AVH First Defense Against Spam

The AVH First Defense Against Spam WordPress plugin gives you the ability to block spammers before any content is served. Spammers are identified by checking if the visitors IP exists in a database served by Stop Forum Spam or Project Honey Pot or by a local blacklist.

Current Release: Version 3.6.0 Released on: May 16, 2013

Download | Donate | Features | Support | Installation | FAQ | Changelog


The visitor’s IP can be checked at the following third parties:

  • Stop Forum Spam. http://www.stopforumspam.com
  • Project Honey Pot. http://www.projecthoneypot.org (An API key is needed to check the IP at this party. The key is free.)
  • Spamhaus. http://www.spamhaus.org. IP’s are checked with the lists SBL and XBL.

Separate thresholds can be set for the following features:

  • Send an email to the board administrator with information about the spammer.
  • Block the spammer before content is server.

Other features:

  • Spammers can be blocked based on the information supplied by the third party or by using a local blacklist.
  • Bypass the checks for the IP at the third parties and the local blacklist, based on IP in the local whitelist.
  • Ability to add single IP’s and/or IP ranges to the blacklist and whitelist.
  • When an IP is blocked a message can be displayed to the visitor with the reason why access was blocked.
  • Report a spammer to Stop Forum Spam. A valid API key from Stop Forum Spam is necessary.
  • Add a spammer to the local blacklist by clicking a link in the received email.
  • Block spammers that access wp-comments-post.php directly by using a comment security check. An email can be send when the check fails.
  • IP caching system
  • Use a honey pot from Project Honey Pot
  • Option to block spammers that access wp-comments-post.php directly by using a comment security check. An email can be send when the check fails.

Blocking a potential spammer before content is served has the following advantages:

  • It saves bandwidth.
  • It saves CPU cycles. The spammer is actually checked and blocked before WordPress starts building the page.
  • If you keep track of how many visitors your site has, either by using Google’s Analytics, WP-Stats or any other one, it will give you a cleaner statistic of visits your site receives.

Usage terms of the 3rd Parties

Please read the usage terms of the 3rd party you are activating.
* Stop Forum Spam.
* Project Honey Pot.
* Spamhaus.

The IP Caching system.

Stop Forum spam has set a limit on the amount of API calls you can make a day, currently it is set at 20,000 calls a day.
This means that if you don’t use the Blacklist and/or Whitelist you are limited to 20,000 visits/day on your site. To overcome this possible problem I wrote an IP caching system.
If you use the caching system you still have a limit with Stop Forum Spam , but the limit is set to 20,000 unique visits/day.

The following IP’s are cached locally:

  1. Every IP identified by a 3rd party as spam and triggering the terminate-the-connection threshold.
  2. Every clean IP.

Only returning IP’s that were previously identified as spammer and who’s connection was terminated will update their last seen date in the caching system.
Every day, once a day, a routine runs to remove the IP’s who’s last seen date is X amount of days older than the date the routine runs. You can set the days in the administration section of the plugin.
You can check the statistics to see how many IP’s are in the database. If you have a busy site, with a lot of unique visitors, you might have to play with the “Days to keep in cache” setting to keep the size under control.

Checking Order and Actions

The plugin checks the visiting IP in the following order, only if that feature is enabled of course.

  1. Whitelist – If found in the list skip the rest of the checks.
  2. Blacklist – If found in the list terminate the connection.
  3. IP Caching – If found in the list and it’s spam terminate connection otherwise if it’s clean skip the rest of the checks except when posting a comment then a Stop Forum Spam check will be done.
  4. Stop Forum Spam – Only when the visiting IP is posting a comment. If found and it’s spam terminate connection.
  5. Project Honey Pot – If found and it’s spam terminate connection, if found and it’s set to be a search enigine no further checks will be performed.
  6. Spamhaus – If found and it’s spam terminate connection.

This plugin is fully compatible with other anti-spam plugins, I have tested it with WP-Spamfree and Akismet.
The plugin also gives you some extra tips and tricks to stop spam by editing your htaccess file. To access them go to the settings of the plugin and click Tips and Tricksi




This message is shown when you select the option to show a message and the visitors IP is found in the Stop Forum Spam database.


This message is shown when you select the option to show a message and the visitors IP is blacklisted.


The option Report & Delete used to report a spammer to Stop Forum Spam and delete the spam.



