Changeset 3490735

vulntitan/tags/2.1.16/CHANGELOG.md

-                      r3486040
+                      r3490735
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.1.16] - 2026-03-25
+### Added
+- Tightened Comment Shield spam detection with casino, betting, gambling, promotional-link, repeated-domain, and thin-link heuristics for guest comments.
+- Logged suspicious comment holds and WordPress moderation-queue entries into the firewall activity stream.
+- Expanded the weekly executive security digest with form spam, comment queue, and broader protection-profile coverage.
+### Changed
+- Reworked the HTML weekly digest layout so cramped two-column sections collapse into a readable mobile presentation.
 ## [2.1.15] - 2026-03-18

vulntitan/tags/2.1.16/assets/js/firewall.js

-                      r3486040
+                      r3490735
             case 'comment_spam_held':
                 return i18n.firewall_event_comment_spam_held || 'Comment held for review';
+            case 'comment_pending_review':
+                return i18n.firewall_event_comment_pending_review || 'Comment entered pending review';
             case 'comment_rate_limited':
                 return i18n.firewall_event_comment_rate_limited || 'Comment rate limited';
 …
                 return 'is-danger';
             case 'comment_spam_held':
+            case 'comment_pending_review':
             case 'login_failed':
                 return 'is-warning';

vulntitan/tags/2.1.16/assets/js/firewall.min.js

-                      r3486040
+                      r3490735
             case 'comment_spam_held':
                 return i18n.firewall_event_comment_spam_held || 'Comment held for review';
+            case 'comment_pending_review':
+                return i18n.firewall_event_comment_pending_review || 'Comment entered pending review';
             case 'comment_rate_limited':
                 return i18n.firewall_event_comment_rate_limited || 'Comment rate limited';
 …
                 return 'is-danger';
             case 'comment_spam_held':
+            case 'comment_pending_review':
             case 'login_failed':
                 return 'is-warning';

vulntitan/tags/2.1.16/includes/Admin/Admin.php

r3485911	r3490735
138	138	'firewall_event_comment_spam_blocked' => esc_html__('Comment spam blocked', 'vulntitan'),
139	139	'firewall_event_comment_spam_held' => esc_html__('Comment held for review', 'vulntitan'),
	140	'firewall_event_comment_pending_review' => esc_html__('Comment entered pending review', 'vulntitan'),
140	141	'firewall_event_comment_rate_limited' => esc_html__('Comment rate limited', 'vulntitan'),
141	142	'firewall_feed_live' => esc_html__('Live', 'vulntitan'),

vulntitan/tags/2.1.16/includes/Services/CommentSpamService.php

-                      r3485911
+                      r3490735
     protected const RATE_LIMIT_PREFIX = 'vulntitan_cs_rate_';
     protected const MIN_TOKEN_AGE = 1;
+    protected const SHORT_COMMENT_MAX_WORDS = 3;
+    protected const SHORT_COMMENT_MAX_LENGTH = 40;
     protected static bool $booted = false;
 …
         if (($decision['action'] ?? 'allow') === 'allow') {
+            if (self::isEnabled() && self::supportsCommentType($commentData) && !self::shouldBypass($commentData) && ($approved === 0 || $approved === '0')) {
+                self::logPendingModeration($commentData);
+            }
             return $approved;
+        }
 …
         $commentContent = isset($commentData['comment_content']) ? (string) wp_unslash($commentData['comment_content']) : '';
         $normalizedContent = self::normalizeCommentContent($commentContent);
+        $authorName = isset($commentData['comment_author']) ? self::normalizeCommentContent((string) wp_unslash($commentData['comment_author'])) : '';
+        $authorUrl = isset($commentData['comment_author_url']) ? trim((string) wp_unslash($commentData['comment_author_url'])) : '';
         $postId = (int) ($commentData['comment_post_ID'] ?? 0);
         $ipAddress = self::resolveIpAddress($commentData);
 …
         $rateCount = self::incrementRateCounter($visitorKey, $rateWindowMinutes);
         $maxAttempts = max(1, (int) ($settings['submission_rate_limit_attempts'] ?? $settings['comment_rate_limit_attempts'] ?? 3));
+        $linkCount = self::countLinks($commentContent);
+        $authorDomain = self::normalizeDomain($authorUrl);
+        $externalDomains = self::extractExternalDomains($commentContent, $authorDomain);
+        [$topExternalDomain, $topExternalHits] = self::findTopDomain($externalDomains);
+        $spamKeywordMatches = self::matchSpamKeywords(implode("\n", array_filter([$normalizedContent, $authorName, self::normalizeCommentContent($authorUrl)])));
+        $promotionalPhraseMatches = self::matchPromotionalPhrases($normalizedContent);
+        $wordCount = self::countWords($normalizedContent);
+        $contentLength = self::measureLength($normalizedContent);
         if ($rateCount > $maxAttempts) {
 …
+                [
                     'comment_hash' => self::buildCommentHash($normalizedContent),
                     'link_count' => self::countLinks($commentContent),
+                    'link_count' => $linkCount,
+                ]
             );
 …
         if (!self::isAuthenticatedCommenter($commentData)) {
-            $linkCount = self::countLinks($commentContent);
             $maxLinks = max(0, (int) ($settings['submission_max_links'] ?? $settings['comment_max_links'] ?? 2));
+            if ($spamKeywordMatches !== [] && $externalDomains !== []) {
+                return self::buildDecisionFromSuspiciousAction(
+                    (string) ($settings['comment_suspicious_action'] ?? 'hold'),
+                    'spam_keywords_with_external_url',
+                    __('Comment contains common spam keywords together with an external URL or website.', 'vulntitan'),
+                    [
+                        'post_id' => $postId,
+                        'rate_count' => $rateCount,
+                        'window_minutes' => $rateWindowMinutes,
+                        'link_count' => $linkCount,
+                        'author_url_domain' => $authorDomain,
+                        'matched_keywords' => $spamKeywordMatches,
+                    ],
+                    [
+                        'comment_hash' => self::buildCommentHash($normalizedContent),
+                        'link_count' => $linkCount,
+                        'external_domains' => array_values(array_unique($externalDomains)),
+                    ]
+                );
+            }
+            if (count($spamKeywordMatches) >= 2) {
+                return self::buildDecisionFromSuspiciousAction(
+                    (string) ($settings['comment_suspicious_action'] ?? 'hold'),
+                    'spam_keyword_cluster',
+                    __('Comment contains multiple high-risk spam keyword categories.', 'vulntitan'),
+                    [
+                        'post_id' => $postId,
+                        'rate_count' => $rateCount,
+                        'window_minutes' => $rateWindowMinutes,
+                        'matched_keywords' => $spamKeywordMatches,
+                    ],
+                    [
+                        'comment_hash' => self::buildCommentHash($normalizedContent),
+                        'matched_keywords' => $spamKeywordMatches,
+                    ]
+                );
+            }
+            if ($topExternalDomain !== '' && $topExternalHits >= 2) {
+                return self::buildDecisionFromSuspiciousAction(
+                    (string) ($settings['comment_suspicious_action'] ?? 'hold'),
+                    'repeated_external_domain',
+                    __('Comment repeats the same external domain across the message and author website fields.', 'vulntitan'),
+                    [
+                        'post_id' => $postId,
+                        'rate_count' => $rateCount,
+                        'window_minutes' => $rateWindowMinutes,
+                        'top_external_domain' => $topExternalDomain,
+                        'top_external_domain_hits' => $topExternalHits,
+                    ],
+                    [
+                        'comment_hash' => self::buildCommentHash($normalizedContent),
+                        'link_count' => $linkCount,
+                        'external_domains' => array_values(array_unique($externalDomains)),
+                        'top_external_domain' => $topExternalDomain,
+                        'top_external_domain_hits' => $topExternalHits,
+                    ]
+                );
+            }
+            if ($promotionalPhraseMatches !== [] && $externalDomains !== []) {
+                return self::buildDecisionFromSuspiciousAction(
+                    (string) ($settings['comment_suspicious_action'] ?? 'hold'),
+                    'promotional_link_comment',
+                    __('Comment combines promotional phrases with an external link or website.', 'vulntitan'),
+                    [
+                        'post_id' => $postId,
+                        'rate_count' => $rateCount,
+                        'window_minutes' => $rateWindowMinutes,
+                        'matched_promotions' => $promotionalPhraseMatches,
+                        'link_count' => $linkCount,
+                    ],
+                    [
+                        'comment_hash' => self::buildCommentHash($normalizedContent),
+                        'external_domains' => array_values(array_unique($externalDomains)),
+                        'matched_promotions' => $promotionalPhraseMatches,
+                    ]
+                );
+            }
+            if ($externalDomains !== [] && $wordCount > 0 && $wordCount <= self::SHORT_COMMENT_MAX_WORDS && $contentLength <= self::SHORT_COMMENT_MAX_LENGTH) {
+                return self::buildDecisionFromSuspiciousAction(
+                    (string) ($settings['comment_suspicious_action'] ?? 'hold'),
+                    'thin_external_link_comment',
+                    __('Very short guest comment submitted with an external link or website.', 'vulntitan'),
+                    [
+                        'post_id' => $postId,
+                        'rate_count' => $rateCount,
+                        'window_minutes' => $rateWindowMinutes,
+                        'word_count' => $wordCount,
+                        'content_length' => $contentLength,
+                        'author_url_domain' => $authorDomain,
+                    ],
+                    [
+                        'comment_hash' => self::buildCommentHash($normalizedContent),
+                        'link_count' => $linkCount,
+                        'external_domains' => array_values(array_unique($externalDomains)),
+                    ]
+                );
+            }
             if ($linkCount > $maxLinks) {
 …
     ): array {
         $details['action'] = $action;
+        if ($action === 'hold') {
+            $details['approval_status'] = 'pending';
+        }
         return [
 …
+    }
+    protected static function logPendingModeration(array $commentData): void
+    {
+        $commentContent = isset($commentData['comment_content']) ? (string) wp_unslash($commentData['comment_content']) : '';
+        $normalizedContent = self::normalizeCommentContent($commentContent);
+        $authorUrl = isset($commentData['comment_author_url']) ? trim((string) wp_unslash($commentData['comment_author_url'])) : '';
+        $authorDomain = self::normalizeDomain($authorUrl);
+        $externalDomains = self::extractExternalDomains($commentContent, $authorDomain);
+        FirewallService::logEvent('comment_pending_review', [
+            'event_source' => 'comment_shield',
+            'event_action' => 'log',
+            'blocked' => 0,
+            'response_code' => 0,
+            'severity' => 1,
+            'ip_address' => self::resolveIpAddress($commentData),
+            'username' => self::resolveUsername($commentData),
+            'request_method' => strtoupper((string) ($_SERVER['REQUEST_METHOD'] ?? 'POST')),
+            'request_uri' => (string) ($_SERVER['REQUEST_URI'] ?? ''),
+            'request_path' => (string) parse_url((string) ($_SERVER['REQUEST_URI'] ?? ''), PHP_URL_PATH),
+            'rule_group' => 'comment_moderation',
+            'rule_id' => 'wordpress_pending_review',
+            'reason' => __('Comment entered the moderation queue.', 'vulntitan'),
+            'details' => [
+                'action' => 'hold',
+                'approval_status' => 'pending',
+                'post_id' => (int) ($commentData['comment_post_ID'] ?? 0),
+                'link_count' => self::countLinks($commentContent),
+                'author_url_domain' => $authorDomain,
+            ],
+            'context' => [
+                'comment_hash' => self::buildCommentHash($normalizedContent),
+                'external_domains' => array_values(array_unique($externalDomains)),
+            ],
+        ]);
+    }
     protected static function isEnabled(): bool
+    {
 …
         return is_array($matches[0] ?? null) ? count($matches[0]) : 0;
+    }
+    /**
+     * @return array<int,string>
+     */
+    protected static function extractExternalDomains(string $content, string $authorDomain = ''): array
+    {
+        $domains = self::extractLinkDomains($content);
+        if ($authorDomain !== '') {
+            $domains[] = $authorDomain;
+        }
+        return array_values(array_filter($domains, [__CLASS__, 'isExternalDomain']));
+    }
+    /**
+     * @return array<int,string>
+     */
+    protected static function extractLinkDomains(string $content): array
+    {
+        if ($content === '') {
+            return [];
+        }
+        preg_match_all('~(?:https?://|www\.)[^\s<>"\']+~iu', $content, $matches);
+        $rawUrls = is_array($matches[0] ?? null) ? $matches[0] : [];
+        $domains = [];
+        foreach ($rawUrls as $rawUrl) {
+            if (!is_string($rawUrl)) {
+                continue;
+            }
+            $domain = self::normalizeDomain($rawUrl);
+            if ($domain !== '') {
+                $domains[] = $domain;
+            }
+        }
+        return $domains;
+    }
+    protected static function normalizeDomain(string $value): string
+    {
+        $value = trim($value);
+        if ($value === '') {
+            return '';
+        }
+        if (strpos($value, '://') === false) {
+            $value = 'https://' . ltrim($value, '/');
+        }
+        $host = wp_parse_url($value, PHP_URL_HOST);
+        if (!is_string($host) || $host === '') {
+            return '';
+        }
+        $host = strtolower(trim($host));
+        return strpos($host, 'www.') === 0 ? substr($host, 4) : $host;
+    }
+    protected static function isExternalDomain(string $domain): bool
+    {
+        $normalizedDomain = self::normalizeDomain($domain);
+        if ($normalizedDomain === '') {
+            return false;
+        }
+        $siteDomain = self::normalizeDomain((string) home_url('/'));
+        if ($siteDomain === '') {
+            return true;
+        }
+        return $normalizedDomain !== $siteDomain
+            && substr($normalizedDomain, -strlen('.' . $siteDomain)) !== '.' . $siteDomain;
+    }
+    /**
+     * @param array<int,string> $domains
+     * @return array{0:string,1:int}
+     */
+    protected static function findTopDomain(array $domains): array
+    {
+        if ($domains === []) {
+            return ['', 0];
+        }
+        $counts = array_count_values(array_filter($domains, 'is_string'));
+        if ($counts === []) {
+            return ['', 0];
+        }
+        arsort($counts);
+        $topDomain = (string) array_key_first($counts);
+        return [$topDomain, (int) ($counts[$topDomain] ?? 0)];
+    }
+    /**
+     * @return array<int,string>
+     */
+    protected static function matchSpamKeywords(string $content): array
+    {
+        if ($content === '') {
+            return [];
+        }
+        $matches = [];
+        foreach (self::getSpamKeywordPatterns() as $label => $pattern) {
+            if (!is_string($pattern) || @preg_match($pattern, '') === false) {
+                continue;
+            }
+            if (preg_match($pattern, $content)) {
+                $matches[] = (string) $label;
+            }
+        }
+        return $matches;
+    }
+    /**
+     * @return array<int,string>
+     */
+    protected static function getSpamKeywordPatterns(): array
+    {
+        $patterns = [
+            'casino' => '/\bcasino(?:s)?\b/iu',
+            'betting' => '/\b(?:bet(?:s|ting)?|sportsbook|bookmaker(?:s)?)\b/iu',
+            'gambling' => '/\b(?:gambl(?:e|ing)|wager(?:s|ing)?)\b/iu',
+            'slots' => '/\b(?:slot(?:s)?|jackpot(?:s)?|roulette|blackjack|baccarat|poker|free\s*spin(?:s)?)\b/iu',
+            'pharma' => '/\b(?:viagra|cialis|levitra|pharmacy|pill(?:s)?)\b/iu',
+            'adult' => '/\b(?:adult|porn|xxx|escort(?:s)?)\b/iu',
+            'loans' => '/\b(?:loan(?:s)?|payday\s*loan(?:s)?|cash\s*advance|debt\s*relief)\b/iu',
+            'crypto' => '/\b(?:crypto|bitcoin|forex|trading\s*signal(?:s)?)\b/iu',
+            'seo' => '/\b(?:seo(?:\s+services?)?|backlink(?:s)?|guest\s+post(?:ing)?|domain\s+authority)\b/iu',
+        ];
+        $filtered = apply_filters('vulntitan_comment_spam_keyword_patterns', $patterns);
+        return is_array($filtered) ? $filtered : $patterns;
+    }
+    /**
+     * @return array<int,string>
+     */
+    protected static function matchPromotionalPhrases(string $content): array
+    {
+        if ($content === '') {
+            return [];
+        }
+        $matches = [];
+        foreach (self::getPromotionalPhrasePatterns() as $label => $pattern) {
+            if (!is_string($pattern) || @preg_match($pattern, '') === false) {
+                continue;
+            }
+            if (preg_match($pattern, $content)) {
+                $matches[] = (string) $label;
+            }
+        }
+        return $matches;
+    }
+    /**
+     * @return array<int|string,string>
+     */
+    protected static function getPromotionalPhrasePatterns(): array
+    {
+        $patterns = [
+            'check_it_out' => '/\bcheck\s+(?:it|this|them)\s+out\b/iu',
+            'go_to_spot' => '/\bgo-to\s+spot\b/iu',
+            'quick_bets' => '/\bquick\s+bets?\b/iu',
+            'best_odds' => '/\bbest\s+odds\b/iu',
+            'join_now' => '/\bjoin\s+now\b/iu',
+            'visit_site' => '/\bvisit\s+(?:my|our|this)\s+(?:site|website)\b/iu',
+        ];
+        $filtered = apply_filters('vulntitan_comment_promotional_phrase_patterns', $patterns);
+        return is_array($filtered) ? $filtered : $patterns;
+    }
+    protected static function countWords(string $content): int
+    {
+        if ($content === '') {
+            return 0;
+        }
+        preg_match_all('/[\p{L}\p{N}]+(?:[\'’-][\p{L}\p{N}]+)*/u', $content, $matches);
+        return is_array($matches[0] ?? null) ? count($matches[0]) : 0;
+    }
+    protected static function measureLength(string $content): int
+    {
+        if ($content === '') {
+            return 0;
+        }
+        return function_exists('mb_strlen')
+            ? (int) mb_strlen($content, 'UTF-8')
+            : strlen($content);
+    }

