Ben Marshall

Thanks for reaching out and for the great suggestion! We’ve reviewed this and shipped a fix in v5.7.8 that addresses exactly what you described… soon to be released.

https://github.com/Highfivery/zero-spam-for-wordpress/pull/397

We added a new “Allowed Words” setting (under Settings > Zero Spam) where you can list specific words or strings — one per line — that should never be flagged as spam, even if they appear in the splorp blocklist. So if your email address or domain contains something like “ugg” or “cash” that happens to be on the list, just add that string to Allowed Words and it will be skipped during validation. This works across all form types (CF7, Gravity Forms, WPForms, Formidable, Fluent Forms) and WordPress comments.

We also added a “Minimum Disallowed Word Length” setting that lets you skip very short blocklist entries entirely — those 3-4 character strings tend to cause the most false positives.

Please update to v5.7.8 and let us know if you run into any issues — we’re happy to help!

If you have a moment, we’d really appreciate it if you could leave a quick review of the plugin on WordPress.org. It goes a long way in keeping us motivated to continue developing new features and quickly addressing issues like this. Thank you!

Thanks for the feedback, both points are valid and we’ll improve the plugin’s UI to address them.

1) Missing link to Project Honeypot You’re right, we should be linking directly to projecthoneypot.org from the settings section. We’ll add that.

2) Finding your access key The key you need is the HTTP:BL Access Key — so yes, the “BL Access Key” you found is exactly what goes into the Zero Spam settings. Here’s how to find it:

1. Log in at projecthoneypot.org
2. Go to HTTP:BL Configuration (or navigate to Services → HTTP:BL from your dashboard)
3. Your access key is displayed at the top — it’s a 12-character alphanumeric string
4. Paste that key into the Access Key field in Zero Spam’s Project Honeypot settings

We’ll update the plugin description to make this clearer and include a direct link to the HTTP:BL configuration page.

If you have a moment, we’d really appreciate it if you could leave a review for Zero Spam on WordPress.org. Reviews help us reach more users, keep us motivated, and allow us to continue improving the plugin. Your feedback, whether it’s a feature request, a bug report, or just a thumbs up, makes a real difference. Thank you for your support!

Hey! Thank you for the detailed bug report — all three issues have been confirmed, diagnosed, and fixed in v5.7.5.

Issue 1: Gravity Forms not blocking emails from blocked domains (e.g., jmailservice.com) This was a missing feature — Gravity Forms submissions were only checked against the honeypot and David Walsh techniques, but never validated against the blocked email domains list. v5.7.5 now iterates all submitted form fields and checks any email addresses against your blocked domains list. You’ll find a new “Check Blocked Email Domains” toggle in the Gravity Forms settings section. We also added this same check to Contact Form 7 and Formidable Forms for consistency.

Issue 2: wp zerospam set --regenerate_honeypot not working The honeypot regeneration is an action, not a storable setting — the set command was just saving the flag text as a value rather than actually regenerating the honeypot key. This has been fixed in two ways:

• wp zerospam set --regenerate_honeypot now correctly regenerates the honeypot key
• A new dedicated command is also available: wp zerospam regenerate-honeypot

Issue 3: wp zerospam set --blocked_email_domains="..." not working There was a storage mismatch — the CLI was writing the domains to the wrong option key, so the plugin never read them back. This has been fixed, and there’s also a new dedicated command with more flexibility:

wp zerospam update-blocked-domains --domains="domain1.com,domain2.com"
wp zerospam update-blocked-domains --file=/path/to/domains.txt
wp zerospam update-blocked-domains --recommended
wp zerospam update-blocked-domains --domains="newdomain.com" --append

Additionally, this release includes security hardening for SQL injection prevention in database queries, a fix for an inverted email validation check in Fluent Forms, and new disallowed word checking across all form modules.

Please update to v5.7.5 and let us know if you run into any further issues. If you have a moment, we’d really appreciate a review on WordPress.org — it goes a long way in keeping us motivated to continue improving the plugin.

Thank you so much for reporting this issue! You were absolutely right – the email notification system was sending thousands of emails when network settings changed, causing server resource issues and email provider alerts.

We’ve just released v5.7.3 which completely resolves this problem.

You now have independent control over email notifications in Network Admin → Settings → Zero Spam Network → Notifications tab:

• Weekly Summary Emails – Keep these if you want weekly reports
• Settings Change Notifications – Disable this to stop the email flood

Simply uncheck “Settings Change Notifications” and you won’t receive thousands of emails anymore when changing network-level settings.

Please update and let us know if this resolves your issue!

If this solves your problem, we’d really appreciate a review – it helps us continue developing features based on user feedback like yours.