The AVH First Defense Against Spam plugin compatible with WordPress 2.8 and higher.
Version 3.6.0



If you enjoy this plug-in please consider a donation. There are several ways you can show your appreciation:

  • Amazon Wish List
    You can send me something from my Amazon Wish List which is shown in the sidebar.
  • Through Paypal.
    Click on the Donate button and you will be directed to Paypal where you can make your donation and you don’t have to have a Paypal account.



  1. Download the archive and extract all in the wp-content/plugins directory.
  2. Go to your WordPress administration page, click on Plugins and activate it.



If you have comments/problems/suggestions, see something in the code which is not compliant to the WordPress Plugin Codex, or just want to say “Cool! It works!”, feel free to create a post at the AVH Support Forum


Is this plugin enough to block all spam? =
Unfortunately not.
I don’t believe there is one solution to block all spam. Personally I have great success with the plugin in combination with Akismet.

Does it conflicts with other anti-spam solutions?
I’m currently not aware of any conflicts with other spam solutions.



Version 3.6.0

  • Changed behavior when spammer is detected during registration process.
    The connection will no longer be terminated, but instead it will return an error to the login process. This works better when a plugin uses AJAX for their registration process.
  • Add compatibility with the plugin Events Manager.

Version 3.5.3

  • Detecting remote IP returned wrong information when a loopback address was found.

Version 3.5.2

  • $wpdb->prepare fixes as per WordPress 3.5

Version 3.5.1

  • Reporting spam doesn’t work in WordPress 3.5

Version 3.5.0

  • Do check during WordPress MU user validation
  • Fixes Stop Forum Spam error message reporting.

Version 3.4.2

  • When call to Stop Forum Spam fails on during the check, no error message is reported.

Version 3.4.1

  • Bugfix: If WordPress registration page is embedded in a theme page, an error could possibly occur.

Version 3.4

  • Block comments made without a referrer.
  • When using the plugin Hyper Cache, pages shown to blocked visitors will not be cached. The caching caused to show the blocked page to legit visitors.
  • When no email is provided in a spam comment, you can’t report it to Stop Forum Spam as this is against their policy.

Version 3.3.1

  • Bugfix: Problem with accessing the options pages.

Version 3.3

  • RFC: Add abillity to also check on email.
  • Bugfix: Enqueue certain CSS files instead of loading them directly.
  • Updated the language file.

Version 3.2.6

  • Bugfix: Correctly load the text domain file.

Version 3.2.5

  • Bugfix: HTML changes in the admin section to fit in with WordPress 3.3
  • Bugfix: The columns in the admin section don’t save, making certain columns disappear.
  • Change the name of the Role and removed one Role.

Version 3.2.4

  • Bugfix: The nonce function used by WordPress is sometime valid for less than 24 hours causing a problem with adding IP’s to the blacklist.

Version 3.2.3

  • Bugfix: Adding IP’s to the blacklist by clicking on the link in the email fails.

Version 3.2.2

  • Bugfix: Get the correct visiting IP when using CloudFlare.

Version 3.2.1

  • Bugfix: Fixes undefined method after WordPress 3.2 upgrade.

Version 3.2

  • Adds Immediate Actions (on-hover links) (Ham, Spam, Blacklist and Delete) to the IP Cache Log list below the IP.
  • Adds bulk actions Ham, Spam and Blacklist to the IP Cache Log list.
  • Adds the ability to check with Spamhaus.org
  • When a spam check results in a termination of the connection, no more checks will be performed. This removes the option to receive Project Honey Pot information even when Stop Forum Spam determined the connection can be terminated.
  • When Project Honey Pot determines the visiting IP is a known search engine no further checking is done.
  • Removes the Screen layout option on the IP Cache Log page
  • RFC: Option to add IP’s to blacklist from the comments page.
  • Bugfix: Report&Delete doesn’t work on certain server configurations.
  • Bugfix: Admin javascript does not load, causing the inability to close the metaboxes.

Version 3.1.2

  • An email is send when the report to Stop Forum Spam fails.
  • Bugfix: IP is added to the cache even when the use of the IP cache is disabled.

Version 3.1.1

  • Bugfix: Can not add a site in WordPress Network setup when the plugin is active.

Version 3.1

  • New menu page: IP Cache Log. This gives the ability to manage the IP cache. This only works in WordPress 3.1 and higher.
  • Improvement on checking for spam when a comment is posted.
  • Reporting email will now say which post the spammer was trying to comment on.
  • When reporting a spammer also set the offending IP as spammer in cache.
  • Bugfix: When the visiting IP is not a public IP all the configured spam checks are performed. Private IP’s can be assumed to be safe.
  • Bugfix: The check for Stop Forum Spam is always performed even if set not to check with Stop Forum Spam.
  • Bugfix: The results of a call to Stop Forum Spam are not evaluated.