vulntitan/tags/2.1.16/includes/Services/FirewallService.php

-                      r3485911
+                      r3490735
             'total_events' => 0,
             'blocked' => 0,
+            'forms_blocked' => 0,
             'login_failed' => 0,
             'login_blocked' => 0,
 …
             'comment_spam_blocked' => 0,
             'comment_spam_held' => 0,
+            'comment_pending_review' => 0,
             'comment_rate_limited' => 0,
             'unique_attackers' => 0,
 …
                     COUNT(*) AS total_events,
                     SUM(CASE WHEN {$blockedCondition} THEN 1 ELSE 0 END) AS blocked,
+                    SUM(CASE WHEN event_type = 'request_blocked' AND event_source IN ('contact_form_7', 'fluent_forms') THEN 1 ELSE 0 END) AS forms_blocked,
                     SUM(CASE WHEN event_type = 'login_failed' THEN 1 ELSE 0 END) AS login_failed,
                     SUM(CASE WHEN event_type = 'login_blocked' THEN 1 ELSE 0 END) AS login_blocked,
 …
                     SUM(CASE WHEN event_type = 'comment_spam_blocked' THEN 1 ELSE 0 END) AS comment_spam_blocked,
                     SUM(CASE WHEN event_type = 'comment_spam_held' THEN 1 ELSE 0 END) AS comment_spam_held,
+                    SUM(CASE WHEN event_type = 'comment_pending_review' THEN 1 ELSE 0 END) AS comment_pending_review,
                     SUM(CASE WHEN event_type = 'comment_rate_limited' THEN 1 ELSE 0 END) AS comment_rate_limited,
                     COUNT(DISTINCT CASE WHEN {$blockedCondition} AND ip_hash <> '' THEN ip_hash ELSE NULL END) AS unique_attackers

