=== BotShield CAPTCHA for Contact Form 7 ===
Contributors: sabbir37
Tags: captcha, spam protection, contact form 7, recaptcha, turnstile
Requires at least: 5.0
Tested up to: 7.0
Stable tag: 2.1.0
Requires PHP: 7.4
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

BotShield CAPTCHA for Contact Form 7 – Advanced Spam Protection with Turnstile, reCAPTCHA, Arithmetic, and Alphanumeric.


== Description ==

Stop contact form spam instantly with **BotShield CAPTCHA for Contact Form 7**. This all-in-one spam protection plugin integrates **Google reCAPTCHA (v2 Checkbox & v3 Invisible)**, **Cloudflare Turnstile** (Privacy-Focused), and lightweight **Built-in Arithmetic/Image Challenges** to block bots while letting real users pass.

Whether you need strict security or a friction-free user experience, BotShield gives you complete control over your specific form protection needs. No more spam submissions, fake leads, or automated bot attacks.

**Protect Your WooCommerce Store with Enterprise-Grade Security.** Upgrade to **[SecureGate CAPTCHA](https://woocommerce.com/products/securegate-captcha/)** for ultimate full-site protection. Instantly block spam, fake registrations, and checkout fraud using intelligent Cloudflare Turnstile, Google reCAPTCHA, hCaptcha, and powerful Geo-Blocking rules—keeping your store fast, secure, and entirely bot-free.

= Key Features & Benefits =

*   **Multi-Provider Support**: Choose between Google reCAPTCHA, Cloudflare Turnstile, or Self-hosted challenges.
*   **Google reCAPTCHA Integration**: Supports both **v2 ("I'm not a robot")** and **v3 (Invisible)** keys.
*   **Cloudflare Turnstile**: The modern, privacy-friendly alternative that stops bots without annoying puzzles.
*   **Lightweight Built-in Protection**: Use simple Math or Image CAPTCHAs without needing any external API keys.
*   **Seamless Contact Form 7 Integration**: Adds a dedicated "BotShield" tag generator button directly to the CF7 editor.
*   **Mobile Optimized**: Fully responsive challenges that work perfectly on smartphones and tablets.
*   **GDPR Compliant Options**: Turnstile and Built-in modes offer excellent privacy compliance.
*   **Accessibility Ready**: WCAG 2.1 compliant designs for screen reader support.

= Flexible Protection Options =

**1. Google reCAPTCHA (The Industry Standard)**
*   **v2 Checkbox**: The classic "I'm not a robot" checkbox users trust.
*   **v3 Invisible**: valid users are verified in the background with zero interaction.

**2. Cloudflare Turnstile (Privacy-First)**
*   Verify visitors without solving complex puzzles. Smart, fast, and respectful of user privacy.

**3. Built-in Challenges (No Keys Required)**
*   **Arithmetic**: Simple math questions (e.g., 7 + 2 = ?) effective against basic bots.
*   **Alphanumeric**: Distorted text images for traditional verification.
*   *Zero external dependency, 100% self-hosted.*

= Perfect For =

*   Contact forms
*   Registration forms
*   Quote request forms
*   Newsletter signups
*   Any Contact Form 7 form needing spam protection


= Requirements =

* WordPress 5.0 or higher
* Contact Form 7 plugin (must be active)
* PHP 7.4 or higher
* GD PHP extension for image CAPTCHAs

== Installation ==

= Step 1: Install & Activate =

1.  Go to your WordPress Dashboard > **Plugins** > **Add New**.
2.  Search for **"BotShield CAPTCHA"**.
3.  Click **Install Now** and then **Activate**.

= Step 2: Configure Provider (Global Settings) =

1.  Navigate to **Contact > BotShield CAPTCHA**.
2.  **Select your Default CAPTCHA Type**:
    *   *Google reCAPTCHA*
    *   *Cloudflare Turnstile*
    *   *Arithmetic / Alphanumeric (Built-in)*
3.  **For reCAPTCHA/Turnstile Users**:
    *   Switch to the **"Integration Settings"** tab.
    *   Enter your **Site Key** and **Secret Key** (links provided in the admin panel to get these for free).
    *   Click **Save Settings**.

= Step 3: Add to Your Form =

1.  Go to **Contact > Contact Forms** and edit your desired form.
2.  Click the **"BotShield"** button in the CF7 tag generator toolbar (usually above the message body text area).
3.  **Select Interaction Type**: A popup will appear. You can use your "Global Default" or override it with a specific type (e.g., force "Turnstile" on this specific form).
4.  Click **Insert Tag**.
5.  **CRITICAL**: Ensure the generated shortcode (e.g., `[captcha* captcha-answer]`) is placed **ABOVE** your `[submit]` button.
6.  Save the form.

= Step 4: Verify =

Visit your page with the contact form. You should now see the CAPTCHA of choice protecting your submission!


== Frequently Asked Questions ==

= Do I need API keys? =

*   **For Built-in CAPTCHAs**: No, these work out of the box.
*   **For Google reCAPTCHA**: Yes, you need a free Site Key and Secret Key from the [Google reCAPTCHA Admin Console](https://www.google.com/recaptcha/admin).
*   **For Cloudflare Turnstile**: Yes, you need a free Site Key and Secret Key from the [Cloudflare Dashboard](https://dash.cloudflare.com/).