Version 3.0.5

  • Bugfix: When saving options the options would be erased.
  • Bugfix: Don’t show the Project Honey Pot API key message when the option to check with Project Honey Pot is disabled.

Version 3.0.4

  • Bugfix: When the IP cache was disabled the cache would still be checked.
  • Bugfix: Under certain server configurations, when Project Honey Pot could not be reached the IP to be checked was incorrect.
  • Use minified CSS and Javascript except when WordPress is set to debugging.
  • Adds option for localization. Translation are done through in Launchpad.

Version 3.0.3

  • Bugfix: With PHP 5.3 and up there was a problem with getting the visitors IP.

Version 3.0.2

  • The comment nonce can be activated on the General Options page in the administration section of the plugin.
  • Only show the last 12 months of spam statistics on the Overview page.

Version 3.0.1

  • Pages shown to blocked visitors will not be cached. This is compatible with caching plugins W3 Total cache and WP Super Cache. The caching caused to show the blocked page to legit visitors.
  • Removed comment nonce check due to reported problems.

Version 3.0

  • Plugin is for PHP5 only
  • RFC: Spam check is performed when a user registers.
  • Important!: When using a Honey Pot URL, change the option to be a URL only, the plugin will add the neccessary HTML by default.
  • Bugfix: On pages the nonce check would fail.
  • Bugfix: Typo in window title for menu option overview
  • Bugfix: Blogname would show up as html safe text
  • Bugfix: Checking for spammers when a comment is posted did not utilize the IP cache.
  • Plugin is refactored
  • When an IP is reported to Stop Forum Spam, using Report & Delete, and IP caching is used, the IP is deleted from the cache as the IP is marked as ham in the cache.
  • When an update is available it will show the changelog on the plugin screen of WordPress

Version 2.3.2

  • Bugfix: Commenting didn’t work anymore.

Version 2.3.1

  • Stop Forum Spam is only checked when a comment is posted. All other checks are still done before content is served. The reason for this change is the amount of traffic this plugin caused at the server of Stop Forum Spam.

Version 2.3

  • Better error messages when a problem occurs with a call to Stop Forum Spam.
  • Disabled Stop Forum Spam until a better solution is created.

Version 2.2

  • Changed initial settings for email to not send E-Mail. This is better for busy sites.
  • Option for using a honey pot page by Project Honey Pot.
  • Change in IP caching system. Added the field lastseen. This field will be updated if an IP returns which was previously identified as spam. The daily cleaning of the IP cache database will use this field to determine if the record will be deleted.
  • Bugfix: Database version was never saved.
  • Bugfix: When HTP connection failed, IP was added as no-spam in cache when cache is active.
  • Bugfix: Uninstall didn’t work.
  • Bugfix: Validate admin fields.

Version 2.1.2

  • Bugfix: Settings link on plugin page was incorrect.

Version 2.1.1

  • Bugfix: Menu Option FAQ threw an error.

Version 2.1

  • Added an IP caching system.
  • Administrative layout changes.
  • Optional email can be send with information about the cron jobs of the plugin.
  • Bugfix: The default setting to terminate the connection for Project Honey Pot was unrealistic.

Version 2.0

  • RFC: Optionally check the visitor at Project Honey Pot.
  • RFC: Optionally receive error emails for failed calls to Stop Forum Spam. Error mails were always received.
  • The plugin has a separate menu page.
  • Added very simple statistics.
  • Bugfix: Check Trackbacks/Pingbacks for spammers as well.
  • Bugfix: Reporting a spammer without an email address failed. Stop Forum Spam changed their policy about reporting spammers without an email.

Version 1.3

  • Updated determination of users ip. Now also detects right IP if the server is running Apache with nginx proxy.

Version 1.2.3

  • Bugfix: HTTP Error messages didn’t work properly
  • Refactoring of some of the code.

Version 1.2.2

  • Bugfix: Trackback and Pingback comments were blocked as well

Version 1.2.1

  • Better implementation for getting the remote IP.

Version 1.2

  • Added security to protect against spammers directly posting comments by accessing wp-comments-post.php.
  • An email can be received of a spammer trying posting directly. The email holds a link to report the spammer at Stop Forum Spam ( an API key is required).
  • The black and white list can now hold ranges besides single IP addresses.
  • Some small improvements and bug fixes.

