Gravity Forms Zero Spam Changelog

• Added: Translations in 27 languages
• Fixed: Spam report emails could fail to send when the feature was first enabled

• Fixed: Forms rendered in modals or other elements output via wp_footer (e.g., site-wide popups, slide-ins) were missing the spam prevention token, causing legitimate submissions to be flagged as spam

• Added: "Anti-Spam Expiration" setting to control how long spam prevention tokens remain valid, accessible from Forms > Settings > Zero Spam
• Fixed: Email rejection settings and form editor scripts not loading when Gravity Forms No Conflict mode is enabled
• Fixed: Form submission failure ("Cannot read properties of undefined") caused by the token fetch request failing unexpectedly

• Improved: Extended token lifetime to 7 days and improved token fetching compatibility
• Fixed: Submissions from pages with multiple Gravity Forms were incorrectly marked as spam when the form wasn't the first one on the page
• Added: gf_zero_spam_token_ttl and gf_zero_spam_fallback_token_ttl filters to adjust the lifetime of dynamically fetched and HTML-embedded fallback tokens respectively (default for both: 7 days)

• Fixed: Forms with conditional logic could be invisible to visitors

• Fixed: Fatal error on sites where AUTH_KEY or SECURE_AUTH_KEY constants are not defined in wp-config.php

• Added: Stronger spam prevention using signed, time-limited tokens
• API: Added gf_zero_spam_client_ip filter to override the visitor IP used for rate limiting (useful for sites behind Cloudflare or load balancers)
• API: Added gf_zero_spam_rate_limit filter to adjust the maximum token requests allowed per IP per minute (default: 30)

• Improved: Removed dependency on jQuery
• Fixed: "Prevent spam using Gravity Forms Zero Spam" toggle appeared twice in form settings

This release requires PHP 7.4 or newer.

• Added: Email rejection rules to validate email field submissions and take action based on matching addresses, domains, or patterns
  • Match by exact email, domain (e.g., @example.com), wildcard, or regular expressions (regex)
  • Block the submission (requires Gravity Forms 2.9.15+), flag it as spam, or log it with an entry note
  • Import multiple rules at once from a text list
  • Enable/disable rules individually
  • Set field-specific overrides in the Form Editor
• Added: Spam entries now show the reason they were flagged (e.g., missing or invalid key)
• Added: Zero Spam toggle now appears in the "Spam" form settings section on Gravity Forms 2.9.21+
• Added: Spam protection for Save and Continue, preventing bots from creating spam drafts
• Improved: Redundant spam checks are skipped when the entry is already flagged by another filter
• API: Added gf_zero_spam_email_rules filter to modify email rejection rules before evaluation
• API: Added gf_zero_spam_email_rule_match action that fires when an email matches a rejection rule

• Fixed: Fatal error on PHP 7.2 and older

• Fixed: PHP deprecation warning when using Gravity Forms 2.8 or newer

• Improved: Submissions by users who have the capability to edit Gravity Forms entries are no longer processed by Zero Spam (thanks for the idea, @richardjb62!)
• Fixed: Use GMT time for spam summary email reports to make sure the report is sent at the correct time

• Improved: Sanitized form ID in JavaScript
• Modified: Changed the text domain for strings to gravity-forms-zero-spam to match the plugin slug
• Fixed: Added missing Text Domain header for translation

• Fixed: Conflict with the Gravity Forms Stripe Add-On

• Added: Spam summary email reports are now available! Receive a helpful email summarizing spam messages received. To enable, from your Dashboard, go to Forms, then Settings, then Zero Spam to enable and configure this feature.
  • Choose when to send the report (threshold-based or frequency-based)
  • Customize the report message
  • Works with any spam messages, not just those blocked by Zero Spam
• Added: A setting to globally enable or disable Zero Spam by default (default: Enabled)

Gravity Forms 2.7 added improved spam blocking in 2.7. Keep this plugin installed—it won't hurt, and we're about to add some great new features soon! ❤️ Thanks to Richard Wawrzyniak for the code updates in this release.

• Added: Support for API submissions (which don't have a form submit action)
• Fixed: Gravity Forms 2.7 support
• Fixed: PHP 8.0 warnings
• Tested with WordPress 6.2

• Tweak: Changed the autocomplete on the hidden field to new-password instead of off. Thanks for the suggestion, Ross!

• Improved: Prevent autocomplete on the hidden field. This may help prevent some reported false-positives.
• Tested with WordPress 6.0.1

• Improved: Don't check for spam on the Gravity Forms Preview page
• Tested with WordPress 5.9

• New! Added a per-form setting "Prevent spam using Gravity Forms Zero Spam" that enables or disables Gravity Forms Zero Spam from processing! Check out the FAQ to learn how to use this setting. Note: this feature requires Gravity Forms 2.5 or newer.

• Enhancement: Adds an entry note when an entry is marked as spam. Thanks to Gravity Forms for the enhancement!

• Fixed: Entries going to spam on websites that have plugins that override random password generation. Thanks, @thomascharbit!

• Fixed: Script not being correctly loaded using Gravity Forms' inline JavaScript

• Improved: The JavaScript code that adds the spam-catching field is now output at the same time as Gravity Forms' inline JavaScript.
  • The script is only loaded when forms are displayed
  • jQuery is always available because Gravity Forms loads it as-needed

• Fixed: All entries marked as spam for AJAX-enabled forms. Sorry, folks! Won't happen again.
• Went back to using jQuery to listen to form submissions.

• Fixed: JavaScript "null is not an object (evaluating 'el.addEventListener')" error on pages without a form

• Improved: No longer requires jQuery
• Fixed: Only checks for spam on submissions that were submitted by a form, not for entries created programatically

The Gravity Forms Zero Spam plugin is now maintained by GravityKit. We look forward to continuing to improve this simple, effective spam blocker for Gravity Forms. Thanks to GoWP for their great work!

• Improved: Only add anti-spam JavaScript when the Gravity Forms plugin is active
• Fixed: Sanitized key, in case there were any unsafe characters generated by overriding the random_password filter.
• Fixed: Made GF_Zero_Spam::deactivate a static method
• Updated: Now using the wp_print_footer_scripts action to add the script (was wp_footer)

• Should fix 'jQuery undefined' errors

• Added support for multi-page forms (thanks, @supporthero)

• Update FAQ and compatibility notes in readme.txt

• Fix issue with forms not submitting after an initial validation error

• Initial version