vulntitan/tags/2.1.16/includes/Services/WeeklySummaryEmailService.php

-                      r3481890
+                      r3490735
         $periodLabel = trim((string) ($period['start_local_display'] ?? '') . ' - ' . (string) ($period['end_local_display'] ?? ''));
         $blockedTotal = (int) ($totals['blocked'] ?? 0);
+        $formsBlocked = (int) ($totals['forms_blocked'] ?? 0);
         $loginFailed = (int) ($totals['login_failed'] ?? 0);
         $lockouts = (int) ($totals['login_lockout'] ?? 0);
 …
         $commentSpamBlocked = (int) ($totals['comment_spam_blocked'] ?? 0);
         $commentSpamHeld = (int) ($totals['comment_spam_held'] ?? 0);
+        $commentPendingReview = (int) ($totals['comment_pending_review'] ?? 0);
         $commentRateLimited = (int) ($totals['comment_rate_limited'] ?? 0);
         $uniqueAttackers = (int) ($totals['unique_attackers'] ?? 0);
+        $commentQueueTotal = $commentSpamHeld + $commentPendingReview;
+        $commentSpamStopped = $commentSpamBlocked + $commentRateLimited;
         $posture = self::getPostureSummary($totals);
         $preheader = sprintf(
             __('%1$s weekly security digest for %2$s. %3$s blocked events, %4$s failed logins, %5$s SQL injection attempts.', 'vulntitan'),
+            __('%1$s weekly security digest for %2$s. %3$s blocked events, %4$s failed logins, %5$s form spam blocks, %6$s queued comments.', 'vulntitan'),
             'VulnTitan',
             $siteName,
             self::formatNumber($blockedTotal),
             self::formatNumber($loginFailed),
+            self::formatNumber($sqli)
+            self::formatNumber($formsBlocked),
+            self::formatNumber($commentQueueTotal)
         );
         $generatedAt = self::formatLocalTimestamp(time(), 'M j, Y H:i');
         $policySnapshot = self::buildPolicySnapshot();
         $highlights = self::buildHighlights($daily);
+        $highlights = self::buildHighlights($daily, $totals);
         $metricCards = [
 …
                 'label' => __('Blocked Events', 'vulntitan'),
                 'value' => $blockedTotal,
                 'note' => __('Firewall, comment shield, and lockout interventions', 'vulntitan'),
+                'note' => __('Firewall, login shield, comment shield, and form shield interventions', 'vulntitan'),
                 'accent' => '#0f9bd7',
             ],
 …
             ],
+            [
+                'label' => __('Form Spam Blocks', 'vulntitan'),
+                'value' => $formsBlocked,
+                'note' => __('Blocked Contact Form 7 and Fluent Forms submissions', 'vulntitan'),
+                'accent' => '#22c55e',
+            ],
+            [
+                'label' => __('Comment Spam Blocks', 'vulntitan'),
+                'value' => $commentSpamStopped,
+                'note' => __('Spam comments denied before publication', 'vulntitan'),
+                'accent' => '#8b5cf6',
+            ],
+            [
+                'label' => __('Comment Queue Holds', 'vulntitan'),
+                'value' => $commentQueueTotal,
+                'note' => __('Comment Shield holds plus WordPress moderation queue entries', 'vulntitan'),
+                'accent' => '#f97316',
+            ],
+            [
                 'label' => __('SQLi Blocks', 'vulntitan'),
                 'value' => $sqli,
                 'note' => __('Malicious query payloads denied', 'vulntitan'),
+                'accent' => '#22c55e',
+            ],
+            [
+                'label' => __('Comment Spam Blocks', 'vulntitan'),
+                'value' => $commentSpamBlocked + $commentRateLimited,
+                'note' => __('Spam comments denied before publication', 'vulntitan'),
+                'accent' => '#8b5cf6',
+            ],
+            [
+                'label' => __('Comment Spam Held', 'vulntitan'),
+                'value' => $commentSpamHeld,
+                'note' => __('Suspicious comments sent to moderation', 'vulntitan'),
+                'accent' => '#f97316',
+                'accent' => '#14b8a6',
+            ],
+            [
+                'label' => __('Unique Attack Sources', 'vulntitan'),
+                'value' => $uniqueAttackers,
+                'note' => __('Distinct blocked IP fingerprints observed', 'vulntitan'),
+                'accent' => '#2563eb',
             ],
         ];
         $threatRows = [
+            [
+                'label' => __('Form Spam Blocks', 'vulntitan'),
+                'value' => $formsBlocked,
+                'tone' => '#22c55e',
+            ],
+            [
+                'label' => __('Comment Pending Review', 'vulntitan'),
+                'value' => $commentPendingReview,
+                'tone' => '#f59e0b',
+            ],
+            [
                 'label' => __('Command Injection Blocks', 'vulntitan'),
 …
         ];
         $html = '<!doctype html><html><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"></head><body style="margin:0;padding:0;background-color:#edf2f7;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif;color:#0f172a;">';
+        $html = '<!doctype html><html><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">' . self::renderEmailStyles() . '</head><body class="vt-body" style="margin:0;padding:0;background-color:#edf2f7;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif;color:#0f172a;">';
         $html .= '<div style="display:none;max-height:0;overflow:hidden;opacity:0;color:transparent;">' . esc_html($preheader) . '</div>';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#edf2f7;margin:0;padding:24px 0;width:100%;"><tr><td align="center">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="max-width:720px;width:100%;margin:0 auto;">';
         $html .= '<tr><td style="padding:0 16px 16px 16px;">';
+        $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-shell" style="background-color:#edf2f7;margin:0;padding:24px 0;width:100%;"><tr><td align="center">';
+        $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-container" style="max-width:720px;width:100%;margin:0 auto;">';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 16px 16px;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#0b1726;border-radius:24px;overflow:hidden;">';
         $html .= '<tr><td style="padding:18px 24px;background-color:#09111d;border-bottom:1px solid #14324f;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:18px 24px;background-color:#09111d;border-bottom:1px solid #14324f;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0"><tr>';
         $html .= '<td style="vertical-align:middle;">';
 …
+        }
         $html .= '</td>';
         $html .= '<td align="right" style="vertical-align:middle;padding-left:16px;">';
+        $html .= '<td align="right" class="vt-brand-right" style="vertical-align:middle;padding-left:16px;">';
         $html .= '<span style="display:inline-block;font-size:12px;font-weight:700;letter-spacing:0.14em;text-transform:uppercase;color:#38bdf8;">Weekly Digest</span>';
         $html .= '</td>';
         $html .= '</tr></table>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:30px 24px 28px 24px;background-color:#0b1726;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0"><tr>';
         $html .= '<td style="vertical-align:top;padding-right:16px;">';
         $html .= '<div style="font-size:28px;line-height:1.2;font-weight:800;color:#f8fafc;margin:0 0 10px 0;">' . esc_html($siteName) . '</div>';
+        $html .= '<tr><td class="vt-card-pad" style="padding:30px 24px 28px 24px;background-color:#0b1726;">';
+        $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-stack-table"><tr>';
+        $html .= '<td class="vt-hero-left" style="vertical-align:top;padding-right:16px;">';
+        $html .= '<div class="vt-hero-title" style="font-size:28px;line-height:1.2;font-weight:800;color:#f8fafc;margin:0 0 10px 0;">' . esc_html($siteName) . '</div>';
         $html .= '<div style="font-size:15px;line-height:1.7;color:#cbd5e1;margin:0 0 18px 0;">' . esc_html__('Your firewall and login telemetry summary for the previous 7 complete days.', 'vulntitan') . '</div>';
         $html .= '<div style="display:inline-block;padding:9px 14px;border-radius:999px;background-color:#11263c;color:#7dd3fc;font-size:12px;font-weight:700;letter-spacing:0.08em;text-transform:uppercase;">' . esc_html($periodLabel) . '</div>';
+        $html .= '<div class="vt-inline-chip" style="display:inline-block;padding:9px 14px;border-radius:999px;background-color:#11263c;color:#7dd3fc;font-size:12px;font-weight:700;letter-spacing:0.08em;text-transform:uppercase;">' . esc_html($periodLabel) . '</div>';
         $html .= '</td>';
         $html .= '<td align="right" style="vertical-align:top;width:220px;">';
         $html .= '<table role="presentation" cellspacing="0" cellpadding="0" border="0" style="width:220px;background-color:#0f2237;border:1px solid #1d4061;border-radius:20px;">';
+        $html .= '<td align="right" class="vt-hero-right" style="vertical-align:top;width:220px;">';
+        $html .= '<table role="presentation" cellspacing="0" cellpadding="0" border="0" class="vt-blocked-card" style="width:220px;background-color:#0f2237;border:1px solid #1d4061;border-radius:20px;">';
         $html .= '<tr><td style="padding:18px 18px 8px 18px;font-size:12px;letter-spacing:0.12em;text-transform:uppercase;color:#93c5fd;font-weight:700;">' . esc_html__('Blocked This Week', 'vulntitan') . '</td></tr>';
         $html .= '<tr><td style="padding:0 18px 8px 18px;font-size:38px;line-height:1;font-weight:800;color:#ffffff;">' . esc_html(self::formatNumber($blockedTotal)) . '</td></tr>';
+        $html .= '<tr><td class="vt-blocked-value" style="padding:0 18px 8px 18px;font-size:38px;line-height:1;font-weight:800;color:#ffffff;">' . esc_html(self::formatNumber($blockedTotal)) . '</td></tr>';
         $html .= '<tr><td style="padding:0 18px 18px 18px;font-size:13px;line-height:1.7;color:#cbd5e1;">' . esc_html($posture['summary']) . '</td></tr>';
         $html .= '</table>';
 …
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 16px 16px 16px;">' . self::renderMetricGrid($metricCards) . '</td></tr>';
         $html .= '<tr><td style="padding:0 16px 16px 16px;">';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 16px 16px;">' . self::renderMetricGrid($metricCards) . '</td></tr>';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 16px 16px;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:24px;">';
         $html .= '<tr><td style="padding:24px 24px 14px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:24px 24px 14px 24px;">';
         $html .= '<div style="font-size:20px;line-height:1.3;font-weight:800;color:#0f172a;margin:0 0 8px 0;">' . esc_html__('Threat Breakdown', 'vulntitan') . '</div>';
         $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('A focused view of what the firewall and login shield handled during the reporting window.', 'vulntitan') . '</div>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 24px 24px 24px;">' . self::renderThreatBreakdown($threatRows) . '</td></tr>';
+        $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('A focused view of what the firewall, login shield, comment shield, and form shield handled during the reporting window.', 'vulntitan') . '</div>';
+        $html .= '</td></tr>';
+        $html .= '<tr><td class="vt-card-pad" style="padding:0 24px 24px 24px;">' . self::renderThreatBreakdown($threatRows) . '</td></tr>';
         $html .= '</table>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 16px 16px 16px;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0">';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 16px 16px;">';
+        $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-stack-table">';
         $html .= '<tr>';
         $html .= '<td style="width:58%;padding:0 8px 0 0;vertical-align:top;">' . self::renderDailyHistory($daily) . '</td>';
         $html .= '<td style="width:42%;padding:0 0 0 8px;vertical-align:top;">' . self::renderHighlightsPanel($highlights, $topPaths, $topRules) . '</td>';
+        $html .= '<td class="vt-two-col-left" style="width:58%;padding:0 8px 0 0;vertical-align:top;">' . self::renderDailyHistory($daily) . '</td>';
+        $html .= '<td class="vt-two-col-right" style="width:42%;padding:0 0 0 8px;vertical-align:top;">' . self::renderHighlightsPanel($highlights, $topPaths, $topRules) . '</td>';
         $html .= '</tr>';
         $html .= '</table>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 16px 16px 16px;">';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 16px 16px;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:24px;">';
         $html .= '<tr><td style="padding:24px 24px 14px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:24px 24px 14px 24px;">';
         $html .= '<div style="font-size:20px;line-height:1.3;font-weight:800;color:#0f172a;margin:0 0 8px 0;">' . esc_html__('Protection Profile', 'vulntitan') . '</div>';
         $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('Current policy posture that shaped the detection and containment shown above.', 'vulntitan') . '</div>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 24px 24px 24px;">' . $policySnapshot . '</td></tr>';
+        $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('Authentication, WAF, anti-spam, and telemetry controls that shaped the detections shown above.', 'vulntitan') . '</div>';
+        $html .= '</td></tr>';
+        $html .= '<tr><td class="vt-card-pad" style="padding:0 24px 24px 24px;">' . $policySnapshot . '</td></tr>';
         $html .= '</table>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 16px 0 16px;">';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 0 16px;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#0f172a;border-radius:24px;">';
         $html .= '<tr><td style="padding:22px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:22px 24px;">';
         $html .= '<div style="font-size:14px;line-height:1.8;color:#cbd5e1;">';
         $html .= esc_html__('Generated by VulnTitan for your primary site administrator.', 'vulntitan') . ' ';
 …
     protected static function renderMetricCard(string $label, int $value, string $note, string $accent): string
+    {
         return '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:20px;">'
+        return '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-metric-card" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:20px;">'
             . '<tr><td style="padding:20px 20px 8px 20px;font-size:12px;font-weight:700;letter-spacing:0.12em;text-transform:uppercase;color:' . esc_attr($accent) . ';">' . esc_html($label) . '</td></tr>'
             . '<tr><td style="padding:0 20px 8px 20px;font-size:34px;line-height:1;font-weight:800;color:#0f172a;">' . esc_html(self::formatNumber($value)) . '</td></tr>'
+            . '<tr><td class="vt-metric-value" style="padding:0 20px 8px 20px;font-size:34px;line-height:1;font-weight:800;color:#0f172a;">' . esc_html(self::formatNumber($value)) . '</td></tr>'
             . '<tr><td style="padding:0 20px 20px 20px;font-size:14px;line-height:1.7;color:#475569;">' . esc_html($note) . '</td></tr>'
             . '</table>';
 …
     protected static function renderMetricGrid(array $cards): string
+    {
         $html = '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0">';
+        $html = '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-metric-grid">';
         $chunks = array_chunk($cards, 2);
         foreach ($chunks as $rowIndex => $rowCards) {
             $html .= '<tr>';
+            $html .= '<tr class="vt-metric-row">';
             foreach ($rowCards as $cardIndex => $card) {
 …
                 $paddingBottom = $rowIndex < count($chunks) - 1 ? '16px' : '0';
                 $html .= '<td style="width:50%;padding:0 ' . $paddingRight . ' ' . $paddingBottom . ' ' . $paddingLeft . ';vertical-align:top;">';
+                $html .= '<td class="vt-metric-cell" style="width:50%;padding:0 ' . $paddingRight . ' ' . $paddingBottom . ' ' . $paddingLeft . ';vertical-align:top;">';
                 $html .= self::renderMetricCard(
                     (string) ($card['label'] ?? ''),
 …
             if (count($rowCards) === 1) {
                 $paddingBottom = $rowIndex < count($chunks) - 1 ? '16px' : '0';
                 $html .= '<td style="width:50%;padding:0 0 ' . $paddingBottom . ' 8px;vertical-align:top;"></td>';
+                $html .= '<td class="vt-metric-cell" style="width:50%;padding:0 0 ' . $paddingBottom . ' 8px;vertical-align:top;"></td>';
+            }
 …
         $html = '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:24px;">';
         $html .= '<tr><td style="padding:24px 24px 14px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:24px 24px 14px 24px;">';
         $html .= '<div style="font-size:20px;line-height:1.3;font-weight:800;color:#0f172a;margin:0 0 8px 0;">' . esc_html__('7-Day Activity Timeline', 'vulntitan') . '</div>';
         $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('Blocked traffic, login failures, and WAF detections day by day.', 'vulntitan') . '</div>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 24px 24px 24px;">';
+        $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('Blocked traffic, login pressure, form abuse, and comment moderation signals day by day.', 'vulntitan') . '</div>';
+        $html .= '</td></tr>';
+        $html .= '<tr><td class="vt-card-pad" style="padding:0 24px 24px 24px;">';
         foreach ($daily as $index => $day) {
             $counts = is_array($day['counts'] ?? null) ? $day['counts'] : [];
             $blocked = (int) ($counts['blocked'] ?? 0);
+            $formsBlocked = (int) ($counts['forms_blocked'] ?? 0);
+            $commentStopped = (int) ($counts['comment_spam_blocked'] ?? 0) + (int) ($counts['comment_rate_limited'] ?? 0);
+            $commentQueue = (int) ($counts['comment_spam_held'] ?? 0) + (int) ($counts['comment_pending_review'] ?? 0);
             $percent = ($maxBlocked > 0 && $blocked > 0) ? max(12, (int) round(($blocked / $maxBlocked) * 100)) : 0;
             $border = $index < count($daily) - 1 ? 'border-bottom:1px solid #e2e8f0;' : '';
 …
             $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="' . $border . '">';
             $html .= '<tr>';
             $html .= '<td style="padding:12px 0;width:110px;font-size:13px;font-weight:700;color:#0f172a;vertical-align:top;">' . esc_html((string) ($day['label'] ?? '')) . '</td>';
             $html .= '<td style="padding:12px 14px 12px 0;vertical-align:top;">';
+            $html .= '<td class="vt-daily-label" style="padding:12px 0;width:110px;font-size:13px;font-weight:700;color:#0f172a;vertical-align:top;">' . esc_html((string) ($day['label'] ?? '')) . '</td>';
+            $html .= '<td class="vt-daily-data" style="padding:12px 14px 12px 0;vertical-align:top;">';
             $html .= '<div style="height:8px;border-radius:999px;background-color:#e2e8f0;overflow:hidden;margin:5px 0 10px 0;">';
             $html .= '<span style="display:block;height:8px;width:' . esc_attr((string) $percent) . '%;background-color:#0f9bd7;border-radius:999px;"></span>';
 …
             $html .= '<div style="font-size:12px;line-height:1.8;color:#64748b;">';
             $html .= esc_html__('Blocked', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber($blocked)) . '</strong> &nbsp; ';
+            $html .= esc_html__('Forms', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber($formsBlocked)) . '</strong> &nbsp; ';
+            $html .= esc_html__('Comment Stops', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber($commentStopped)) . '</strong> &nbsp; ';
+            $html .= esc_html__('Queue', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber($commentQueue)) . '</strong> &nbsp; ';
             $html .= esc_html__('Failed Logins', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber((int) ($counts['login_failed'] ?? 0))) . '</strong> &nbsp; ';
             $html .= esc_html__('SQLi', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber((int) ($counts['sqli'] ?? 0))) . '</strong> &nbsp; ';
 …
+    {
         $html = '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:24px;margin-bottom:16px;">';
         $html .= '<tr><td style="padding:24px 24px 14px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:24px 24px 14px 24px;">';
         $html .= '<div style="font-size:20px;line-height:1.3;font-weight:800;color:#0f172a;margin:0 0 8px 0;">' . esc_html__('Highlights', 'vulntitan') . '</div>';
         $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('The most important takeaways from this reporting period.', 'vulntitan') . '</div>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 24px 24px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:0 24px 24px 24px;">';
         foreach ($highlights as $index => $highlight) {
 …
                 ];
             },
             __('No firewall or comment-shield rules were triggered in this period.', 'vulntitan')
+            __('No firewall, login, or form-shield rules were triggered in this period.', 'vulntitan')
         );
 …
+    {
         $html = '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:24px;">';
         $html .= '<tr><td style="padding:24px 24px 14px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:24px 24px 14px 24px;">';
         $html .= '<div style="font-size:18px;line-height:1.3;font-weight:800;color:#0f172a;margin:0 0 8px 0;">' . esc_html($title) . '</div>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 24px 24px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:0 24px 24px 24px;">';
         if (!$rows) {
 …
             ],
+            [
+                'label' => __('Two-Factor Authentication', 'vulntitan'),
+                'value' => self::buildTwoFactorSummary($settings),
+            ],
+            [
+                'label' => __('CAPTCHA Coverage', 'vulntitan'),
+                'value' => self::buildCaptchaSummary($settings),
+            ],
+            [
+                'label' => __('XML-RPC Policy', 'vulntitan'),
+                'value' => self::buildXmlrpcSummary($settings),
+            ],
+            [
+                'label' => __('Weak Password Blocking', 'vulntitan'),
+                'value' => !empty($settings['weak_password_blocking_enabled']) ? __('Enabled', 'vulntitan') : __('Disabled', 'vulntitan'),
+            ],
+            [
                 'label' => __('Max Failed Attempts', 'vulntitan'),
                 'value' => self::formatNumber((int) ($settings['max_attempts'] ?? 0)),
 …
             ],
+            [
+                'label' => __('SQLi Rule Set', 'vulntitan'),
+                'value' => !empty($settings['waf_sqli_enabled']) ? __('Enabled', 'vulntitan') : __('Disabled', 'vulntitan'),
+            ],
+            [
+                'label' => __('Command Injection Rule Set', 'vulntitan'),
+                'value' => !empty($settings['waf_command_injection_enabled']) ? __('Enabled', 'vulntitan') : __('Disabled', 'vulntitan'),
+            ],
+            [
+                'label' => __('Learning Mode', 'vulntitan'),
+                'value' => self::buildLearningModeSummary($settings),
+            ],
+            [
+                'label' => __('Proxy Trust Handling', 'vulntitan'),
+                'value' => self::buildProxyTrustSummary($settings),
+            ],
+            [
                 'label' => __('Comment Shield', 'vulntitan'),
                 'value' => !empty($settings['comment_shield_enabled']) ? __('Enabled', 'vulntitan') : __('Disabled', 'vulntitan'),
 …
             ],
+            [
+                'label' => __('Comment Rate Window', 'vulntitan'),
+                'label' => __('Minimum Submit Time', 'vulntitan'),
+                'value' => sprintf(
+                    __('%s seconds', 'vulntitan'),
+                    self::formatNumber((int) ($settings['submission_min_submit_seconds'] ?? $settings['comment_min_submit_seconds'] ?? 0))
+                ),
+            ],
+            [
+                'label' => __('Guest Link Limit', 'vulntitan'),
+                'value' => sprintf(
+                    __('%s links', 'vulntitan'),
+                    self::formatNumber((int) ($settings['submission_max_links'] ?? $settings['comment_max_links'] ?? 0))
+                ),
+            ],
+            [
+                'label' => __('Submission Rate Window', 'vulntitan'),
                 'value' => sprintf(
                     __('%1$s attempts / %2$s minutes', 'vulntitan'),
                     self::formatNumber((int) ($settings['comment_rate_limit_attempts'] ?? 0)),
                     self::formatNumber((int) ($settings['comment_rate_limit_window_minutes'] ?? 0))
+                    self::formatNumber((int) ($settings['submission_rate_limit_attempts'] ?? $settings['comment_rate_limit_attempts'] ?? 0)),
+                    self::formatNumber((int) ($settings['submission_rate_limit_window_minutes'] ?? $settings['comment_rate_limit_window_minutes'] ?? 0))
                 ),
+            ],
+            [
+                'label' => __('Form Shield', 'vulntitan'),
+                'value' => !empty($settings['form_shield_enabled']) ? __('Enabled', 'vulntitan') : __('Disabled', 'vulntitan'),
+            ],
+            [
+                'label' => __('Protected Form Providers', 'vulntitan'),
+                'value' => self::buildFormProvidersSummary($settings),
             ],
+            [
 …
             $border = $index < count($rows) - 1 ? 'border-bottom:1px solid #e2e8f0;' : '';
             $html .= '<tr>';
             $html .= '<td style="padding:12px 0;' . $border . 'font-size:14px;line-height:1.7;color:#475569;width:42%;">' . esc_html((string) $row['label']) . '</td>';
             $html .= '<td style="padding:12px 0;' . $border . 'font-size:14px;line-height:1.7;font-weight:700;color:#0f172a;">' . esc_html((string) $row['value']) . '</td>';
+            $html .= '<td class="vt-policy-label" style="padding:12px 0;' . $border . 'font-size:14px;line-height:1.7;color:#475569;width:42%;">' . esc_html((string) $row['label']) . '</td>';
+            $html .= '<td class="vt-policy-value" style="padding:12px 0;' . $border . 'font-size:14px;line-height:1.7;font-weight:700;color:#0f172a;">' . esc_html((string) $row['value']) . '</td>';
             $html .= '</tr>';
+        }
 …
+    }
     protected static function buildHighlights(array $daily): array
+    protected static function buildHighlights(array $daily, array $totals = []): array
+    {
         $peakDay = null;
 …
         $peakLogins = -1;
         $activeDays = 0;
+        $formsBlocked = (int) ($totals['forms_blocked'] ?? 0);
+        $commentSpamHeld = (int) ($totals['comment_spam_held'] ?? 0);
+        $commentPendingReview = (int) ($totals['comment_pending_review'] ?? 0);
+        $commentStops = (int) ($totals['comment_spam_blocked'] ?? 0) + (int) ($totals['comment_rate_limited'] ?? 0);
         foreach ($daily as $day) {
 …
                 ),
             ],
+            [
+                'title' => __('Abuse Filters', 'vulntitan'),
+                'body' => ($formsBlocked + $commentStops + $commentSpamHeld + $commentPendingReview) > 0
+                    ? sprintf(
+                        __('Form Shield blocked %1$s submissions, comment filtering stopped %2$s comments, and %3$s comments were held or queued for review.', 'vulntitan'),
+                        self::formatNumber($formsBlocked),
+                        self::formatNumber($commentStops),
+                        self::formatNumber($commentSpamHeld + $commentPendingReview)
+                    )
+                    : __('No form spam or suspicious comment activity required intervention during this reporting period.', 'vulntitan'),
+            ],
         ];
         return $highlights;
+    }
+    protected static function renderEmailStyles(): string
+    {
+        return '<style type="text/css">'
+            . 'body{margin:0;padding:0;background-color:#edf2f7;}'
+            . 'table{border-collapse:separate;}'
+            . '@media only screen and (max-width:620px){'
+            . '.vt-shell{padding:16px 0 !important;}'
+            . '.vt-container{width:100% !important;}'
+            . '.vt-section-pad{padding-left:12px !important;padding-right:12px !important;}'
+            . '.vt-card-pad{padding-left:18px !important;padding-right:18px !important;}'
+            . '.vt-brand-right{display:block !important;width:100% !important;text-align:left !important;padding:12px 0 0 0 !important;}'
+            . '.vt-hero-left,.vt-hero-right,.vt-two-col-left,.vt-two-col-right,.vt-metric-cell,.vt-policy-label,.vt-policy-value,.vt-daily-label,.vt-daily-data{display:block !important;width:100% !important;}'
+            . '.vt-hero-left{padding-right:0 !important;padding-bottom:16px !important;}'
+            . '.vt-hero-right{padding-left:0 !important;text-align:left !important;}'
+            . '.vt-two-col-left{padding:0 0 16px 0 !important;}'
+            . '.vt-two-col-right{padding:0 !important;}'
+            . '.vt-metric-row{display:block !important;}'
+            . '.vt-metric-cell{padding:0 0 12px 0 !important;}'
+            . '.vt-metric-cell:last-child{padding-bottom:0 !important;}'
+            . '.vt-blocked-card{width:100% !important;}'
+            . '.vt-hero-title{font-size:24px !important;}'
+            . '.vt-blocked-value,.vt-metric-value{font-size:30px !important;}'
+            . '.vt-inline-chip{display:block !important;margin:0 0 8px 0 !important;text-align:center !important;}'
+            . '.vt-daily-label{padding-bottom:8px !important;}'
+            . '.vt-daily-data{padding-right:0 !important;}'
+            . '.vt-policy-label{padding-bottom:2px !important;border-bottom:none !important;}'
+            . '.vt-policy-value{padding-top:0 !important;padding-bottom:12px !important;}'
+            . '}'
+            . '</style>';
+    }
+    protected static function buildTwoFactorSummary(array $settings): string
+    {
+        if (empty($settings['two_factor_enabled'])) {
+            return __('Disabled', 'vulntitan');
+        }
+        $roles = is_array($settings['two_factor_roles'] ?? null) ? $settings['two_factor_roles'] : [];
+        $roleLabel = $roles ? self::implodeHumanList(array_map([__CLASS__, 'humanizeIdentifier'], $roles)) : __('selected roles', 'vulntitan');
+        $trustedDays = max(0, (int) ($settings['trusted_device_days'] ?? 0));
+        return sprintf(
+            __('Enabled for %1$s with %2$s-day trusted devices', 'vulntitan'),
+            $roleLabel,
+            self::formatNumber($trustedDays)
+        );
+    }
+    protected static function buildCaptchaSummary(array $settings): string
+    {
+        $provider = (string) ($settings['captcha_provider'] ?? 'none');
+        if ($provider === '' || $provider === 'none') {
+            return __('Disabled', 'vulntitan');
+        }
+        $surfaces = [];
+        if (!empty($settings['captcha_login_enabled'])) {
+            $surfaces[] = __('login', 'vulntitan');
+        }
+        if (!empty($settings['captcha_register_enabled'])) {
+            $surfaces[] = __('registration', 'vulntitan');
+        }
+        if (!empty($settings['captcha_lostpassword_enabled'])) {
+            $surfaces[] = __('password reset', 'vulntitan');
+        }
+        if (!empty($settings['captcha_comment_enabled'])) {
+            $surfaces[] = __('comments', 'vulntitan');
+        }
+        $providerLabel = self::humanizeCaptchaProvider($provider);
+        if (!$surfaces) {
+            return sprintf(
+                __('%s configured but not assigned to a protected flow', 'vulntitan'),
+                $providerLabel
+            );
+        }
+        return sprintf(
+            __('%1$s on %2$s', 'vulntitan'),
+            $providerLabel,
+            self::implodeHumanList($surfaces)
+        );
+    }
+    protected static function buildXmlrpcSummary(array $settings): string
+    {
+        $policy = (string) ($settings['xmlrpc_policy'] ?? 'allow');
+        if ($policy === 'rate_limit') {
+            return sprintf(
+                __('Rate limited at %1$s attempts / %2$s minutes', 'vulntitan'),
+                self::formatNumber((int) ($settings['xmlrpc_rate_limit_attempts'] ?? 0)),
+                self::formatNumber((int) ($settings['xmlrpc_rate_limit_window_minutes'] ?? 0))
+            );
+        }
+        if ($policy === 'block') {
+            return __('Blocked except allowlist', 'vulntitan');
+        }
+        return __('Allowed', 'vulntitan');
+    }
+    protected static function buildLearningModeSummary(array $settings): string
+    {
+        if (empty($settings['learning_mode_enabled'])) {
+            return __('Disabled', 'vulntitan');
+        }
+        return sprintf(
+            __('Enabled at %1$s hits within %2$s days', 'vulntitan'),
+            self::formatNumber((int) ($settings['learning_suggestion_threshold'] ?? 0)),
+            self::formatNumber((int) ($settings['learning_suggestion_window_days'] ?? 0))
+        );
+    }
+    protected static function buildProxyTrustSummary(array $settings): string
+    {
+        $parts = [];
+        $trustedProxies = is_array($settings['trusted_proxies'] ?? null) ? $settings['trusted_proxies'] : [];
+        if (!empty($settings['trust_cloudflare'])) {
+            $parts[] = __('Cloudflare headers trusted', 'vulntitan');
+        }
+        if ($trustedProxies) {
+            $parts[] = sprintf(
+                __('%s trusted proxy IPs', 'vulntitan'),
+                self::formatNumber(count($trustedProxies))
+            );
+        }
+        if (!$parts) {
+            return __('Direct REMOTE_ADDR only', 'vulntitan');
+        }
+        return implode(' • ', $parts);
+    }
+    protected static function buildFormProvidersSummary(array $settings): string
+    {
+        if (empty($settings['form_shield_enabled'])) {
+            return __('Disabled', 'vulntitan');
+        }
+        $providers = [];
+        if (!empty($settings['form_provider_cf7_enabled'])) {
+            $providers[] = __('Contact Form 7', 'vulntitan');
+        }
+        if (!empty($settings['form_provider_fluentforms_enabled'])) {
+            $providers[] = __('Fluent Forms', 'vulntitan');
+        }
+        if (!$providers) {
+            return __('Form Shield enabled with no active provider selected', 'vulntitan');
+        }
+        return self::implodeHumanList($providers);
+    }
+    protected static function humanizeCaptchaProvider(string $provider): string
+    {
+        switch ($provider) {
+            case 'turnstile':
+                return __('Cloudflare Turnstile', 'vulntitan');
+            case 'hcaptcha':
+                return __('hCaptcha', 'vulntitan');
+            default:
+                return ucfirst($provider);
+        }
+    }
+    protected static function humanizeIdentifier(string $value): string
+    {
+        return ucwords(str_replace(['_', '-'], ' ', trim($value)));
+    }
+    protected static function implodeHumanList(array $items): string
+    {
+        $items = array_values(array_filter(array_map(static function ($item): string {
+            return is_scalar($item) ? trim((string) $item) : '';
+        }, $items)));
+        if (!$items) {
+            return '';
+        }
+        if (count($items) === 1) {
+            return $items[0];
+        }
+        if (count($items) === 2) {
+            return $items[0] . ' ' . __('and', 'vulntitan') . ' ' . $items[1];
+        }
+        $last = array_pop($items);
+        return implode(', ', $items) . ', ' . __('and', 'vulntitan') . ' ' . $last;
+    }