Version 1.1

  • Ability to report a spammer to Stop Forum Spam if you sign up on their website and get an API key (it’s free).
  • Added a link in the emails to add an IP to the local blacklist.
  • Bugfix: Uninstall did not work.
  • RFC: A white list was added.

Version 1.0

  • Initial version
  • Andy

    Tried to activate, but I get this error (running WP 2.7) when I do – any ideas?

    I extracted and copied the directory as it is in the zip file and also tried renaming the directory to avh-fdas as it mentions in the readme.txt file.

    Parse error: syntax error, unexpected T_STRING, expecting ‘,’ or ‘;’ in /home/whav/public_html/wp-content/plugins/avh-fdas/avh-fdas.php(34) : runtime-created function on line 1

  • A suggestion you might want to consider for your plug in is a white list or ignore list for the plugin so that it can ignore crawlers like Google which occasionally cause an error with your plugin…


    • I’ll will add that option.

  • GREAT plugin! the only one able to really block an IP before Counterize logs it!!

    tnx for the great work 🙂

    • I just updated it and noticed now we can use ranges, tnx a lot for it! 😀

  • Thank you for the white list..

    Getting an error which I used the white list to avoid this morning. It is choking on a robot that is crawling my site, one that I want to have crawl as it is my site index provider…

    The error is:

    An error has been detected
    Error: avhfdas error: –

    Accessing: /blog/?m=20080609
    Call took: 0.22973895072937

    Just an FYI….


    • This is an email you received?

  • Yes Peter…

    About 40 of them within 5 minutes this morning…


  • Something isn’t clear to me – does the plugin automatically check an IP against the list at stopforumspam.com? In other words, I don’t need to configure it or tell it to do that, it just does it?

    • Correct.

      No need to tell the plugin to check the Stop Forum Spam database.
      Every IP is checked unless it’s in the Whitelist or Blacklist:

      The steps are
      1. Check if IP in White list, if so go to step 4
      2. Check if IP in Blacklist, if so Terminate the connection.
      3. Check if IP in Stop Forum Spam database, if so and the threshold is reached Terminate the connection.
      4. End of my plugin and process keeps going.

  • Hi Peter…

    I was pondering something this morning and was wondering if it was possible to add this idea to the plug-in…

    When you use the plug-in you get a “this IP was in the StopForumSpam list and was blocked” and after that is a link to the site to look at the information.

    Would it be possible to see that information in the Email?

    Some of the IPs that the plugin catches are Google or other search engines and it would be nice to know immediately if that was an IP was should be on the whitelist or not…

    You might want to consider an additional connection to Project HoneyPot which defines the bot or spammer as:

    Search Engine
    Comment Spammer

    and so on…

    Just a thought!


    • I like the option of adding an optional extra check, I’ll look into that.

      As far as the info is concerned, the email holds some info already from Stop Forum Spam.
      They don’t provided the detailed information the Honeypot Project provides.What other info were you thinking of?

  • Really I think that the definition of what the IP is would be really useful….

    For example, running a Who Is on an IP will tell you if the IP is from Google and then you can white list that IP or more likely, range of IPs so that the plug-in does not block Google from crawling…

    The issue with StopForumSpam is that it only says it is a spammer and the frequency.

    If you just click on the block, like I did this morning, you block Google on a crawl. Seeing the IP resolved to saying what the host is I think would just make it a quicker overall experience for the user…

    Sowwy to be such a pain, but it’s just something that came to mind….


  • Congrats on the new version release Peter!



  • Bryx

    This plugin blocked all my traffic, I thought it was just a setting problem, I checked and everyone is still blocked. I removed the plugin and even after removal, im keep on receiving emails from my server regarding “AVH First Defense Against Spam”, the emails are non stop. Site is fully accesible again, i just don’t know how to stop the emails.. I’m receiving 200,000 pageviews daily. To the author of this plugin, please help. thanks

    • The emails you are receiving are probably all in the mail queue. Unless you have full access to the mailq, unfortunately the only thing left is receiving all the emails.

  • GR

    First of all, thank you for the great plugin.
    I just have one question. How can I make the plugin stop sending me the email about spammers detection? I ticked/unticked every possible options but I keep getting emails from the plugin. Our website gets many visitors and apparently many spammers as well, and I get too much emails from the plugin. Is there way to stop this?

    • I’m glad the plugin is working out for you.

      If you set the email threshold in the 3rd party options to -1 you will never receive an email.
      You can set a threshold for both Stop Forum Spam and Project Honey Pot separately.

