgrade to SpamJam Pro ](https://utopique.net/products/spamjam/)

#### Perfect For

 * Blogs with active comment sections
 * Membership sites
 * WooCommerce stores
 * Community websites
 * Any WordPress site tired of spam

#### How It Works

SpamJam uses multiple layers of protection:

 1. **Salted Honeypot Fields** – Per-site randomized hidden fields that only bots fill
    out
 2. **Timing Check** – HMAC-signed server timestamp detects instant bot submissions
 3. **Weighted Scoring Engine** – Signals combine into a score; hard signals block 
    immediately, soft signals accumulate; gray-zone submissions are held for moderation
 4. **Referrer Checking** – Verifies submissions come from your site
 5. **Hash Validation** – Cryptographic HMAC verification of form integrity
 6. **Keyword Filtering** – Blocks known spam patterns

All of this happens **invisibly** in the background. Your legitimate users never
see a captcha or verification step.

#### Privacy First

SpamJam doesn’t send your data to third-party services. Everything happens on your
server, keeping your users’ information private and your site GDPR-compliant.

## 安裝方式

#### Automatic Installation

 1. Log in to your WordPress admin panel
 2. Go to Plugins  Add New
 3. Search for “SpamJam”
 4. Click “Install Now” and then “Activate”
 5. That’s it! SpamJam is now protecting your site

#### Manual Installation

 1. Download the plugin ZIP file
 2. Go to Plugins  Add New  Upload Plugin
 3. Choose the ZIP file and click “Install Now”
 4. Activate the plugin
 5. SpamJam starts working immediately—no configuration needed!

#### After Activation

SpamJam works automatically with zero configuration. For Pro features, visit **SpamJam**
in your WordPress admin menu to configure advanced options.

## 常見問題集

### Do I need to configure anything?

No! SpamJam works immediately after activation. Just install, activate, and forget
about spam.

### Will this slow down my site?

No. SpamJam is extremely lightweight and uses efficient caching. Most users see 
zero performance impact.

### Will my users see captchas?

Never. SpamJam is completely invisible to legitimate users. No captchas, no verification
steps, no friction.

### Does this work with my theme?

Yes! SpamJam works with any WordPress theme that uses standard comment forms. It’s
compatible with popular themes like Astra, GeneratePress, OceanWP, and more.

### Is this compatible with WooCommerce?

Yes! SpamJam is fully compatible with WooCommerce and supports High-Performance 
Order Storage (HPOS).

### What’s the difference between Free and Pro?

The free version protects comment forms with honeypots, nonce validation, and basic
blocklists.

Pro adds 10+ advanced features including:
 – Registration form protection with email
verification – Premium auto-updating blocklist (15,000+ terms) – Custom blocklist
for your specific needs – Geographic and IP blocking – Rate limiting to prevent 
spam floods – Email whitelist for trusted users – Spam logging and analytics – Content
validation rules – Contact form protection (CF7, WPForms, Gravity Forms) – Priority
support

### How does geographic blocking work?

Pro users can block comments from specific countries by entering country codes (
e.g., CN, RU, UA). This uses IP geolocation to identify the commenter’s country 
and blocks them before they can submit spam.

### What is rate limiting?

Rate limiting prevents spam floods by limiting how many comments a single IP address
can submit within a time period. For example, you can set it to allow maximum 5 
comments per hour per IP address.

### Can I see what spam was blocked?

Yes! Pro users can enable spam logging to track all blocked attempts. You can see
IP addresses, countries, blocked content, and reasons for blocking. Logs are automatically
cleaned up based on your retention settings.

### Does this work with other anti-spam plugins?

SpamJam can work alongside other plugins, but for best results, we recommend using
it as your primary anti-spam solution to avoid conflicts.

### How effective is SpamJam?

SpamJam blocks 99%+ of automated spam bots. The multi-layered approach catches what
single-method solutions miss.

### Do you offer support?

Yes! Free users can get community support through WordPress.org forums. Pro users
get priority email support.

### Is my data sent to third parties?

No. SpamJam processes everything on your server. Your data stays private and GDPR-
compliant.