vulntitan/tags/2.1.16/readme.txt

-                      r3486040
+                      r3490735
 Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 2.1.15
+Stable tag: 2.1.16
 License: GPLv2
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= v2.1.16 - 25 Mar, 2026 =
+* Tightened Comment Shield spam detection with casino, betting, gambling, promotional-link, repeated-domain, and thin-link comment heuristics for guest comments.
+* Added firewall logging when suspicious comments are held and when WordPress routes comments into the pending moderation queue.
+* Expanded the weekly executive security digest with form spam, comment queue, and broader protection-profile coverage.
+* Improved the HTML digest layout on mobile by stacking compressed two-column sections into a readable single-column flow.
 = v2.1.15 - 18 Mar, 2026 =
 * Added “Not installed” provider messaging in Spam Protection and disabled unavailable form provider toggles until Contact Form 7 or Fluent Forms is activated.

vulntitan/tags/2.1.16/vulntitan.php

-                      r3486040
+                      r3490735
  * Plugin URI: https://vulntitan.com/vulntitan/
  * Description: VulnTitan is a WordPress security plugin with vulnerability scanning, malware detection, file integrity monitoring, comment and form anti-spam protection, and a built-in firewall with WAF payload rules and login protection.
  * Version: 2.1.15
+ * Version: 2.1.16
  * Author: Jaroslav Svetlik
  * Author URI: https://vulntitan.com
 …
 // Define plugin constants
 define('VULNTITAN_PLUGIN_VERSION', VULNTITAN_DEVELOPMENT ? uniqid() : '2.1.15');
+define('VULNTITAN_PLUGIN_VERSION', VULNTITAN_DEVELOPMENT ? uniqid() : '2.1.16');
 define('VULNTITAN_PLUGIN_BASENAME', plugin_basename(__FILE__));
 define('VULNTITAN_PLUGIN_DIR', untrailingslashit(plugin_dir_path(__FILE__)));

vulntitan/trunk/CHANGELOG.md

-                      r3486040
+                      r3490735
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [2.1.16] - 2026-03-25
+### Added
+- Tightened Comment Shield spam detection with casino, betting, gambling, promotional-link, repeated-domain, and thin-link heuristics for guest comments.
+- Logged suspicious comment holds and WordPress moderation-queue entries into the firewall activity stream.
+- Expanded the weekly executive security digest with form spam, comment queue, and broader protection-profile coverage.
+### Changed
+- Reworked the HTML weekly digest layout so cramped two-column sections collapse into a readable mobile presentation.
 ## [2.1.15] - 2026-03-18

vulntitan/trunk/assets/js/firewall.js

-                      r3486040
+                      r3490735
             case 'comment_spam_held':
                 return i18n.firewall_event_comment_spam_held || 'Comment held for review';
+            case 'comment_pending_review':
+                return i18n.firewall_event_comment_pending_review || 'Comment entered pending review';
             case 'comment_rate_limited':
                 return i18n.firewall_event_comment_rate_limited || 'Comment rate limited';
 …
                 return 'is-danger';
             case 'comment_spam_held':
+            case 'comment_pending_review':
             case 'login_failed':
                 return 'is-warning';

vulntitan/trunk/assets/js/firewall.min.js

-                      r3486040
+                      r3490735
             case 'comment_spam_held':
                 return i18n.firewall_event_comment_spam_held || 'Comment held for review';
+            case 'comment_pending_review':
+                return i18n.firewall_event_comment_pending_review || 'Comment entered pending review';
             case 'comment_rate_limited':
                 return i18n.firewall_event_comment_rate_limited || 'Comment rate limited';
 …
                 return 'is-danger';
             case 'comment_spam_held':
+            case 'comment_pending_review':
             case 'login_failed':
                 return 'is-warning';

vulntitan/trunk/includes/Admin/Admin.php

r3485911	r3490735
138	138	'firewall_event_comment_spam_blocked' => esc_html__('Comment spam blocked', 'vulntitan'),
139	139	'firewall_event_comment_spam_held' => esc_html__('Comment held for review', 'vulntitan'),
	140	'firewall_event_comment_pending_review' => esc_html__('Comment entered pending review', 'vulntitan'),
140	141	'firewall_event_comment_rate_limited' => esc_html__('Comment rate limited', 'vulntitan'),
141	142	'firewall_feed_live' => esc_html__('Live', 'vulntitan'),

vulntitan/trunk/includes/Services/CommentSpamService.php

-                      r3485911
+                      r3490735
     protected const RATE_LIMIT_PREFIX = 'vulntitan_cs_rate_';
     protected const MIN_TOKEN_AGE = 1;
+    protected const SHORT_COMMENT_MAX_WORDS = 3;
+    protected const SHORT_COMMENT_MAX_LENGTH = 40;
     protected static bool $booted = false;
 …
         if (($decision['action'] ?? 'allow') === 'allow') {
+            if (self::isEnabled() && self::supportsCommentType($commentData) && !self::shouldBypass($commentData) && ($approved === 0 || $approved === '0')) {
+                self::logPendingModeration($commentData);
+            }
             return $approved;
+        }
 …
         $commentContent = isset($commentData['comment_content']) ? (string) wp_unslash($commentData['comment_content']) : '';
         $normalizedContent = self::normalizeCommentContent($commentContent);
+        $authorName = isset($commentData['comment_author']) ? self::normalizeCommentContent((string) wp_unslash($commentData['comment_author'])) : '';
+        $authorUrl = isset($commentData['comment_author_url']) ? trim((string) wp_unslash($commentData['comment_author_url'])) : '';
         $postId = (int) ($commentData['comment_post_ID'] ?? 0);
         $ipAddress = self::resolveIpAddress($commentData);
 …
         $rateCount = self::incrementRateCounter($visitorKey, $rateWindowMinutes);
         $maxAttempts = max(1, (int) ($settings['submission_rate_limit_attempts'] ?? $settings['comment_rate_limit_attempts'] ?? 3));
+        $linkCount = self::countLinks($commentContent);
+        $authorDomain = self::normalizeDomain($authorUrl);
+        $externalDomains = self::extractExternalDomains($commentContent, $authorDomain);
+        [$topExternalDomain, $topExternalHits] = self::findTopDomain($externalDomains);
+        $spamKeywordMatches = self::matchSpamKeywords(implode("\n", array_filter([$normalizedContent, $authorName, self::normalizeCommentContent($authorUrl)])));
+        $promotionalPhraseMatches = self::matchPromotionalPhrases($normalizedContent);
+        $wordCount = self::countWords($normalizedContent);
+        $contentLength = self::measureLength($normalizedContent);
         if ($rateCount > $maxAttempts) {
 …
+                [
                     'comment_hash' => self::buildCommentHash($normalizedContent),
                     'link_count' => self::countLinks($commentContent),
+                    'link_count' => $linkCount,
+                ]
             );
 …
         if (!self::isAuthenticatedCommenter($commentData)) {
-            $linkCount = self::countLinks($commentContent);
             $maxLinks = max(0, (int) ($settings['submission_max_links'] ?? $settings['comment_max_links'] ?? 2));
+            if ($spamKeywordMatches !== [] && $externalDomains !== []) {
+                return self::buildDecisionFromSuspiciousAction(
+                    (string) ($settings['comment_suspicious_action'] ?? 'hold'),
+                    'spam_keywords_with_external_url',
+                    __('Comment contains common spam keywords together with an external URL or website.', 'vulntitan'),
+                    [
+                        'post_id' => $postId,
+                        'rate_count' => $rateCount,
+                        'window_minutes' => $rateWindowMinutes,
+                        'link_count' => $linkCount,
+                        'author_url_domain' => $authorDomain,
+                        'matched_keywords' => $spamKeywordMatches,
+                    ],
+                    [
+                        'comment_hash' => self::buildCommentHash($normalizedContent),
+                        'link_count' => $linkCount,
+                        'external_domains' => array_values(array_unique($externalDomains)),
+                    ]
+                );
+            }
+            if (count($spamKeywordMatches) >= 2) {
+                return self::buildDecisionFromSuspiciousAction(
+                    (string) ($settings['comment_suspicious_action'] ?? 'hold'),
+                    'spam_keyword_cluster',
+                    __('Comment contains multiple high-risk spam keyword categories.', 'vulntitan'),
+                    [
+                        'post_id' => $postId,
+                        'rate_count' => $rateCount,
+                        'window_minutes' => $rateWindowMinutes,
+                        'matched_keywords' => $spamKeywordMatches,
+                    ],
+                    [
+                        'comment_hash' => self::buildCommentHash($normalizedContent),
+                        'matched_keywords' => $spamKeywordMatches,
+                    ]
+                );
+            }
+            if ($topExternalDomain !== '' && $topExternalHits >= 2) {
+                return self::buildDecisionFromSuspiciousAction(
+                    (string) ($settings['comment_suspicious_action'] ?? 'hold'),
+                    'repeated_external_domain',
+                    __('Comment repeats the same external domain across the message and author website fields.', 'vulntitan'),
+                    [
+                        'post_id' => $postId,
+                        'rate_count' => $rateCount,
+                        'window_minutes' => $rateWindowMinutes,
+                        'top_external_domain' => $topExternalDomain,
+                        'top_external_domain_hits' => $topExternalHits,
+                    ],
+                    [
+                        'comment_hash' => self::buildCommentHash($normalizedContent),
+                        'link_count' => $linkCount,
+                        'external_domains' => array_values(array_unique($externalDomains)),
+                        'top_external_domain' => $topExternalDomain,
+                        'top_external_domain_hits' => $topExternalHits,
+                    ]
+                );
+            }
+            if ($promotionalPhraseMatches !== [] && $externalDomains !== []) {
+                return self::buildDecisionFromSuspiciousAction(
+                    (string) ($settings['comment_suspicious_action'] ?? 'hold'),
+                    'promotional_link_comment',
+                    __('Comment combines promotional phrases with an external link or website.', 'vulntitan'),
+                    [
+                        'post_id' => $postId,
+                        'rate_count' => $rateCount,
+                        'window_minutes' => $rateWindowMinutes,
+                        'matched_promotions' => $promotionalPhraseMatches,
+                        'link_count' => $linkCount,
+                    ],
+                    [
+                        'comment_hash' => self::buildCommentHash($normalizedContent),
+                        'external_domains' => array_values(array_unique($externalDomains)),
+                        'matched_promotions' => $promotionalPhraseMatches,
+                    ]
+                );
+            }
+            if ($externalDomains !== [] && $wordCount > 0 && $wordCount <= self::SHORT_COMMENT_MAX_WORDS && $contentLength <= self::SHORT_COMMENT_MAX_LENGTH) {
+                return self::buildDecisionFromSuspiciousAction(
+                    (string) ($settings['comment_suspicious_action'] ?? 'hold'),
+                    'thin_external_link_comment',
+                    __('Very short guest comment submitted with an external link or website.', 'vulntitan'),
+                    [
+                        'post_id' => $postId,
+                        'rate_count' => $rateCount,
+                        'window_minutes' => $rateWindowMinutes,
+                        'word_count' => $wordCount,
+                        'content_length' => $contentLength,
+                        'author_url_domain' => $authorDomain,
+                    ],
+                    [
+                        'comment_hash' => self::buildCommentHash($normalizedContent),
+                        'link_count' => $linkCount,
+                        'external_domains' => array_values(array_unique($externalDomains)),
+                    ]
+                );
+            }
             if ($linkCount > $maxLinks) {
 …
     ): array {
         $details['action'] = $action;
+        if ($action === 'hold') {
+            $details['approval_status'] = 'pending';
+        }
         return [
 …
+    }
+    protected static function logPendingModeration(array $commentData): void
+    {
+        $commentContent = isset($commentData['comment_content']) ? (string) wp_unslash($commentData['comment_content']) : '';
+        $normalizedContent = self::normalizeCommentContent($commentContent);
+        $authorUrl = isset($commentData['comment_author_url']) ? trim((string) wp_unslash($commentData['comment_author_url'])) : '';
+        $authorDomain = self::normalizeDomain($authorUrl);
+        $externalDomains = self::extractExternalDomains($commentContent, $authorDomain);
+        FirewallService::logEvent('comment_pending_review', [
+            'event_source' => 'comment_shield',
+            'event_action' => 'log',
+            'blocked' => 0,
+            'response_code' => 0,
+            'severity' => 1,
+            'ip_address' => self::resolveIpAddress($commentData),
+            'username' => self::resolveUsername($commentData),
+            'request_method' => strtoupper((string) ($_SERVER['REQUEST_METHOD'] ?? 'POST')),
+            'request_uri' => (string) ($_SERVER['REQUEST_URI'] ?? ''),
+            'request_path' => (string) parse_url((string) ($_SERVER['REQUEST_URI'] ?? ''), PHP_URL_PATH),
+            'rule_group' => 'comment_moderation',
+            'rule_id' => 'wordpress_pending_review',
+            'reason' => __('Comment entered the moderation queue.', 'vulntitan'),
+            'details' => [
+                'action' => 'hold',
+                'approval_status' => 'pending',
+                'post_id' => (int) ($commentData['comment_post_ID'] ?? 0),
+                'link_count' => self::countLinks($commentContent),
+                'author_url_domain' => $authorDomain,
+            ],
+            'context' => [
+                'comment_hash' => self::buildCommentHash($normalizedContent),
+                'external_domains' => array_values(array_unique($externalDomains)),
+            ],
+        ]);
+    }
     protected static function isEnabled(): bool
+    {
 …
         return is_array($matches[0] ?? null) ? count($matches[0]) : 0;
+    }
+    /**
+     * @return array<int,string>
+     */
+    protected static function extractExternalDomains(string $content, string $authorDomain = ''): array
+    {
+        $domains = self::extractLinkDomains($content);
+        if ($authorDomain !== '') {
+            $domains[] = $authorDomain;
+        }
+        return array_values(array_filter($domains, [__CLASS__, 'isExternalDomain']));
+    }
+    /**
+     * @return array<int,string>
+     */
+    protected static function extractLinkDomains(string $content): array
+    {
+        if ($content === '') {
+            return [];
+        }
+        preg_match_all('~(?:https?://|www\.)[^\s<>"\']+~iu', $content, $matches);
+        $rawUrls = is_array($matches[0] ?? null) ? $matches[0] : [];
+        $domains = [];
+        foreach ($rawUrls as $rawUrl) {
+            if (!is_string($rawUrl)) {
+                continue;
+            }
+            $domain = self::normalizeDomain($rawUrl);
+            if ($domain !== '') {
+                $domains[] = $domain;
+            }
+        }
+        return $domains;
+    }
+    protected static function normalizeDomain(string $value): string
+    {
+        $value = trim($value);
+        if ($value === '') {
+            return '';
+        }
+        if (strpos($value, '://') === false) {
+            $value = 'https://' . ltrim($value, '/');
+        }
+        $host = wp_parse_url($value, PHP_URL_HOST);
+        if (!is_string($host) || $host === '') {
+            return '';
+        }
+        $host = strtolower(trim($host));
+        return strpos($host, 'www.') === 0 ? substr($host, 4) : $host;
+    }
+    protected static function isExternalDomain(string $domain): bool
+    {
+        $normalizedDomain = self::normalizeDomain($domain);
+        if ($normalizedDomain === '') {
+            return false;
+        }
+        $siteDomain = self::normalizeDomain((string) home_url('/'));
+        if ($siteDomain === '') {
+            return true;
+        }
+        return $normalizedDomain !== $siteDomain
+            && substr($normalizedDomain, -strlen('.' . $siteDomain)) !== '.' . $siteDomain;
+    }
+    /**
+     * @param array<int,string> $domains
+     * @return array{0:string,1:int}
+     */
+    protected static function findTopDomain(array $domains): array
+    {
+        if ($domains === []) {
+            return ['', 0];
+        }
+        $counts = array_count_values(array_filter($domains, 'is_string'));
+        if ($counts === []) {
+            return ['', 0];
+        }
+        arsort($counts);
+        $topDomain = (string) array_key_first($counts);
+        return [$topDomain, (int) ($counts[$topDomain] ?? 0)];
+    }
+    /**
+     * @return array<int,string>
+     */
+    protected static function matchSpamKeywords(string $content): array
+    {
+        if ($content === '') {
+            return [];
+        }
+        $matches = [];
+        foreach (self::getSpamKeywordPatterns() as $label => $pattern) {
+            if (!is_string($pattern) || @preg_match($pattern, '') === false) {
+                continue;
+            }
+            if (preg_match($pattern, $content)) {
+                $matches[] = (string) $label;
+            }
+        }
+        return $matches;
+    }
+    /**
+     * @return array<int,string>
+     */
+    protected static function getSpamKeywordPatterns(): array
+    {
+        $patterns = [
+            'casino' => '/\bcasino(?:s)?\b/iu',
+            'betting' => '/\b(?:bet(?:s|ting)?|sportsbook|bookmaker(?:s)?)\b/iu',
+            'gambling' => '/\b(?:gambl(?:e|ing)|wager(?:s|ing)?)\b/iu',
+            'slots' => '/\b(?:slot(?:s)?|jackpot(?:s)?|roulette|blackjack|baccarat|poker|free\s*spin(?:s)?)\b/iu',
+            'pharma' => '/\b(?:viagra|cialis|levitra|pharmacy|pill(?:s)?)\b/iu',
+            'adult' => '/\b(?:adult|porn|xxx|escort(?:s)?)\b/iu',
+            'loans' => '/\b(?:loan(?:s)?|payday\s*loan(?:s)?|cash\s*advance|debt\s*relief)\b/iu',
+            'crypto' => '/\b(?:crypto|bitcoin|forex|trading\s*signal(?:s)?)\b/iu',
+            'seo' => '/\b(?:seo(?:\s+services?)?|backlink(?:s)?|guest\s+post(?:ing)?|domain\s+authority)\b/iu',
+        ];
+        $filtered = apply_filters('vulntitan_comment_spam_keyword_patterns', $patterns);
+        return is_array($filtered) ? $filtered : $patterns;
+    }
+    /**
+     * @return array<int,string>
+     */
+    protected static function matchPromotionalPhrases(string $content): array
+    {
+        if ($content === '') {
+            return [];
+        }
+        $matches = [];
+        foreach (self::getPromotionalPhrasePatterns() as $label => $pattern) {
+            if (!is_string($pattern) || @preg_match($pattern, '') === false) {
+                continue;
+            }
+            if (preg_match($pattern, $content)) {
+                $matches[] = (string) $label;
+            }
+        }
+        return $matches;
+    }
+    /**
+     * @return array<int|string,string>
+     */
+    protected static function getPromotionalPhrasePatterns(): array
+    {
+        $patterns = [
+            'check_it_out' => '/\bcheck\s+(?:it|this|them)\s+out\b/iu',
+            'go_to_spot' => '/\bgo-to\s+spot\b/iu',
+            'quick_bets' => '/\bquick\s+bets?\b/iu',
+            'best_odds' => '/\bbest\s+odds\b/iu',
+            'join_now' => '/\bjoin\s+now\b/iu',
+            'visit_site' => '/\bvisit\s+(?:my|our|this)\s+(?:site|website)\b/iu',
+        ];
+        $filtered = apply_filters('vulntitan_comment_promotional_phrase_patterns', $patterns);
+        return is_array($filtered) ? $filtered : $patterns;
+    }
+    protected static function countWords(string $content): int
+    {
+        if ($content === '') {
+            return 0;
+        }
+        preg_match_all('/[\p{L}\p{N}]+(?:[\'’-][\p{L}\p{N}]+)*/u', $content, $matches);
+        return is_array($matches[0] ?? null) ? count($matches[0]) : 0;
+    }
+    protected static function measureLength(string $content): int
+    {
+        if ($content === '') {
+            return 0;
+        }
+        return function_exists('mb_strlen')
+            ? (int) mb_strlen($content, 'UTF-8')
+            : strlen($content);
+    }