  • I just noticed, I have the IP cache enabled on my site, and the Overview page says that it is. But the 3 lines, Total in cache, Total Clean, and Total Spam, have no numbers associated with them.

  • The latest update of First Defence Against Spam breaks my index page after a few lines, ignored by browsers, but not by google and probably other crawlers, so google ignores my website…

    see webmaster tools, how google bot sees….

    • Maarten,

      With Webmaster Tools I no longer have the How Google sees option, it’s been replaced by Labs -> Fetch as Google Bot but when I do this my page comes out fine. Everything is displayed.

      If you could please show what the google bot sees for your site but don’t post it here, just post it in my forum. (http://forums.avirtualhome.com)

  • Currently, as this mod exists, it is the single biggest source of abuse at our website.

    Users will start to find that their blogs will be blocked on our website unless Peter changes the way in which the mod works, from testing every connection to testing only comments when they are added or when a user is registering.

    This mod, I believe, was the only reason that we introduced a 5000/day query limit and why our hosting bills and database utilization have skyrocketed. The API we provide is NOT for testing connections (use zbblock or htaccess instead) but is for the checking of new users/messages.

    Please change the mod asap because heavy usage of our API will result in IP bans, which will result in serious loading times on your blogs

    • As of version 2.3 this problem has been dealt with.

      • Thanks Peter for the emails and so forth, its been really good to see changes made so quckly 🙂

  • drae

    How do I view the cached IPs?

    • I don’t have this implemented yet. It’s on the to-do list.

  • Hi Peter…

    Came across something that I thought I would tell you about…

    I have a blog in UTF8 which has a ‘ in the blog name, that is correctly processed in the email issued by the plug-in.

    I have another blog in latin1 in which the ‘ does not translate correctly in the email…

    Took me forever to figure out that is the issue…



  • I’ve got a good one for you 🙂 I’m testing this out on WP-3.0-Alpha, running multi sites.

    If I ‘Network Activate’ (i.e. activate for all blogs), then I can’t use the drag-and-drop widgets, or dropdowns on menus. This was fixed by just not doing that.

    HOWEVER, when it’s activated, no gravatars show up on the edit-comments page, but they DO show up on the Dashboard.

    Wild, no?

  • Hi, it would be nice to be able to drill down into the spam statistics amd IP cache from the overview.

  • Thanks for great antispam. In May it blocked more than 800 spam comments.

    • I’m glad to hear it is working so well for you. Don’t forgot to Report&Delete the spam messages in WordPress. Your contributions help build their database.

  • This plugin is by far the most effective anti-comment-spam measure I have found to date. I used to add spammer IPs to the default WP blacklist and also to the site’s root .htaccess; a tedious process at best. Since AVH First Defense doesn’t serve content to blacklisted or database-listed spammers, there’s no need to do that anymore.

    I’ve used other plugins that also access the Stop Forum Spam DB but AVH is the first that lets me report new offenders that leak through.

    This is also one of the few plugins that gives you truly useful information about why a comment was deemed spam, i.e. “attempted to access wp-comments-post.php directly”. There is no longer any mystery about whether innocuous-seeming comments are human or bot-generated.

    After moving the .htaccess blacklist into AVH First Defense, and locally blacklisting + reporting another 20 or so spammers, spamming has just plain stopped. Nothing leaks through for Akismet to check.

    Superb work, I’m really impressed.

  • Congratulations on version 3.0 Peter!

    • Thanks Tera. I hope it’s doing the job for your site 🙂

  • Updated to 3.0.1 and no errors or issues…

    Thank you again Peter!

  • Peter, it is possible to make the comment nonce check a user switchable choice in the controls for the plug in?

    I’ve noticed that there seems to be a bit more spam getting by and I am quite willing to have the nounce check on on my Blog…

    • Sure I can do this. Give me a few days and I’ll release it.

  • Thanks for everything Peter!


  • Peter, something happened with 3.0.4 in which all of the previous settings, such as the white and black list have been lost and all checked boxes removed. You cannot select or change any of them, and the black and white lists show a 0 in them rather than the previously entered lists…



    • Thank you Terra for letting me know.

      I just fixed it and release 3.0.5 should take care of it.
      Unfortunately I think your previous settings will be gone.

  • That’s okay, just happy to help!


  • Excellent work, Peter!

    Only had it installed overnight and it already blocked 1600+ attempts with the missing comment nonce only!