## 使用者評論

這個外掛目前沒有任何使用者評論。

## 參與者及開發者

以下人員參與了開源軟體〈SpamJam〉的開發相關工作。

參與者

 *   [ Matt Biscay ](https://profiles.wordpress.org/skyminds/)
 *   [ Freemius ](https://profiles.wordpress.org/freemius/)

[將〈SpamJam〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/spamjam)

### 對開發相關資訊感興趣？

任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/spamjam/)、查看
[SVN 存放庫](https://plugins.svn.wordpress.org/spamjam/)，或透過 [RSS](https://plugins.trac.wordpress.org/log/spamjam/?limit=100&mode=stop_on_copy&format=rss)
訂閱[開發記錄](https://plugins.trac.wordpress.org/log/spamjam/)。

## 變更記錄

#### 2.3.1 – 2026-06-15

 * Security – Form-fill timing check: signed HMAC timestamp injected at page render;
   submissions arriving faster than the configurable minimum (default 3 s) are scored
   as a bot signal
 * Security – Weighted scoring engine replaces flat hard-blocks: hard signals (honeypot,
   trap field, blocklist) block immediately; soft signals (nonce, token, referer,
   timing) accumulate a score; gray-zone submissions are held for moderation rather
   than rejected
 * Security – Honeypot field name is now derived from wp_salt() per site, making
   it opaque to bots that learn field names by scraping other installations
 * Security – WooCommerce review detection improved: product pages now target #review_form
   so the sj5 token reaches WooCommerce review forms; verified-purchase gate still
   respected
 * Security – No-JS fallback: server-rendered hidden sj5_nojs field lets JS-disabled
   visitors submit; absence of the JS token is now a soft signal (weight 10) rather
   than a hard block
 * Performance – Premium feature flags consolidated into a single cached array; 
   replaces ~10 individual get_option() calls per request; cache invalidated on 
   every settings save
 * Performance – Duplicate is_singular() + comments_open() gate merged into a static-
   cached helper; evaluated once per request
 * Performance – Removed dead enqueue_comment_styles() function; the CSS targeted
   a display:none element and was silently dropped on classic themes

#### 2.3 – 2026-06-09

 * Fixed – Resolved “Undefined array key email_confirm” PHP warning by guarding 
   the honeypot field check when the field is absent from the submission
 * Fixed – Comment form token (sj5) now attaches to themes with custom comment form
   IDs via a broadened, filterable selector (spamjam_comment_form_selector), preventing
   false “Form validation failed” blocks
 * Enhancement – sj5 token validation now tolerates longer page dwell time by accepting
   the current plus the last three hourly windows (filterable via spamjam_token_window_tolerance);
   still verified with hash_equals()

## 中繼資料

 *  版本 **2.3.1**
 *  最後更新 **2 週前**
 *  啟用安裝數 **100+**
 *  WordPress 版本需求 ** 6.2 或更新版本 **
 *  已測試相容的 WordPress 版本 **7.0**
 *  PHP 版本需求 ** 7.4 或更新版本 **
 *  語言
 * [English (US)](https://wordpress.org/plugins/spamjam/)
 * 標籤:
 * [comment spam](https://tw.wordpress.org/plugins/tags/comment-spam/)[honeypot](https://tw.wordpress.org/plugins/tags/honeypot/)
   [registration spam](https://tw.wordpress.org/plugins/tags/registration-spam/)
   [security](https://tw.wordpress.org/plugins/tags/security/)[spam protection](https://tw.wordpress.org/plugins/tags/spam-protection/)
 *  [進階檢視](https://tw.wordpress.org/plugins/spamjam/advanced/)

## 評分

這個項目尚無任何評論記錄。

[Your review](https://wordpress.org/support/plugin/spamjam/reviews/#new-post)

[查看全部使用者評論](https://wordpress.org/support/plugin/spamjam/reviews/)

## 參與者

 *   [ Matt Biscay ](https://profiles.wordpress.org/skyminds/)
 *   [ Freemius ](https://profiles.wordpress.org/freemius/)

## 技術支援

使用者可在技術支援論壇提出意見反應或使用問題。

 [檢視技術支援論壇](https://wordpress.org/support/plugin/spamjam/)

## 贊助

想要支援這個外掛的發展嗎？

 [ 贊助這個外掛 ](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=DNSC3NVBWR66L)