vulntitan/trunk/includes/Services/FirewallService.php

-                      r3485911
+                      r3490735
             'total_events' => 0,
             'blocked' => 0,
+            'forms_blocked' => 0,
             'login_failed' => 0,
             'login_blocked' => 0,
 …
             'comment_spam_blocked' => 0,
             'comment_spam_held' => 0,
+            'comment_pending_review' => 0,
             'comment_rate_limited' => 0,
             'unique_attackers' => 0,
 …
                     COUNT(*) AS total_events,
                     SUM(CASE WHEN {$blockedCondition} THEN 1 ELSE 0 END) AS blocked,
+                    SUM(CASE WHEN event_type = 'request_blocked' AND event_source IN ('contact_form_7', 'fluent_forms') THEN 1 ELSE 0 END) AS forms_blocked,
                     SUM(CASE WHEN event_type = 'login_failed' THEN 1 ELSE 0 END) AS login_failed,
                     SUM(CASE WHEN event_type = 'login_blocked' THEN 1 ELSE 0 END) AS login_blocked,
 …
                     SUM(CASE WHEN event_type = 'comment_spam_blocked' THEN 1 ELSE 0 END) AS comment_spam_blocked,
                     SUM(CASE WHEN event_type = 'comment_spam_held' THEN 1 ELSE 0 END) AS comment_spam_held,
+                    SUM(CASE WHEN event_type = 'comment_pending_review' THEN 1 ELSE 0 END) AS comment_pending_review,
                     SUM(CASE WHEN event_type = 'comment_rate_limited' THEN 1 ELSE 0 END) AS comment_rate_limited,
                     COUNT(DISTINCT CASE WHEN {$blockedCondition} AND ip_hash <> '' THEN ip_hash ELSE NULL END) AS unique_attackers