    Suggestion for your To-Do list…

    Add an option to LOG the IPs of those attempts that are flagged by the missing comment nonce. And allow an adjustable trigger-level to automatically add them to the local blacklist and/or Report them. This would make it easier than trying to review the emails and spot blocks of IPs to block.

    Look forward to your work!


  • Hello,

    Is there an option on changing the text that is displayed when a spammer comes to the site?


    • No, currently it’s hard coded in the plugin.

      • Ok, would it be easy to add it to the next version?

        • As the next version is close to being released I’ll see if it can be added, otherwise it will be added in the version after.

  • I cant wait for the day my inbox isn’t flooded by useless automatic comments on my WP blog that make no sense and contribute nothing to my website. Canny wait.

  • Danielx64

    I know this is for wordpress, but do you know if there away to make this work on PHPBB?

    • I’m sure there is a way, but I never coded a phpbb plugin

  • Awesome plugin!
    Is there a way to bulk “Blacklist & Delete” comments?

    • Unfortunately not. WordPress doesn’t offer the possibility to add options to the bulk actions.

  • MartinP


    i just updated to WP 3.2 and accessing “IP Cache Log” now results in the following error message:

    Fatal error: Call to undefined method WP_List_Table::WP_List_Table() in /wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.ipcachelist.php on line 53

  • Hello,

    I just upgrade from WordPress 3.1.4 to 3.2 and I am using AVH First Defense Against Spam 3.2.

    The page of IP Cache Log just showed blank, http server give a 500 error. There’s no problem in 3.1.4.

    Please help. Thanks.

    • I just realize that it is not your plugin’s problem, it’s wordpress’s problem.
      I manually modify code wp-admin\includes\class-wp-list-table.php line 80,
      function __construct( $args = array() ) {
      function WP_List_Table( $args = array() ) {

      Problem fixed. I also post on http://wordpress.org/support/topic/upgrade-to-wp-32-broke-backwpup

      Thanks for your great plugin.

  • TeraS

    Sorry but there is a fault in the plugin running under WP 3.2

    Fatal error: Call to undefined method WP_List_Table::WP_List_Table() in /blog/wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.ipcachelist.php on line 53

    FYI Peter…

  • I will address this problem as soon as I get back from vacation. Apologies for the problem.

  • samuel

    Thank you for your efforts in keeping this plugin updated and maintained. A lot of other plugin developers will develop their plugin, release it, but won’t keep it updated or maintained. So thank you for that!

  • SleeplessinDC

    On this page, under “Usage terms of the 3rd Parties”, the link for Stop Forum Spam is a dead link. Perhaps you should use their “Legal, terms and acceptable use policy” page at http://www.stopforumspam.com/legal

  • Peter?

    The 3.2.3 update seems to be failing as the WP Admin page shows that you need to update from 3.2.2 even after you run the updater to 3.2.3 …



    • Terra,

      I don’t seem to have that problem. I just updated this blog through the admin interface as well.

      What happens when you run the updater again?

  • Odd, but after your message came, I did the update through the plugins page to do it automatically and it installed, but didn’t remove the update notice. Did so again and then it did update to 3.2.3.

    Very weird!

  • This may not be the place to post this, but it’s simpler than creating an account on your forums.

    There has been some posts from Stop Forum Spam contributors about your plugin. You can read about them here:




    • Peter

      Thank you for bringing this to my attention, I’m working on it right now.

  • Great plugin! Only issue I have is that the flurry of emails is pretty intense. I vaderified the email threshold is at -1 which according to the inline help, says never to send email. But yet emails of normal connections keep coming? Suggestions?

    • Great response from the developer. App works well and has cut down a lot of the issues we were seeing. A big thank you and kudos. This app is a definite install for any wordpress users out there who suffer from the comment spam. I would also advocate that you go through the pain of setting up the API Key project honeypot, stop-forum-spam.

  • Thank you for creating (and maintaining) this plug-in. I had a little trouble after the initial activation – the WordPress dashboard slowed down and/or refused to display. However, once I logged out and re-logged in, everything worked perfectly. Being able to click the ‘Blacklist and delete’ link saves me a lot of time – no more manual blacklisting and individual submissions to StopForumSpam. Your efforts are much appreciated.

  • Before the update to 3.5.0 the AVH First Defense Against Spam worked perfectly for two weeks, but now my Blog is open again for SPAM like a barn door. Changed something?

    • Peter

      Which 3rd parties are you using?

      Do you have selected the option to receive an email when the check at SFS fails? If no, please do, and see if you get error emails.

      Personally I have seen an rise in spam attempts the last 3 days, they are being blocked though.