= Which CAPTCHA should I choose? =

*   **reCAPTCHA v3** or **Cloudflare Turnstile** are best for user experience (invisible/frictionless).
*   **reCAPTCHA v2** is best if you want users to explicitly proving they are human.
*   **Built-in** is best for strict privacy requirements or local-only environments.

= Is BotShield CAPTCHA GDPR compliant? =

Yes.
*   **Built-in Challenges**: 100% compliant, no data leaves your server.
*   **Cloudflare Turnstile**: Privacy-focused and generally considered GDPR compliant.
*   **Google reCAPTCHA**: Subject to Google's privacy policy and terms.

= Does this plugin slow down my site? =

No. Assets (CSS/JS) are conditionally loaded only on pages where a Contact Form 7 form is present. We prioritize performance and lightweight code.

= Can I use multiple CAPTCHAs per page? =

Yes! Each Contact Form 7 form can have its own independent CAPTCHA configuration.



= does it work on mobile devices? =

Absolutely! The CAPTCHA is fully responsive and works perfectly on all devices including smartphones and tablets.

= Is it accessible for people with disabilities? =

Yes! The plugin includes proper ARIA labels, keyboard navigation, and screen reader compatibility following WCAG 2.1 guidelines.

= Can I customize the appearance? =

Yes! Choose from three built-in themes (Default, Minimal, Modern) or add custom CSS for further customization.

= What is the BotShield CAPTCHA shortcode? =

The required shortcode is `[captcha* captcha-answer]`. This tag ensures that the user completes the CAPTCHA before submitting the form.

= Can I use the shortcode for Google reCAPTCHA or Turnstile? =

Yes! The same `[captcha* captcha-answer]` shortcode works for all types. The plugin automatically renders the correct challenge (reCAPTCHA, Turnstile, or Built-in) based on your settings.

= How do I make the shortcode optional? =

To make the CAPTCHA optional (not recommended), use the tag without the asterisk: `[captcha captcha-answer]`.


== Screenshots ==

1. Contact Form 7 tag generator interface for easy CAPTCHA shortcode creation
2. General Settings - CAPTCHA Type selection
3. Integration Settings - Provider Configuration
4. Cloudflare Turnstile CAPTCHA on contact form
5. Google reCAPTCHA on contact form
6. Arithmetic CAPTCHA displaying a math challenge on the contact form
7. Alphanumeric image CAPTCHA showing distorted text characters for security

== Changelog ==

= 2.1.0 =

*   **Security**: Hardened CAPTCHA validation with stronger server-side token verification and enhanced permission checks for a more robust security posture.
*   **Improved**: Smoother, more intuitive admin experience with polished UI interactions and visual consistency across all settings screens.

= 2.0.0 =

*   **New**: Added support for Google reCAPTCHA (v2 Checkbox & v3 Invisible).
*   **New**: Added support for Cloudflare Turnstile (Privacy-focused).
*   **New**: Completely redesigned Admin Dashboard with modern tabbed interface.
*   **Improved**: General UI/UX polish for better administrative experience.

= 1.0.1 =

*   **Improved**: Enhanced plugin security and validation protocols.
*   **Improved**: General stability improvements and other minor fixes.

= 1.0.0 =

*   Initial plugin release.
*   Arithmetic CAPTCHA with math problems.
*   Alphanumeric image CAPTCHA with distorted text.
*   Three difficulty levels (Easy, Medium, Hard).
*   No API keys required for built-in types.


== Upgrade Notice ==

= 2.1.0 =
Recommended update. Strengthens CAPTCHA token security, hardens AJAX endpoint validation, improves admin UI with a premium plugin showcase, and ensures full WordPress 7.0 compatibility.

= 2.0.0 =
Major release! Added Cloudflare Turnstile and Google reCAPTCHA support, a modern tabbed settings page, and enhanced security improvements.


= 1.0.0 =
Initial release of BotShield CAPTCHA. Add spam protection to Contact Form 7 forms with simple CAPTCHA challenges. No API keys required!

== Privacy Policy ==

BotShield CAPTCHA does not:
* Collect any personal data
* Store user information
* Transmit data to external servers
* Use cookies or tracking
* Share information with third parties

All CAPTCHA processing happens locally on your WordPress server. The plugin is fully GDPR compliant.

== Support & Documentation ==

* Support Forum: https://wordpress.org/support/plugin/botshield-captcha/
* Developer Website: https://www.rsabbir.com/

== Contributing ==

Contributions are welcome! Contact the developer or visit the GitHub repository to contribute to this plugin's development.

== Credits ==

* Developed by R. Sabbir (https://www.rsabbir.com/)
* Tested with Contact Form 7 6.1.4 and later

== Technical Specifications ==

= Server Requirements =

* WordPress 5.0 or higher
* PHP 7.4 or higher
* Contact Form 7 plugin (active)
* GD PHP extension (for image CAPTCHAs)

= Browser Support =

* Chrome (latest versions)
* Firefox (latest versions)
* Safari (latest versions)
* Microsoft Edge (latest versions)
* Mobile browsers (iOS Safari, Chrome Mobile)

= Security Features =

* Token-based validation system
* HMAC-SHA256 signature verification
* Automatic token expiration (5 minutes)
* XSS protection
* CSRF token protection
* No session storage required

= Performance =

* Code: ~50KB total size
* Assets: Minified and optimized
* Loading: Conditional asset loading on relevant pages
* HTTP Requests: Zero external requests
* Caching: Compatible with all major WordPress cache plugins