vulntitan/trunk/includes/Services/WeeklySummaryEmailService.php

-                      r3481890
+                      r3490735
         $periodLabel = trim((string) ($period['start_local_display'] ?? '') . ' - ' . (string) ($period['end_local_display'] ?? ''));
         $blockedTotal = (int) ($totals['blocked'] ?? 0);
+        $formsBlocked = (int) ($totals['forms_blocked'] ?? 0);
         $loginFailed = (int) ($totals['login_failed'] ?? 0);
         $lockouts = (int) ($totals['login_lockout'] ?? 0);
 …
         $commentSpamBlocked = (int) ($totals['comment_spam_blocked'] ?? 0);
         $commentSpamHeld = (int) ($totals['comment_spam_held'] ?? 0);
+        $commentPendingReview = (int) ($totals['comment_pending_review'] ?? 0);
         $commentRateLimited = (int) ($totals['comment_rate_limited'] ?? 0);
         $uniqueAttackers = (int) ($totals['unique_attackers'] ?? 0);
+        $commentQueueTotal = $commentSpamHeld + $commentPendingReview;
+        $commentSpamStopped = $commentSpamBlocked + $commentRateLimited;
         $posture = self::getPostureSummary($totals);
         $preheader = sprintf(
             __('%1$s weekly security digest for %2$s. %3$s blocked events, %4$s failed logins, %5$s SQL injection attempts.', 'vulntitan'),
+            __('%1$s weekly security digest for %2$s. %3$s blocked events, %4$s failed logins, %5$s form spam blocks, %6$s queued comments.', 'vulntitan'),
             'VulnTitan',
             $siteName,
             self::formatNumber($blockedTotal),
             self::formatNumber($loginFailed),
+            self::formatNumber($sqli)
+            self::formatNumber($formsBlocked),
+            self::formatNumber($commentQueueTotal)
         );
         $generatedAt = self::formatLocalTimestamp(time(), 'M j, Y H:i');
         $policySnapshot = self::buildPolicySnapshot();
         $highlights = self::buildHighlights($daily);
+        $highlights = self::buildHighlights($daily, $totals);
         $metricCards = [
 …
                 'label' => __('Blocked Events', 'vulntitan'),
                 'value' => $blockedTotal,
                 'note' => __('Firewall, comment shield, and lockout interventions', 'vulntitan'),
+                'note' => __('Firewall, login shield, comment shield, and form shield interventions', 'vulntitan'),
                 'accent' => '#0f9bd7',
             ],
 …
             ],
+            [
+                'label' => __('Form Spam Blocks', 'vulntitan'),
+                'value' => $formsBlocked,
+                'note' => __('Blocked Contact Form 7 and Fluent Forms submissions', 'vulntitan'),
+                'accent' => '#22c55e',
+            ],
+            [
+                'label' => __('Comment Spam Blocks', 'vulntitan'),
+                'value' => $commentSpamStopped,
+                'note' => __('Spam comments denied before publication', 'vulntitan'),
+                'accent' => '#8b5cf6',
+            ],
+            [
+                'label' => __('Comment Queue Holds', 'vulntitan'),
+                'value' => $commentQueueTotal,
+                'note' => __('Comment Shield holds plus WordPress moderation queue entries', 'vulntitan'),
+                'accent' => '#f97316',
+            ],
+            [
                 'label' => __('SQLi Blocks', 'vulntitan'),
                 'value' => $sqli,
                 'note' => __('Malicious query payloads denied', 'vulntitan'),
+                'accent' => '#22c55e',
+            ],
+            [
+                'label' => __('Comment Spam Blocks', 'vulntitan'),
+                'value' => $commentSpamBlocked + $commentRateLimited,
+                'note' => __('Spam comments denied before publication', 'vulntitan'),
+                'accent' => '#8b5cf6',
+            ],
+            [
+                'label' => __('Comment Spam Held', 'vulntitan'),
+                'value' => $commentSpamHeld,
+                'note' => __('Suspicious comments sent to moderation', 'vulntitan'),
+                'accent' => '#f97316',
+                'accent' => '#14b8a6',
+            ],
+            [
+                'label' => __('Unique Attack Sources', 'vulntitan'),
+                'value' => $uniqueAttackers,
+                'note' => __('Distinct blocked IP fingerprints observed', 'vulntitan'),
+                'accent' => '#2563eb',
             ],
         ];
         $threatRows = [
+            [
+                'label' => __('Form Spam Blocks', 'vulntitan'),
+                'value' => $formsBlocked,
+                'tone' => '#22c55e',
+            ],
+            [
+                'label' => __('Comment Pending Review', 'vulntitan'),
+                'value' => $commentPendingReview,
+                'tone' => '#f59e0b',
+            ],
+            [
                 'label' => __('Command Injection Blocks', 'vulntitan'),
 …
         ];
         $html = '<!doctype html><html><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"></head><body style="margin:0;padding:0;background-color:#edf2f7;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif;color:#0f172a;">';
+        $html = '<!doctype html><html><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">' . self::renderEmailStyles() . '</head><body class="vt-body" style="margin:0;padding:0;background-color:#edf2f7;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif;color:#0f172a;">';
         $html .= '<div style="display:none;max-height:0;overflow:hidden;opacity:0;color:transparent;">' . esc_html($preheader) . '</div>';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#edf2f7;margin:0;padding:24px 0;width:100%;"><tr><td align="center">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="max-width:720px;width:100%;margin:0 auto;">';
         $html .= '<tr><td style="padding:0 16px 16px 16px;">';
+        $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-shell" style="background-color:#edf2f7;margin:0;padding:24px 0;width:100%;"><tr><td align="center">';
+        $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-container" style="max-width:720px;width:100%;margin:0 auto;">';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 16px 16px;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#0b1726;border-radius:24px;overflow:hidden;">';
         $html .= '<tr><td style="padding:18px 24px;background-color:#09111d;border-bottom:1px solid #14324f;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:18px 24px;background-color:#09111d;border-bottom:1px solid #14324f;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0"><tr>';
         $html .= '<td style="vertical-align:middle;">';
 …
+        }
         $html .= '</td>';
         $html .= '<td align="right" style="vertical-align:middle;padding-left:16px;">';
+        $html .= '<td align="right" class="vt-brand-right" style="vertical-align:middle;padding-left:16px;">';
         $html .= '<span style="display:inline-block;font-size:12px;font-weight:700;letter-spacing:0.14em;text-transform:uppercase;color:#38bdf8;">Weekly Digest</span>';
         $html .= '</td>';
         $html .= '</tr></table>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:30px 24px 28px 24px;background-color:#0b1726;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0"><tr>';
         $html .= '<td style="vertical-align:top;padding-right:16px;">';
         $html .= '<div style="font-size:28px;line-height:1.2;font-weight:800;color:#f8fafc;margin:0 0 10px 0;">' . esc_html($siteName) . '</div>';
+        $html .= '<tr><td class="vt-card-pad" style="padding:30px 24px 28px 24px;background-color:#0b1726;">';
+        $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-stack-table"><tr>';
+        $html .= '<td class="vt-hero-left" style="vertical-align:top;padding-right:16px;">';
+        $html .= '<div class="vt-hero-title" style="font-size:28px;line-height:1.2;font-weight:800;color:#f8fafc;margin:0 0 10px 0;">' . esc_html($siteName) . '</div>';
         $html .= '<div style="font-size:15px;line-height:1.7;color:#cbd5e1;margin:0 0 18px 0;">' . esc_html__('Your firewall and login telemetry summary for the previous 7 complete days.', 'vulntitan') . '</div>';
         $html .= '<div style="display:inline-block;padding:9px 14px;border-radius:999px;background-color:#11263c;color:#7dd3fc;font-size:12px;font-weight:700;letter-spacing:0.08em;text-transform:uppercase;">' . esc_html($periodLabel) . '</div>';
+        $html .= '<div class="vt-inline-chip" style="display:inline-block;padding:9px 14px;border-radius:999px;background-color:#11263c;color:#7dd3fc;font-size:12px;font-weight:700;letter-spacing:0.08em;text-transform:uppercase;">' . esc_html($periodLabel) . '</div>';
         $html .= '</td>';
         $html .= '<td align="right" style="vertical-align:top;width:220px;">';
         $html .= '<table role="presentation" cellspacing="0" cellpadding="0" border="0" style="width:220px;background-color:#0f2237;border:1px solid #1d4061;border-radius:20px;">';
+        $html .= '<td align="right" class="vt-hero-right" style="vertical-align:top;width:220px;">';
+        $html .= '<table role="presentation" cellspacing="0" cellpadding="0" border="0" class="vt-blocked-card" style="width:220px;background-color:#0f2237;border:1px solid #1d4061;border-radius:20px;">';
         $html .= '<tr><td style="padding:18px 18px 8px 18px;font-size:12px;letter-spacing:0.12em;text-transform:uppercase;color:#93c5fd;font-weight:700;">' . esc_html__('Blocked This Week', 'vulntitan') . '</td></tr>';
         $html .= '<tr><td style="padding:0 18px 8px 18px;font-size:38px;line-height:1;font-weight:800;color:#ffffff;">' . esc_html(self::formatNumber($blockedTotal)) . '</td></tr>';
+        $html .= '<tr><td class="vt-blocked-value" style="padding:0 18px 8px 18px;font-size:38px;line-height:1;font-weight:800;color:#ffffff;">' . esc_html(self::formatNumber($blockedTotal)) . '</td></tr>';
         $html .= '<tr><td style="padding:0 18px 18px 18px;font-size:13px;line-height:1.7;color:#cbd5e1;">' . esc_html($posture['summary']) . '</td></tr>';
         $html .= '</table>';
 …
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 16px 16px 16px;">' . self::renderMetricGrid($metricCards) . '</td></tr>';
         $html .= '<tr><td style="padding:0 16px 16px 16px;">';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 16px 16px;">' . self::renderMetricGrid($metricCards) . '</td></tr>';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 16px 16px;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:24px;">';
         $html .= '<tr><td style="padding:24px 24px 14px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:24px 24px 14px 24px;">';
         $html .= '<div style="font-size:20px;line-height:1.3;font-weight:800;color:#0f172a;margin:0 0 8px 0;">' . esc_html__('Threat Breakdown', 'vulntitan') . '</div>';
         $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('A focused view of what the firewall and login shield handled during the reporting window.', 'vulntitan') . '</div>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 24px 24px 24px;">' . self::renderThreatBreakdown($threatRows) . '</td></tr>';
+        $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('A focused view of what the firewall, login shield, comment shield, and form shield handled during the reporting window.', 'vulntitan') . '</div>';
+        $html .= '</td></tr>';
+        $html .= '<tr><td class="vt-card-pad" style="padding:0 24px 24px 24px;">' . self::renderThreatBreakdown($threatRows) . '</td></tr>';
         $html .= '</table>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 16px 16px 16px;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0">';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 16px 16px;">';
+        $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-stack-table">';
         $html .= '<tr>';
         $html .= '<td style="width:58%;padding:0 8px 0 0;vertical-align:top;">' . self::renderDailyHistory($daily) . '</td>';
         $html .= '<td style="width:42%;padding:0 0 0 8px;vertical-align:top;">' . self::renderHighlightsPanel($highlights, $topPaths, $topRules) . '</td>';
+        $html .= '<td class="vt-two-col-left" style="width:58%;padding:0 8px 0 0;vertical-align:top;">' . self::renderDailyHistory($daily) . '</td>';
+        $html .= '<td class="vt-two-col-right" style="width:42%;padding:0 0 0 8px;vertical-align:top;">' . self::renderHighlightsPanel($highlights, $topPaths, $topRules) . '</td>';
         $html .= '</tr>';
         $html .= '</table>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 16px 16px 16px;">';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 16px 16px;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:24px;">';
         $html .= '<tr><td style="padding:24px 24px 14px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:24px 24px 14px 24px;">';
         $html .= '<div style="font-size:20px;line-height:1.3;font-weight:800;color:#0f172a;margin:0 0 8px 0;">' . esc_html__('Protection Profile', 'vulntitan') . '</div>';
         $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('Current policy posture that shaped the detection and containment shown above.', 'vulntitan') . '</div>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 24px 24px 24px;">' . $policySnapshot . '</td></tr>';
+        $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('Authentication, WAF, anti-spam, and telemetry controls that shaped the detections shown above.', 'vulntitan') . '</div>';
+        $html .= '</td></tr>';
+        $html .= '<tr><td class="vt-card-pad" style="padding:0 24px 24px 24px;">' . $policySnapshot . '</td></tr>';
         $html .= '</table>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 16px 0 16px;">';
+        $html .= '<tr><td class="vt-section-pad" style="padding:0 16px 0 16px;">';
         $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#0f172a;border-radius:24px;">';
         $html .= '<tr><td style="padding:22px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:22px 24px;">';
         $html .= '<div style="font-size:14px;line-height:1.8;color:#cbd5e1;">';
         $html .= esc_html__('Generated by VulnTitan for your primary site administrator.', 'vulntitan') . ' ';
 …
     protected static function renderMetricCard(string $label, int $value, string $note, string $accent): string
+    {
         return '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:20px;">'
+        return '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-metric-card" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:20px;">'
             . '<tr><td style="padding:20px 20px 8px 20px;font-size:12px;font-weight:700;letter-spacing:0.12em;text-transform:uppercase;color:' . esc_attr($accent) . ';">' . esc_html($label) . '</td></tr>'
             . '<tr><td style="padding:0 20px 8px 20px;font-size:34px;line-height:1;font-weight:800;color:#0f172a;">' . esc_html(self::formatNumber($value)) . '</td></tr>'
+            . '<tr><td class="vt-metric-value" style="padding:0 20px 8px 20px;font-size:34px;line-height:1;font-weight:800;color:#0f172a;">' . esc_html(self::formatNumber($value)) . '</td></tr>'
             . '<tr><td style="padding:0 20px 20px 20px;font-size:14px;line-height:1.7;color:#475569;">' . esc_html($note) . '</td></tr>'
             . '</table>';
 …
     protected static function renderMetricGrid(array $cards): string
+    {
         $html = '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0">';
+        $html = '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" class="vt-metric-grid">';
         $chunks = array_chunk($cards, 2);
         foreach ($chunks as $rowIndex => $rowCards) {
             $html .= '<tr>';
+            $html .= '<tr class="vt-metric-row">';
             foreach ($rowCards as $cardIndex => $card) {
 …
                 $paddingBottom = $rowIndex < count($chunks) - 1 ? '16px' : '0';
                 $html .= '<td style="width:50%;padding:0 ' . $paddingRight . ' ' . $paddingBottom . ' ' . $paddingLeft . ';vertical-align:top;">';
+                $html .= '<td class="vt-metric-cell" style="width:50%;padding:0 ' . $paddingRight . ' ' . $paddingBottom . ' ' . $paddingLeft . ';vertical-align:top;">';
                 $html .= self::renderMetricCard(
                     (string) ($card['label'] ?? ''),
 …
             if (count($rowCards) === 1) {
                 $paddingBottom = $rowIndex < count($chunks) - 1 ? '16px' : '0';
                 $html .= '<td style="width:50%;padding:0 0 ' . $paddingBottom . ' 8px;vertical-align:top;"></td>';
+                $html .= '<td class="vt-metric-cell" style="width:50%;padding:0 0 ' . $paddingBottom . ' 8px;vertical-align:top;"></td>';
+            }
 …
         $html = '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:24px;">';
         $html .= '<tr><td style="padding:24px 24px 14px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:24px 24px 14px 24px;">';
         $html .= '<div style="font-size:20px;line-height:1.3;font-weight:800;color:#0f172a;margin:0 0 8px 0;">' . esc_html__('7-Day Activity Timeline', 'vulntitan') . '</div>';
         $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('Blocked traffic, login failures, and WAF detections day by day.', 'vulntitan') . '</div>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 24px 24px 24px;">';
+        $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('Blocked traffic, login pressure, form abuse, and comment moderation signals day by day.', 'vulntitan') . '</div>';
+        $html .= '</td></tr>';
+        $html .= '<tr><td class="vt-card-pad" style="padding:0 24px 24px 24px;">';
         foreach ($daily as $index => $day) {
             $counts = is_array($day['counts'] ?? null) ? $day['counts'] : [];
             $blocked = (int) ($counts['blocked'] ?? 0);
+            $formsBlocked = (int) ($counts['forms_blocked'] ?? 0);
+            $commentStopped = (int) ($counts['comment_spam_blocked'] ?? 0) + (int) ($counts['comment_rate_limited'] ?? 0);
+            $commentQueue = (int) ($counts['comment_spam_held'] ?? 0) + (int) ($counts['comment_pending_review'] ?? 0);