  • I get the following error message in the Settings page.

    Warning: Missing argument 2 for wpdb::prepare(), called in /home/stcwdc/stcwdc.org/wdcblog/wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.admin.php on line 357 and defined in /home/stcwdc/stcwdc.org/wdcblog/wp-includes/wp-db.php on line 990

    Warning: Missing argument 2 for wpdb::prepare(), called in /home/stcwdc/stcwdc.org/wdcblog/wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.admin.php on line 358 and defined in /home/stcwdc/stcwdc.org/wdcblog/wp-includes/wp-db.php on line 990

    Warning: Missing argument 2 for wpdb::prepare(), called in /home/stcwdc/stcwdc.org/wdcblog/wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.admin.php on line 359 and defined in /home/stcwdc/stcwdc.org/wdcblog/wp-includes/wp-db.php on line 990
    715 Total of IP’s in the cache
    459 Total of IP’s classified as ham
    256 Total of IP’s classified as spam

  • melissa

    Ok so today I tried to click a link

    and guess what: I got this msg:

    “Access has been blocked.
    Your IP [xyz] has been identified as spam
    Protected by: AVH First Defense Against Spam”

    It’s so stupid,, WHY?? I never spam anything! I’m a HUMAN not bot!! What did I do to earn it?? I doubt I even visited that site and even if I did it’s not like I suck all their bandwith it’s just absurd

    • Peter

      The administrator of the site you tried to visit has your IP flagged as a spammer. The plugin itself doesn’t keep track of spammers, it uses 3rd parties and local, read on the site you visit, lists.
      So I can’t answer the question “Why”.

    • Cynthia

      Your IP address may be listed on some spammer database. Check with the following sites to see if it is listed with them. You can ask them to remove you if you aren’t a spammer.
      Stop Forum Spam. http://www.stopforumspam.com
      Project Honey Pot. http://www.projecthoneypot.org (An API key is needed to check the IP at this party. The key is free.)
      Spamhaus. http://www.spamhaus.org. IP’s are checked with the lists SBL and XBL.
      Also enter your IP address in Google to see if it comes up on any other spammer lists.

      If you use a dynamic IP address, you may have been assigned one someone else used who was a spammer. If so, reset your dynamic IP address to get a clean one.

  • Melissa,
    It is also possible that your whole providers range is blocked. Again Follow Cynthia’s suggestion regarding where to check, and determine if it is an individual block or a range block.

    If you find it listed at one of those sites, you can appeal the listing. YMMV…

  • Can I use this just to make my own blacklist? I use Akismet for spam as I don’t get a lot (well yet), but there are a couple that repetitively hit me that I would like to block.

    • Peter

      Yes you can. If you don’t want to use the 3rd parties just uncheck them in the settings.

  • Thanks Peter!

  • Chris

    Is there any way to check already approved comments with the AVH first defense system?

  • Tags

    I’ve been a loyal follower of Michael Ruhlman of ruhlman.com since the inception of his blog. Recently I had two exploits found by Microsoft Security Essentials. Both times, after I deleted all my cookies, I was unable to post on his blog and received your “Cheating, huh?” message. You might want to look into that unfortunate feature.

    submitted 20 Apr 2013 at 11:03 EDT

    • Peter

      Not sure what the relation is with cookies, unless you log in on the blog.

      • Tags

        Well, I sure don’t know what the relation is, that’s why I’m telling you. That’s the only variable.

  • All I can say is, thank you! One plugin that does it all. Had a lot of spammers (about 1k visitors per day), now most of them blocked. Hope you continue to develop this plugin so it’s supported in the newer versions of wordpress to come!

  • I am trying out the first defence plugin but when a user registers I get the following error:
    Warning: Missing argument 2 for AVH_FDAS_Public::handleFilterRegistrationErrors() in /home/weddings/public_html/directory/wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.public.php on line 247

    Warning: Missing argument 3 for AVH_FDAS_Public::handleFilterRegistrationErrors() in /home/weddings/public_html/directory/wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.public.php on line 247

    Warning: Cannot modify header information – headers already sent by (output started at /home/weddings/public_html/directory/wp-content/plugins/avh-first-defense-against-spam/class/avh-fdas.public.php:247) in /home/weddings/public_html/directory/wp-content/themes/directorypress/PPT/framework/ppt_core.php on line 95

    • Peter


      I send an email to the address you used here.

    • Ramesh

      Is your system working fine? If so, please post the solution.

