=== BotShield CAPTCHA for Contact Form 7 === Contributors: sabbir37 Tags: captcha, spam protection, contact form 7, recaptcha, turnstile Requires at least: 5.0 Tested up to: 7.0 Stable tag: 2.1.0 Requires PHP: 7.4 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html BotShield CAPTCHA for Contact Form 7 – Advanced Spam Protection with Turnstile, reCAPTCHA, Arithmetic, and Alphanumeric. == Description == Stop contact form spam instantly with **BotShield CAPTCHA for Contact Form 7**. This all-in-one spam protection plugin integrates **Google reCAPTCHA (v2 Checkbox & v3 Invisible)**, **Cloudflare Turnstile** (Privacy-Focused), and lightweight **Built-in Arithmetic/Image Challenges** to block bots while letting real users pass. Whether you need strict security or a friction-free user experience, BotShield gives you complete control over your specific form protection needs. No more spam submissions, fake leads, or automated bot attacks. **Protect Your WooCommerce Store with Enterprise-Grade Security.** Upgrade to **[SecureGate CAPTCHA](https://woocommerce.com/products/securegate-captcha/)** for ultimate full-site protection. Instantly block spam, fake registrations, and checkout fraud using intelligent Cloudflare Turnstile, Google reCAPTCHA, hCaptcha, and powerful Geo-Blocking rules—keeping your store fast, secure, and entirely bot-free. = Key Features & Benefits = * **Multi-Provider Support**: Choose between Google reCAPTCHA, Cloudflare Turnstile, or Self-hosted challenges. * **Google reCAPTCHA Integration**: Supports both **v2 ("I'm not a robot")** and **v3 (Invisible)** keys. * **Cloudflare Turnstile**: The modern, privacy-friendly alternative that stops bots without annoying puzzles. * **Lightweight Built-in Protection**: Use simple Math or Image CAPTCHAs without needing any external API keys. * **Seamless Contact Form 7 Integration**: Adds a dedicated "BotShield" tag generator button directly to the CF7 editor. * **Mobile Optimized**: Fully responsive challenges that work perfectly on smartphones and tablets. * **GDPR Compliant Options**: Turnstile and Built-in modes offer excellent privacy compliance. * **Accessibility Ready**: WCAG 2.1 compliant designs for screen reader support. = Flexible Protection Options = **1. Google reCAPTCHA (The Industry Standard)** * **v2 Checkbox**: The classic "I'm not a robot" checkbox users trust. * **v3 Invisible**: valid users are verified in the background with zero interaction. **2. Cloudflare Turnstile (Privacy-First)** * Verify visitors without solving complex puzzles. Smart, fast, and respectful of user privacy. **3. Built-in Challenges (No Keys Required)** * **Arithmetic**: Simple math questions (e.g., 7 + 2 = ?) effective against basic bots. * **Alphanumeric**: Distorted text images for traditional verification. * *Zero external dependency, 100% self-hosted.* = Perfect For = * Contact forms * Registration forms * Quote request forms * Newsletter signups * Any Contact Form 7 form needing spam protection = Requirements = * WordPress 5.0 or higher * Contact Form 7 plugin (must be active) * PHP 7.4 or higher * GD PHP extension for image CAPTCHAs == Installation == = Step 1: Install & Activate = 1. Go to your WordPress Dashboard > **Plugins** > **Add New**. 2. Search for **"BotShield CAPTCHA"**. 3. Click **Install Now** and then **Activate**. = Step 2: Configure Provider (Global Settings) = 1. Navigate to **Contact > BotShield CAPTCHA**. 2. **Select your Default CAPTCHA Type**: * *Google reCAPTCHA* * *Cloudflare Turnstile* * *Arithmetic / Alphanumeric (Built-in)* 3. **For reCAPTCHA/Turnstile Users**: * Switch to the **"Integration Settings"** tab. * Enter your **Site Key** and **Secret Key** (links provided in the admin panel to get these for free). * Click **Save Settings**. = Step 3: Add to Your Form = 1. Go to **Contact > Contact Forms** and edit your desired form. 2. Click the **"BotShield"** button in the CF7 tag generator toolbar (usually above the message body text area). 3. **Select Interaction Type**: A popup will appear. You can use your "Global Default" or override it with a specific type (e.g., force "Turnstile" on this specific form). 4. Click **Insert Tag**. 5. **CRITICAL**: Ensure the generated shortcode (e.g., `[captcha* captcha-answer]`) is placed **ABOVE** your `[submit]` button. 6. Save the form. = Step 4: Verify = Visit your page with the contact form. You should now see the CAPTCHA of choice protecting your submission! == Frequently Asked Questions == = Do I need API keys? = * **For Built-in CAPTCHAs**: No, these work out of the box. * **For Google reCAPTCHA**: Yes, you need a free Site Key and Secret Key from the [Google reCAPTCHA Admin Console](https://www.google.com/recaptcha/admin). * **For Cloudflare Turnstile**: Yes, you need a free Site Key and Secret Key from the [Cloudflare Dashboard](https://dash.cloudflare.com/). = Which CAPTCHA should I choose? = * **reCAPTCHA v3** or **Cloudflare Turnstile** are best for user experience (invisible/frictionless). * **reCAPTCHA v2** is best if you want users to explicitly proving they are human. * **Built-in** is best for