             $percent = ($maxBlocked > 0 && $blocked > 0) ? max(12, (int) round(($blocked / $maxBlocked) * 100)) : 0;
             $border = $index < count($daily) - 1 ? 'border-bottom:1px solid #e2e8f0;' : '';
 …
             $html .= '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="' . $border . '">';
             $html .= '<tr>';
             $html .= '<td style="padding:12px 0;width:110px;font-size:13px;font-weight:700;color:#0f172a;vertical-align:top;">' . esc_html((string) ($day['label'] ?? '')) . '</td>';
             $html .= '<td style="padding:12px 14px 12px 0;vertical-align:top;">';
+            $html .= '<td class="vt-daily-label" style="padding:12px 0;width:110px;font-size:13px;font-weight:700;color:#0f172a;vertical-align:top;">' . esc_html((string) ($day['label'] ?? '')) . '</td>';
+            $html .= '<td class="vt-daily-data" style="padding:12px 14px 12px 0;vertical-align:top;">';
             $html .= '<div style="height:8px;border-radius:999px;background-color:#e2e8f0;overflow:hidden;margin:5px 0 10px 0;">';
             $html .= '<span style="display:block;height:8px;width:' . esc_attr((string) $percent) . '%;background-color:#0f9bd7;border-radius:999px;"></span>';
 …
             $html .= '<div style="font-size:12px;line-height:1.8;color:#64748b;">';
             $html .= esc_html__('Blocked', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber($blocked)) . '</strong> &nbsp; ';
+            $html .= esc_html__('Forms', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber($formsBlocked)) . '</strong> &nbsp; ';
+            $html .= esc_html__('Comment Stops', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber($commentStopped)) . '</strong> &nbsp; ';
+            $html .= esc_html__('Queue', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber($commentQueue)) . '</strong> &nbsp; ';
             $html .= esc_html__('Failed Logins', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber((int) ($counts['login_failed'] ?? 0))) . '</strong> &nbsp; ';
             $html .= esc_html__('SQLi', 'vulntitan') . ': <strong style="color:#0f172a;">' . esc_html(self::formatNumber((int) ($counts['sqli'] ?? 0))) . '</strong> &nbsp; ';
 …
+    {
         $html = '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:24px;margin-bottom:16px;">';
         $html .= '<tr><td style="padding:24px 24px 14px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:24px 24px 14px 24px;">';
         $html .= '<div style="font-size:20px;line-height:1.3;font-weight:800;color:#0f172a;margin:0 0 8px 0;">' . esc_html__('Highlights', 'vulntitan') . '</div>';
         $html .= '<div style="font-size:14px;line-height:1.7;color:#475569;">' . esc_html__('The most important takeaways from this reporting period.', 'vulntitan') . '</div>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 24px 24px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:0 24px 24px 24px;">';
         foreach ($highlights as $index => $highlight) {
 …
                 ];
             },
             __('No firewall or comment-shield rules were triggered in this period.', 'vulntitan')
+            __('No firewall, login, or form-shield rules were triggered in this period.', 'vulntitan')
         );
 …
+    {
         $html = '<table role="presentation" width="100%" cellspacing="0" cellpadding="0" border="0" style="background-color:#ffffff;border:1px solid #dbe6f0;border-radius:24px;">';
         $html .= '<tr><td style="padding:24px 24px 14px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:24px 24px 14px 24px;">';
         $html .= '<div style="font-size:18px;line-height:1.3;font-weight:800;color:#0f172a;margin:0 0 8px 0;">' . esc_html($title) . '</div>';
         $html .= '</td></tr>';
         $html .= '<tr><td style="padding:0 24px 24px 24px;">';
+        $html .= '<tr><td class="vt-card-pad" style="padding:0 24px 24px 24px;">';
         if (!$rows) {
 …
             ],
+            [
+                'label' => __('Two-Factor Authentication', 'vulntitan'),
+                'value' => self::buildTwoFactorSummary($settings),
+            ],
+            [
+                'label' => __('CAPTCHA Coverage', 'vulntitan'),
+                'value' => self::buildCaptchaSummary($settings),
+            ],
+            [
+                'label' => __('XML-RPC Policy', 'vulntitan'),
+                'value' => self::buildXmlrpcSummary($settings),
+            ],
+            [
+                'label' => __('Weak Password Blocking', 'vulntitan'),
+                'value' => !empty($settings['weak_password_blocking_enabled']) ? __('Enabled', 'vulntitan') : __('Disabled', 'vulntitan'),
+            ],
+            [
                 'label' => __('Max Failed Attempts', 'vulntitan'),
                 'value' => self::formatNumber((int) ($settings['max_attempts'] ?? 0)),
 …
             ],
+            [
+                'label' => __('SQLi Rule Set', 'vulntitan'),
+                'value' => !empty($settings['waf_sqli_enabled']) ? __('Enabled', 'vulntitan') : __('Disabled', 'vulntitan'),
+            ],
+            [
+                'label' => __('Command Injection Rule Set', 'vulntitan'),
+                'value' => !empty($settings['waf_command_injection_enabled']) ? __('Enabled', 'vulntitan') : __('Disabled', 'vulntitan'),
+            ],
+            [
+                'label' => __('Learning Mode', 'vulntitan'),
+                'value' => self::buildLearningModeSummary($settings),
+            ],
+            [
+                'label' => __('Proxy Trust Handling', 'vulntitan'),
+                'value' => self::buildProxyTrustSummary($settings),
+            ],
+            [
                 'label' => __('Comment Shield', 'vulntitan'),
                 'value' => !empty($settings['comment_shield_enabled']) ? __('Enabled', 'vulntitan') : __('Disabled', 'vulntitan'),
 …
             ],
+            [
+                'label' => __('Comment Rate Window', 'vulntitan'),
+                'label' => __('Minimum Submit Time', 'vulntitan'),
+                'value' => sprintf(
+                    __('%s seconds', 'vulntitan'),
+                    self::formatNumber((int) ($settings['submission_min_submit_seconds'] ?? $settings['comment_min_submit_seconds'] ?? 0))
+                ),
+            ],
+            [
+                'label' => __('Guest Link Limit', 'vulntitan'),
+                'value' => sprintf(
+                    __('%s links', 'vulntitan'),
+                    self::formatNumber((int) ($settings['submission_max_links'] ?? $settings['comment_max_links'] ?? 0))
+                ),
+            ],
+            [
+                'label' => __('Submission Rate Window', 'vulntitan'),
                 'value' => sprintf(
                     __('%1$s attempts / %2$s minutes', 'vulntitan'),
                     self::formatNumber((int) ($settings['comment_rate_limit_attempts'] ?? 0)),
                     self::formatNumber((int) ($settings['comment_rate_limit_window_minutes'] ?? 0))
+                    self::formatNumber((int) ($settings['submission_rate_limit_attempts'] ?? $settings['comment_rate_limit_attempts'] ?? 0)),
+                    self::formatNumber((int) ($settings['submission_rate_limit_window_minutes'] ?? $settings['comment_rate_limit_window_minutes'] ?? 0))
                 ),
+            ],
+            [
+                'label' => __('Form Shield', 'vulntitan'),
+                'value' => !empty($settings['form_shield_enabled']) ? __('Enabled', 'vulntitan') : __('Disabled', 'vulntitan'),
+            ],
+            [
+                'label' => __('Protected Form Providers', 'vulntitan'),
+                'value' => self::buildFormProvidersSummary($settings),
             ],
+            [
 …
             $border = $index < count($rows) - 1 ? 'border-bottom:1px solid #e2e8f0;' : '';
             $html .= '<tr>';
             $html .= '<td style="padding:12px 0;' . $border . 'font-size:14px;line-height:1.7;color:#475569;width:42%;">' . esc_html((string) $row['label']) . '</td>';
             $html .= '<td style="padding:12px 0;' . $border . 'font-size:14px;line-height:1.7;font-weight:700;color:#0f172a;">' . esc_html((string) $row['value']) . '</td>';
+            $html .= '<td class="vt-policy-label" style="padding:12px 0;' . $border . 'font-size:14px;line-height:1.7;color:#475569;width:42%;">' . esc_html((string) $row['label']) . '</td>';
+            $html .= '<td class="vt-policy-value" style="padding:12px 0;' . $border . 'font-size:14px;line-height:1.7;font-weight:700;color:#0f172a;">' . esc_html((string) $row['value']) . '</td>';
             $html .= '</tr>';
+        }
 …
+    }
     protected static function buildHighlights(array $daily): array
+    protected static function buildHighlights(array $daily, array $totals = []): array
+    {
         $peakDay = null;
 …
         $peakLogins = -1;
         $activeDays = 0;
+        $formsBlocked = (int) ($totals['forms_blocked'] ?? 0);
+        $commentSpamHeld = (int) ($totals['comment_spam_held'] ?? 0);
+        $commentPendingReview = (int) ($totals['comment_pending_review'] ?? 0);
+        $commentStops = (int) ($totals['comment_spam_blocked'] ?? 0) + (int) ($totals['comment_rate_limited'] ?? 0);
         foreach ($daily as $day) {
 …
                 ),
             ],
+            [
+                'title' => __('Abuse Filters', 'vulntitan'),
+                'body' => ($formsBlocked + $commentStops + $commentSpamHeld + $commentPendingReview) > 0
+                    ? sprintf(
+                        __('Form Shield blocked %1$s submissions, comment filtering stopped %2$s comments, and %3$s comments were held or queued for review.', 'vulntitan'),
+                        self::formatNumber($formsBlocked),
+                        self::formatNumber($commentStops),
+                        self::formatNumber($commentSpamHeld + $commentPendingReview)
+                    )
+                    : __('No form spam or suspicious comment activity required intervention during this reporting period.', 'vulntitan'),
+            ],
         ];
         return $highlights;
+    }
+    protected static function renderEmailStyles(): string
+    {
+        return '<style type="text/css">'
+            . 'body{margin:0;padding:0;background-color:#edf2f7;}'
+            . 'table{border-collapse:separate;}'
+            . '@media only screen and (max-width:620px){'
+            . '.vt-shell{padding:16px 0 !important;}'
+            . '.vt-container{width:100% !important;}'
+            . '.vt-section-pad{padding-left:12px !important;padding-right:12px !important;}'
+            . '.vt-card-pad{padding-left:18px !important;padding-right:18px !important;}'
+            . '.vt-brand-right{display:block !important;width:100% !important;text-align:left !important;padding:12px 0 0 0 !important;}'
+            . '.vt-hero-left,.vt-hero-right,.vt-two-col-left,.vt-two-col-right,.vt-metric-cell,.vt-policy-label,.vt-policy-value,.vt-daily-label,.vt-daily-data{display:block !important;width:100% !important;}'
+            . '.vt-hero-left{padding-right:0 !important;padding-bottom:16px !important;}'
+            . '.vt-hero-right{padding-left:0 !important;text-align:left !important;}'
+            . '.vt-two-col-left{padding:0 0 16px 0 !important;}'
+            . '.vt-two-col-right{padding:0 !important;}'
+            . '.vt-metric-row{display:block !important;}'
+            . '.vt-metric-cell{padding:0 0 12px 0 !important;}'
+            . '.vt-metric-cell:last-child{padding-bottom:0 !important;}'
+            . '.vt-blocked-card{width:100% !important;}'
+            . '.vt-hero-title{font-size:24px !important;}'
+            . '.vt-blocked-value,.vt-metric-value{font-size:30px !important;}'
+            . '.vt-inline-chip{display:block !important;margin:0 0 8px 0 !important;text-align:center !important;}'
+            . '.vt-daily-label{padding-bottom:8px !important;}'
+            . '.vt-daily-data{padding-right:0 !important;}'
+            . '.vt-policy-label{padding-bottom:2px !important;border-bottom:none !important;}'
+            . '.vt-policy-value{padding-top:0 !important;padding-bottom:12px !important;}'
+            . '}'
+            . '</style>';
+    }
+    protected static function buildTwoFactorSummary(array $settings): string
+    {
+        if (empty($settings['two_factor_enabled'])) {
+            return __('Disabled', 'vulntitan');
+        }
+        $roles = is_array($settings['two_factor_roles'] ?? null) ? $settings['two_factor_roles'] : [];
+        $roleLabel = $roles ? self::implodeHumanList(array_map([__CLASS__, 'humanizeIdentifier'], $roles)) : __('selected roles', 'vulntitan');
+        $trustedDays = max(0, (int) ($settings['trusted_device_days'] ?? 0));
+        return sprintf(
+            __('Enabled for %1$s with %2$s-day trusted devices', 'vulntitan'),
+            $roleLabel,
+            self::formatNumber($trustedDays)
+        );
+    }
+    protected static function buildCaptchaSummary(array $settings): string
+    {
+        $provider = (string) ($settings['captcha_provider'] ?? 'none');
+        if ($provider === '' || $provider === 'none') {
+            return __('Disabled', 'vulntitan');
+        }
+        $surfaces = [];
+        if (!empty($settings['captcha_login_enabled'])) {
+            $surfaces[] = __('login', 'vulntitan');
+        }
+        if (!empty($settings['captcha_register_enabled'])) {
+            $surfaces[] = __('registration', 'vulntitan');
+        }
+        if (!empty($settings['captcha_lostpassword_enabled'])) {
+            $surfaces[] = __('password reset', 'vulntitan');
+        }
+        if (!empty($settings['captcha_comment_enabled'])) {
+            $surfaces[] = __('comments', 'vulntitan');
+        }
+        $providerLabel = self::humanizeCaptchaProvider($provider);
+        if (!$surfaces) {
+            return sprintf(
+                __('%s configured but not assigned to a protected flow', 'vulntitan'),
+                $providerLabel
+            );
+        }
+        return sprintf(
+            __('%1$s on %2$s', 'vulntitan'),
+            $providerLabel,
+            self::implodeHumanList($surfaces)
+        );
+    }
+    protected static function buildXmlrpcSummary(array $settings): string
+    {
+        $policy = (string) ($settings['xmlrpc_policy'] ?? 'allow');
+        if ($policy === 'rate_limit') {
+            return sprintf(
+                __('Rate limited at %1$s attempts / %2$s minutes', 'vulntitan'),
+                self::formatNumber((int) ($settings['xmlrpc_rate_limit_attempts'] ?? 0)),
+                self::formatNumber((int) ($settings['xmlrpc_rate_limit_window_minutes'] ?? 0))
+            );
+        }
+        if ($policy === 'block') {
+            return __('Blocked except allowlist', 'vulntitan');
+        }
+        return __('Allowed', 'vulntitan');
+    }
+    protected static function buildLearningModeSummary(array $settings): string
+    {
+        if (empty($settings['learning_mode_enabled'])) {
+            return __('Disabled', 'vulntitan');
+        }
+        return sprintf(
+            __('Enabled at %1$s hits within %2$s days', 'vulntitan'),
+            self::formatNumber((int) ($settings['learning_suggestion_threshold'] ?? 0)),
+            self::formatNumber((int) ($settings['learning_suggestion_window_days'] ?? 0))
+        );
+    }
+    protected static function buildProxyTrustSummary(array $settings): string
+    {
+        $parts = [];
+        $trustedProxies = is_array($settings['trusted_proxies'] ?? null) ? $settings['trusted_proxies'] : [];
+        if (!empty($settings['trust_cloudflare'])) {
+            $parts[] = __('Cloudflare headers trusted', 'vulntitan');
+        }
+        if ($trustedProxies) {
+            $parts[] = sprintf(
+                __('%s trusted proxy IPs', 'vulntitan'),
+                self::formatNumber(count($trustedProxies))
+            );
+        }
+        if (!$parts) {
+            return __('Direct REMOTE_ADDR only', 'vulntitan');
+        }
+        return implode(' • ', $parts);
+    }
+    protected static function buildFormProvidersSummary(array $settings): string
+    {
+        if (empty($settings['form_shield_enabled'])) {
+            return __('Disabled', 'vulntitan');
+        }
+        $providers = [];
+        if (!empty($settings['form_provider_cf7_enabled'])) {
+            $providers[] = __('Contact Form 7', 'vulntitan');
+        }
+        if (!empty($settings['form_provider_fluentforms_enabled'])) {
+            $providers[] = __('Fluent Forms', 'vulntitan');
+        }
+        if (!$providers) {
+            return __('Form Shield enabled with no active provider selected', 'vulntitan');
+        }
+        return self::implodeHumanList($providers);
+    }
+    protected static function humanizeCaptchaProvider(string $provider): string
+    {
+        switch ($provider) {
+            case 'turnstile':
+                return __('Cloudflare Turnstile', 'vulntitan');
+            case 'hcaptcha':
+                return __('hCaptcha', 'vulntitan');
+            default:
+                return ucfirst($provider);
+        }
+    }
+    protected static function humanizeIdentifier(string $value): string
+    {
+        return ucwords(str_replace(['_', '-'], ' ', trim($value)));
+    }
+    protected static function implodeHumanList(array $items): string
+    {
+        $items = array_values(array_filter(array_map(static function ($item): string {
+            return is_scalar($item) ? trim((string) $item) : '';
+        }, $items)));
+        if (!$items) {
+            return '';
+        }
+        if (count($items) === 1) {
+            return $items[0];
+        }
+        if (count($items) === 2) {
+            return $items[0] . ' ' . __('and', 'vulntitan') . ' ' . $items[1];
+        }
+        $last = array_pop($items);
+        return implode(', ', $items) . ', ' . __('and', 'vulntitan') . ' ' . $last;
+    }