  • Ramesh

    Can any one got the solution for the following warning message at the time of user registration.

    Warning: Missing argument 2 for AVH_FDAS_Public::handleFilterRegistrationErrors() in D:\Hosting\Classifieds\wp-content\plugins\avh-first-defense-against-spam\class\avh-fdas.public.php on line 282

    Warning: Missing argument 3 for AVH_FDAS_Public::handleFilterRegistrationErrors() in D:\Hosting\Classifieds\wp-content\plugins\avh-first-defense-against-spam\class\avh-fdas.public.php on line 282

    Warning: strlen() expects parameter 1 to be string, object given in D:\Hosting\Classifieds\wp-content\themes\classifiedstheme\PPT\framework\ppt_core.php on line 827

    • Peter

      What version of the plugin? Do you have custom plugins or theme functions for registration?

      • Ramesh

        I am using PremiumPress classifieds theme, and the plugin I am using “AVH First Defense Against Spam : 3.6.3”

        • Same issue for me, I have also tried on another site. I am using Premium press classifieds as well as PP Directory – shame it has this issue, as it is one of the recommended plugins at Premium Press. I have deactivated both for now until a solution is found.

    • Peter

      It sounds like an issue with the theme, as the theme is a premium theme and I don’t have access to it, it’s hard to create a fix. But it sounds like the theme invokes the filter ‘registration_errors’ differently (aka less parameters) then WordPress core itself.

  • J-FD

    Old topic but,
    Just want to say, that I use Directorypress, classified Theme and Shopperpress…. since 2009, and I never had that kind of issue.

    Maybe a plugins conflict !

  • Peter, I have had a similar problem crop up on three different sites running AVH. A visitor reported that when trying to visit the site, they were blocked with the message that their IP was in the blacklist. However, I checked the internal blacklist and their IP was not present. It even happened to me once yesterday, after I had already been to the site three times beforehand. Possible bug?

    • Peter

      Check the IP Cache, if they are marked as spam there they are blocked as well.

  • Hello, I opened a thread in the forum but I can ask the question here too 🙂

    Some of my visitors complain they cannot post a comment and say they see a square with red borders when sending their comment. They don’t see any message.
    Is they a way to make some tests as “spammer” to see if the theme is interfering with the plugin ?

    • Peter

      There isn’t a test to post as a spammer build in the plugin.
      For what it’s worth, a square with red borders is not a part of the plugin

      • Thank you for quick answer. I have the same problem with another similar plugin (Stop Spammers) and I suspect the theme or maybe the combination with Qick Cache that breaks the warning message.

  • Somehow the URL that appears in the message for blocking an ip is not for the site, however it correctly calls up the site and enters the ip into the block list. Where is the setup information contatined (what table) ? Also, unlke other sites, the URL is so long it can’t just be clicked, but has to be copied to the browser address bar. Is that a function of picking up the wrong name for the site?

  • Pat

    Is there a way to block Baiduspider and other bots using AVH? I see them in my plugin Who’s Been Online Visitor Maps and they have increased exponentially since I put the site up in October. I can access their IP’s from the dashboard.

    I don’t know if they are actually causing a problem but an internet search indicates that lots of people do consider them a problem and not many people know how to stop them from accessing a WP blog.

    Is it as simple as putting their IP’s in the blacklist?
    Thank you, Matoca

    • Peter

      It can’t block bots by useragent. Blocking by IP would be the only thing you could do. Note that bots usually use more than 1 ip address.

  • We are a group of volunteers and opening a new scheme in our community.
    Your site provided us with valuable information to work on.

    You’ve done a formidable job and our whole community will be grateful to you.

  • Timothy Burgin

    I’m not seeing the “Report & Delete” option showing up after installing and registering with 3rd party sites.
    I’m using WP Version 3.9.1 and Version 3.6.8 of your plugin.

    FYI the link to your support forums does not work!

  • It looks like the plugin is working ok, however the “Report and Delete” link on each comment just seems to delete it. I can’t see anything logged at SFS.

    I do have the API Key set up in the plugin ok.

    Running latest version of plugin with WP 3.8.2.

  • redworc

    My caching plugin just happened to save the page when a spammer was blocked by AVH from viewing that page. Had ‘show message’ set to on. The cache saved the page with the ‘Your IP is Blocked’ message and showed it to anyone that viewed that page. Clear the cache and page displayed correctly. Happened twice in the last week.

    Is it possible to have AVH display the message on a link like: http://www.mysite.com/avhyouareblocked or some other URL that an actual site page?