strict privacy requirements or local-only environments. = Is BotShield CAPTCHA GDPR compliant? = Yes. * **Built-in Challenges**: 100% compliant, no data leaves your server. * **Cloudflare Turnstile**: Privacy-focused and generally considered GDPR compliant. * **Google reCAPTCHA**: Subject to Google's privacy policy and terms. = Does this plugin slow down my site? = No. Assets (CSS/JS) are conditionally loaded only on pages where a Contact Form 7 form is present. We prioritize performance and lightweight code. = Can I use multiple CAPTCHAs per page? = Yes! Each Contact Form 7 form can have its own independent CAPTCHA configuration. = does it work on mobile devices? = Absolutely! The CAPTCHA is fully responsive and works perfectly on all devices including smartphones and tablets. = Is it accessible for people with disabilities? = Yes! The plugin includes proper ARIA labels, keyboard navigation, and screen reader compatibility following WCAG 2.1 guidelines. = Can I customize the appearance? = Yes! Choose from three built-in themes (Default, Minimal, Modern) or add custom CSS for further customization. = What is the BotShield CAPTCHA shortcode? = The required shortcode is `[captcha* captcha-answer]`. This tag ensures that the user completes the CAPTCHA before submitting the form. = Can I use the shortcode for Google reCAPTCHA or Turnstile? = Yes! The same `[captcha* captcha-answer]` shortcode works for all types. The plugin automatically renders the correct challenge (reCAPTCHA, Turnstile, or Built-in) based on your settings. = How do I make the shortcode optional? = To make the CAPTCHA optional (not recommended), use the tag without the asterisk: `[captcha captcha-answer]`. == Screenshots == 1. Contact Form 7 tag generator interface for easy CAPTCHA shortcode creation 2. General Settings - CAPTCHA Type selection 3. Integration Settings - Provider Configuration 4. Cloudflare Turnstile CAPTCHA on contact form 5. Google reCAPTCHA on contact form 6. Arithmetic CAPTCHA displaying a math challenge on the contact form 7. Alphanumeric image CAPTCHA showing distorted text characters for security == Changelog == = 2.1.0 = * **Security**: Hardened CAPTCHA validation with stronger server-side token verification and enhanced permission checks for a more robust security posture. * **Improved**: Smoother, more intuitive admin experience with polished UI interactions and visual consistency across all settings screens. = 2.0.0 = * **New**: Added support for Google reCAPTCHA (v2 Checkbox & v3 Invisible). * **New**: Added support for Cloudflare Turnstile (Privacy-focused). * **New**: Completely redesigned Admin Dashboard with modern tabbed interface. * **Improved**: General UI/UX polish for better administrative experience. = 1.0.1 = * **Improved**: Enhanced plugin security and validation protocols. * **Improved**: General stability improvements and other minor fixes. = 1.0.0 = * Initial plugin release. * Arithmetic CAPTCHA with math problems. * Alphanumeric image CAPTCHA with distorted text. * Three difficulty levels (Easy, Medium, Hard). * No API keys required for built-in types. == Upgrade Notice == = 2.1.0 = Recommended update. Strengthens CAPTCHA token security, hardens AJAX endpoint validation, improves admin UI with a premium plugin showcase, and ensures full WordPress 7.0 compatibility. = 2.0.0 = Major release! Added Cloudflare Turnstile and Google reCAPTCHA support, a modern tabbed settings page, and enhanced security improvements. = 1.0.0 = Initial release of BotShield CAPTCHA. Add spam protection to Contact Form 7 forms with simple CAPTCHA challenges. No API keys required! == Privacy Policy == BotShield CAPTCHA does not: * Collect any personal data * Store user information * Transmit data to external servers * Use cookies or tracking * Share information with third parties All CAPTCHA processing happens locally on your WordPress server. The plugin is fully GDPR compliant. == Support & Documentation == * Support Forum: https://wordpress.org/support/plugin/botshield-captcha/ * Developer Website: https://www.rsabbir.com/ == Contributing == Contributions are welcome! Contact the developer or visit the GitHub repository to contribute to this plugin's development. == Credits == * Developed by R. Sabbir (https://www.rsabbir.com/) * Tested with Contact Form 7 6.1.4 and later == Technical Specifications == = Server Requirements = * WordPress 5.0 or higher * PHP 7.4 or higher * Contact Form 7 plugin (active) * GD PHP extension (for image CAPTCHAs) = Browser Support = * Chrome (latest versions) * Firefox (latest versions) * Safari (latest versions) * Microsoft Edge (latest versions) * Mobile browsers (iOS Safari, Chrome Mobile) = Security Features = * Token-based validation system * HMAC-SHA256 signature verification * Automatic token expiration (5 minutes) * XSS protection * CSRF token protection * No session storage required = Performance = * Code: ~50KB total size * Assets: Minified and optimized * Loading: Conditional asset loading on relevant pages * HTTP Requests: Zero external requests * Caching: Compatible with all major WordPress cache plugins