plugin-icon

SpamAnvil – AI Anti-Spam & Comment Spam Protection

Free AI anti-spam & Akismet alternative. Uses ChatGPT, Claude, Gemini & other LLMs to block comment spam that traditional filters miss.
Évaluations
5
Version
1.11.2
Installations actives
20
Mis à jour récemment
Jul 18, 2026
SpamAnvil – AI Anti-Spam & Comment Spam Protection

SpamAnvil is a free, open-source WordPress anti-spam plugin — and a genuine Akismet alternative — that uses artificial intelligence to block comment spam. Unlike Akismet (which requires a paid plan for commercial sites) or simple keyword-based filters, SpamAnvil leverages large language models (LLMs) to actually understand your comments and detect even the most sophisticated spam. It layers a honeypot, a time trap and per-IP rate limiting in front of the AI, so obvious bots are blocked for free.

Traditional spam filters rely on static word lists and link counting. Spammers have evolved. SpamAnvil fights back with AI that understands context, intent, and language patterns – catching spam that looks legitimate and approving real comments that others would flag.

Why SpamAnvil?

  • 100% Free – No premium tier, no subscription, no hidden costs. Bring your own API key (free options available).
  • Smarter Than Rules – AI understands context. A comment about « buying a new home » won’t be flagged just because it contains « buy ».
  • Defense in Depth – Honeypot, time trap, per-IP rate limit and heuristics block obvious bots for free, so the AI is only spent on the subtle cases.
  • Open Mode – Because the filtering is invisible and automatic, you can drop the usual barriers (name/email, login, moderation) and get more real comments – even anonymous ones – without opening the door to spam.
  • Works With Free AI Models – Use OpenRouter’s free models for $0 cost, or connect premium models for maximum accuracy.
  • Privacy-First – Your data stays between you and your chosen AI provider. IP addresses are stored as salted, keyed hashes (HMAC-SHA-256), not recoverable without your site’s secret. GDPR/LGPD compliant by design.
  • No Cloud Lock-in – Choose from 6+ AI providers. Switch anytime. Your anti-spam, your rules.

Supported AI Providers

  • OpenAI (GPT-4o-mini, GPT-4o, etc.)
  • Anthropic Claude (Claude Sonnet, Haiku, etc.)
  • Google Gemini (Gemini 2.0 Flash, Pro, etc.)
  • OpenRouter (100+ models, including FREE ones)
  • Featherless.ai (Open-source models)
  • Any OpenAI-compatible API (LM Studio, Ollama via proxy, vLLM, etc.)

A Swiss-Army-Knife of Defenses

SpamAnvil layers several spam defenses so cheap, invisible filters catch obvious bots for free and the AI only handles the subtle cases. Every layer is optional and runs before any paid API call:

  • Honeypot – A hidden field bots fill but humans never see. Instant, free block.
  • Time trap – Comments submitted faster than a human could type are flagged. Tamper-proof (signed) and fails open, so it never blocks a real visitor.
  • Per-IP rate limit – Throttles comment floods from a single IP before they even reach the database.
  • Heuristics engine – Regex/statistical pre-analysis (URLs, spam words, gambling/SEO author names, language mismatch, prompt-injection patterns) that auto-spams the obvious cases with no API call.
  • AI verdict – An LLM scores the rest 0-100 in context.

Key Features

  • AI-Powered Spam Detection – Each comment is analyzed by an LLM that scores it 0-100 for spam probability. Works with reasoning models (their thinking is parsed correctly).
  • Layered Bot Defense – Honeypot, time trap and per-IP rate limiting block obvious bots for free, before any AI call.
  • Model Picker – Browse and search each provider’s live model list right from the settings page (OpenAI, OpenRouter, Featherless). OpenRouter shows a « free » badge and context size.
  • « Open Mode » – One toggle removes WordPress comment friction (no required name/email, no login, no moderation hold) so leaving a real, even anonymous, comment is effortless. Comments appear instantly and spam is removed in the background.
  • Verdict Cache – Identical repeated spam reuses a recent AI verdict instead of calling the API again, cutting cost during floods.
  • Intelligent Heuristics Engine – Pre-analyzes comments to catch obvious spam without API calls.
  • Async Background Processing – Comments are queued and processed via WP-Cron so your site stays fast.
  • Smart IP Blocking – Automatically blocks repeat offenders with escalating ban durations (24h, 48h, 96h…).
  • Automatic Retry with Backoff – Failed API calls retry with exponential delays; a real « Test Connection » verifies actual classification, not just the HTTP status.
  • Encrypted API Key Storage – Authenticated AES-256-GCM encryption, or wp-config.php constants for maximum security.
  • Statistics Dashboard & Logs – Track spam caught by each layer, API usage and errors, with the AI’s reasoning for every comment. An admin warning surfaces silent failures (no provider, or a backlog of failed items).
  • Customizable AI Prompts, Fallback Providers, Prompt-Injection Defense, Configurable Threshold, Moderator Bypass.

How It Works

  1. A visitor submits a comment.
  2. Rate limit – too many comments from this IP too fast? Throttled with an HTTP 429 (before anything is stored).
  3. IP block – is the IP already banned for repeat spam? Blocked.
  4. Form traps – was the hidden honeypot filled, or the comment submitted implausibly fast? Marked as spam instantly, no API call.
  5. Heuristics – a quick regex/statistical pre-analysis; obvious spam is auto-marked with no API call.
  6. Otherwise the comment is queued for AI analysis (or processed immediately in sync mode). Identical repeated content reuses a cached verdict.
  7. The AI analyzes the comment in context (post title, author info, heuristic data) and returns a spam score.
  8. Comments above your threshold are marked spam; clean comments are auto-approved. Repeat-offender IPs are escalated.

With Open Mode on, comments publish instantly and any spam is removed in the background instead of being held for moderation.

Use Cases

  • Blogs receiving hundreds of spam comments per day
  • WooCommerce stores where comment spam affects SEO and credibility
  • Membership sites that need to protect community discussions
  • Multilingual sites – AI understands comments in any language, unlike keyword-based filters
  • High-traffic sites – Async processing handles any volume without slowing down your site
  • Sites tired of Akismet – Free alternative with no cloud dependency and full data control

Security

SpamAnvil follows WordPress security best practices throughout:

  • Authenticated AES-256-GCM encrypted API key storage
  • wp-config.php constant support for API keys (never touch the database)
  • Configurable trusted IP header (default REMOTE_ADDR) so a forged X-Forwarded-For cannot bypass IP blocking or rate limiting
  • Nonce verification on all forms and AJAX requests
  • Capability checks on all admin actions
  • Prepared SQL statements on every database query
  • Output escaping on all rendered content
  • Prompt injection defense: boundary tags, system prompt hardening, heuristic injection detection, strict JSON validation, temperature 0

Languages

  • English (default)
  • Translation-ready (.pot file included)

Third-Party Services

SpamAnvil sends comment data (content, author name, email, and URL) to external AI services for spam analysis. The specific service used depends on your configuration. No data is sent until you configure and enable a provider.

When using the « Generic OpenAI-Compatible » option, data is sent to the URL you configure. You are responsible for ensuring compliance with the privacy policies of your chosen service.

Gratuitsur les plans payants
En procédant à l’installation, vous acceptez les Conditions d’utilisation de WordPress.com ainsi que les Conditions de l’extension tierce.
Testé jusqu’à version
WordPress 7.0.2
Cette extension est disponible en téléchargement pour votre site .