Thanks again for bringing this to our attention!

Thank you so much for reaching out and for pointing this out! You’re absolutely right that this should be easier to control.

How to Disable It Now
Currently, you can disable the weekly summary emails using one of these methods:

Option 1: WP-CLI (Recommended)
wp site option update zerospam_network_notifications_enabled false --networkOption

Option 2: Add to wp-config.php
Add this code to your wp-config.php file:

// Disable Zero Spam weekly summary emails
add_action('plugins_loaded', function() {
if (is_multisite()) {
update_site_option('zerospam_network_notifications_enabled', false);
}
}, 1);

Option 3: Unschedule the Cron Event
Add this to your theme’s functions.php or a custom plugin:

// Unschedule Zero Spam weekly summary
add_action(‘init’, function() {
$timestamp = wp_next_scheduled(‘zerospam_network_weekly_summary’);
if ($timestamp) {
wp_unschedule_event($timestamp, ‘zerospam_network_weekly_summary’);
}
});

Great News! 🎉
Thanks to your feedback, version 5.7.2 (coming soon) will include a brand new Notifications tab in the Network Settings page where you can easily toggle weekly summary emails on or off with a simple checkbox—no code required!

To access it in v5.7.2:

1. Navigate to Network Admin → Settings → Zero Spam Network
2. Click the Notifications tab
3. Toggle “Enable weekly summary emails” on or off
4. Click Save Settings

If you’re finding Zero Spam helpful for protecting your network, we’d really appreciate it if you could take a moment to leave us a review! Your feedback helps us continue improving the plugin and helps other users discover it.

Thanks again for bringing this to our attention, your input directly led to this improvement!

Thanks for reporting this! We identified the issue causing those PHP warnings and have released a fix in version 5.7.1.

Please update to the latest version and let us know if you run into any other trouble.

If you have a quick moment, we’d really appreciate a plugin review.

Cheers!

Thank you for reaching out regarding the login page blocking issue. I understand how frustrating it can be when you’re unexpectedly blocked from your own website.

Understanding the “IP flagged as spam/malicious” message:

This message can appear for several reasons, and in most cases, it’s actually a legitimate security response rather than a plugin error. The Zero Spam plugin uses multiple layers of protection to keep your site secure, and sometimes legitimate users can trigger these protections.

Common causes and how to resolve:

1. Check your site’s Zero Spam Log (Admin Dashboard → Zero Spam → Log):
– Look for your blocked login attempt
– Check the “Failed” column to see the specific reason
– This will tell you exactly which protection triggered the block

2. Whitelist your IP address (Settings → Zero Spam → Settings):
– Scroll to “IP Whitelist”
– Add your IP address (one per line)
– Save settings
– This ensures you’ll never be blocked again

3. Check if you’re manually blocked (Dashboard → Zero Spam → Blocked):
– Search for your IP address
– If found, click to remove the block
– Your IP may have been previously flagged and added to the blocked list

4. Verify third-party protection services:
– The plugin integrates with Zero Spam Enhanced Protection, Stop Forum Spam, and Project Honeypot
– These services maintain global databases of suspicious IPs
– If you’re on a shared network, VPN, or your ISP recently changed your IP, you might be temporarily flagged
– You can adjust the “Confidence Minimum” thresholds in each service’s settings to reduce false positives

5. JavaScript-based protection (David Walsh technique):
– Go to Settings → Zero Spam → David Walsh
– Verify the protection is working correctly
– If you have JavaScript disabled, use browser privacy tools, or have aggressive ad blockers, this can cause false positives
– You can temporarily disable this protection to test

Need more help?

For faster, personalized support, please email us directly at info@zerospam.org with:

• Your website URL
• Your IP address (you can find this at https://whatismyipaddress.com/)
• The exact error message you’re seeing
• Details from your Zero Spam Log (if accessible)

This will allow us to investigate your specific situation and provide targeted assistance.

Consider Zero Spam Enhanced Protection:

If you haven’t already, I’d encourage you to check out our Enhanced Protection subscription. Subscribers receive:

• Priority support for faster issue resolution
• Access to our advanced real-time IP reputation network
• Enhanced detection accuracy with lower false positives
• Direct assistance from our security team

Plugin Review:

We noticed you may not have left a review yet. If Zero Spam has been protecting your site effectively, we’d really appreciate if you could leave us a 5-star review. Your feedback helps other WordPress users discover reliable security solutions!

P.S. The good news is that if you’re being blocked, it means the plugin is actively working to protect your site! Once we identify why you’re being blocked, we can easily whitelist you while maintaining security for your site.