vulntitan/trunk/readme.txt

-                      r3486040
+                      r3490735
 Tested up to: 6.9
 Requires PHP: 7.4
 Stable tag: 2.1.15
+Stable tag: 2.1.16
 License: GPLv2
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+= v2.1.16 - 25 Mar, 2026 =
+* Tightened Comment Shield spam detection with casino, betting, gambling, promotional-link, repeated-domain, and thin-link comment heuristics for guest comments.
+* Added firewall logging when suspicious comments are held and when WordPress routes comments into the pending moderation queue.
+* Expanded the weekly executive security digest with form spam, comment queue, and broader protection-profile coverage.
+* Improved the HTML digest layout on mobile by stacking compressed two-column sections into a readable single-column flow.
 = v2.1.15 - 18 Mar, 2026 =
 * Added “Not installed” provider messaging in Spam Protection and disabled unavailable form provider toggles until Contact Form 7 or Fluent Forms is activated.

vulntitan/trunk/vulntitan.php

-                      r3486040
+                      r3490735
  * Plugin URI: https://vulntitan.com/vulntitan/
  * Description: VulnTitan is a WordPress security plugin with vulnerability scanning, malware detection, file integrity monitoring, comment and form anti-spam protection, and a built-in firewall with WAF payload rules and login protection.
  * Version: 2.1.15
+ * Version: 2.1.16
  * Author: Jaroslav Svetlik
  * Author URI: https://vulntitan.com
 …
 // Define plugin constants
 define('VULNTITAN_PLUGIN_VERSION', VULNTITAN_DEVELOPMENT ? uniqid() : '2.1.15');
+define('VULNTITAN_PLUGIN_VERSION', VULNTITAN_DEVELOPMENT ? uniqid() : '2.1.16');
 define('VULNTITAN_PLUGIN_BASENAME', plugin_basename(__FILE__));
 define('VULNTITAN_PLUGIN_DIR', untrailingslashit(plugin_dir_path(__FILE__)));

Plugin Directory

Context Navigation

Legend:

vulntitan/tags/2.1.16/CHANGELOG.md

vulntitan/tags/2.1.16/assets/js/firewall.js

vulntitan/tags/2.1.16/assets/js/firewall.min.js

vulntitan/tags/2.1.16/includes/Admin/Admin.php

vulntitan/tags/2.1.16/includes/Services/CommentSpamService.php

vulntitan/tags/2.1.16/includes/Services/FirewallService.php

vulntitan/tags/2.1.16/includes/Services/WeeklySummaryEmailService.php

vulntitan/tags/2.1.16/readme.txt

vulntitan/tags/2.1.16/vulntitan.php

vulntitan/trunk/CHANGELOG.md

vulntitan/trunk/assets/js/firewall.js

vulntitan/trunk/assets/js/firewall.min.js

vulntitan/trunk/includes/Admin/Admin.php

vulntitan/trunk/includes/Services/CommentSpamService.php

vulntitan/trunk/includes/Services/FirewallService.php

vulntitan/trunk/includes/Services/WeeklySummaryEmailService.php

vulntitan/trunk/readme.txt

vulntitan/trunk/vulntitan.php

Download in other formats: