KireiFilter
Sign in Create account
WordPress ← Full documentation

WordPress spam detection without CAPTCHA

No plugin install required. Add a small snippet to your theme's functions.php to filter Contact Form 7, WPForms, and other form plugins server-side.

Why a functions.php snippet instead of a plugin?

Plugin-based spam filters like Akismet or CleanTalk add dependencies and need WordPress.com accounts or external service registrations. KireiFilter is a plain REST API — a small PHP snippet is all you need.

No additional plugin to keep updated, no WordPress.com account, and your API token is stored in a constant (or your theme's wp-config.php) rather than in the WordPress options table.

Step 1 — Add the helper to functions.php

functions.php
// Add your API token — ideally in wp-config.php
define('KIREIFILTER_TOKEN', 'your_token_here');
function kireifilter_check(string $content, string $ip = ''): float {
$response = wp_remote_post('https://kireifilter.net/api/v1/spam-check', [
'headers' => [
'Authorization' => 'Bearer ' . KIREIFILTER_TOKEN,
'Content-Type' => 'application/json',
],
'body' => json_encode([
'type' => 'comment',
'content' => $content,
'metadata' => ['ip' => $ip],
]),
]);
$body = json_decode(wp_remote_retrieve_body($response), true);
return (float)($body['score'] ?? 0);
}

Step 2a — Hook into Contact Form 7

functions.php
add_filter('wpcf7_before_send_mail', function ($form) {
$sub = WPCF7_Submission::get_instance();
$data = $sub->get_posted_data();
$score = kireifilter_check(
$data['your-message'] ?? '',
$_SERVER['REMOTE_ADDR'] ?? ''
);
if ($score >= 0.5) {
$sub->set_status('spam');
$sub->set_response('Your message was rejected.');
}
return $form;
});

Step 2b — Hook into WPForms

functions.php
add_action('wpforms_process', function ($fields, $entry, $form_data) {
// field ID 1 = message, field ID 2 = email — adjust as needed
$message = $fields[1]['value'] ?? '';
$email = $fields[2]['value'] ?? '';
if (kireifilter_check($message) >= 0.5) {
wpforms()->process->errors[$entry['id']]['footer'][] = 'Submission rejected.';
}
}, 10, 3);

Notes

  • Store KIREIFILTER_TOKEN in wp-config.php, not in your theme files.
  • Adjust field keys (your-message, your-email) to match your actual CF7 field names.
  • The check takes <50 ms and runs server-side — zero impact on page load or user experience.
  • Score ≥ 0.5 = spam. You can lower the threshold (e.g. 0.7) if you want to be more permissive.

Ready to ditch Akismet?

Free plan — 100 checks/month. No credit card required.

Create free account Full API docs
Related: Akismet alternative reCAPTCHA alternative Contact form spam detection PHP integration