=== Berestov Anti-spam for Contact Form 7 ===
Contributors: andreyberestov
Tags: contact form 7, anti-spam, spam protection, forms, cf7
Requires at least: 6.2
Tested up to: 6.9
Requires PHP: 7.0
Stable tag: 1.0.35
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
Donate link: https://www.myetherwallet.com/#send/0x37385DA1388F2921583d4750FB44Def7D76cAb23
Author URI: https://profiles.wordpress.org/andreyberestov

Protect Contact Form 7 and optionally WordPress comments with privacy-friendly anti-spam protection.

== Description ==

Berestov Anti-spam for Contact Form 7 adds a lightweight, privacy-friendly anti-spam layer without modifying Contact Form 7 core files.

Features:

* Layered anti-spam protection designed for real-world form traffic.
* Fresh protection data can be refreshed on rendered forms, which helps on cached pages.
* Front-end assets load only where protected forms are present.
* Optional diagnostic logging to the plugin log file.
* Built-in statistics for allowed and blocked requests.
* Optional WordPress comment protection module.

== Installation ==

1. Upload the plugin folder to the `/wp-content/plugins/` directory.
2. Activate the plugin through the `Plugins` screen in WordPress.
3. Make sure Contact Form 7 is installed and active.
4. Go to `Settings > CF7 Anti-spam` and keep protection enabled.

== Screenshots ==

1. Plugin settings page.

== Frequently Asked Questions ==

= Does this plugin change Contact Form 7 core files? =

No. It integrates through hooks and front-end injection only.

= Does it work with cached pages? =

Yes. The script requests a fresh anti-spam challenge for rendered forms, so cached HTML is less likely to cause stale hidden values.

== Changelog ==

= 1.0.35 =
* Refined public request parsing to read only expected anti-spam fields.

= 1.0.34 =
* Restored cached form challenge refresh support with allowlisted unit tags.

= 1.0.33 =
* Restricted public request parsing to allowlisted anti-spam fields.

= 1.0.32 =
* Addressed WordPress.org review feedback for admin assets, metadata, and output handling.
* Renamed the 24-hour statistics row for clarity.

= 1.0.31 =
* Reduced implementation detail in admin and readme text and cleaned duplicate 1.0.30 entries.

= 1.0.30 =
* Show statistics only for enabled protection modules.
* Unified legacy CF7 passed statistics with modern behavior.

= 1.0.29 =
* Fixed WordPress comment protection token validation by switching comments and challenge refresh to the same shared anti-spam token store.

= 1.0.28 =
* Fixed comment protection token handling to use the shared challenge token store.

= 1.0.27 =
* Removed the hard dependency on Contact Form 7 so the comments module can be used independently.
* Refined the admin interface styling with cleaner native WordPress sections and reduced visual framing.

= 1.0.26 =
* Refined the admin interface layout and visual styling for a cleaner native WordPress look.

= 1.0.25 =
* Refined the settings UI and improved the statistics layout.

= 1.0.24 =
* Improved comment-module debug logging and frontend loading hygiene.

= 1.0.23 =
* Added optional WordPress comment protection module.
* Expanded protection statistics with today, 7-day, 30-day, and all-time ranges.
* Split protection statistics per module for Contact Form 7 and comments.

= 1.0.22 =
* Improved legacy fork blocking and fallback challenge refresh when admin AJAX is restricted.
* Reduced duplicate challenge refresh requests and improved legacy spam response messaging.

= 1.0.18 =
* Added a behavior marker layer for pointer, touch, and keyboard interaction.
* Added protection statistics for passed and blocked submissions.
* Fixed asset versioning so the front-end script version matches the current plugin version.

= 1.0.17 =
* Improved admin hints for clarity and accuracy.

= 1.0.16 =
* Adjusted minimum submission time window for better UX.

= 1.0.15 =
* Improved REST compatibility and challenge handling.

= 1.0.12 =
* Fixed compatibility with Contact Form 7 REST API submissions.

= 1.0.10 =
* Added diagnostic logging system.

= 1.0.0 =
* Initial release.

== Upgrade Notice ==

= 1.0.35 =
Uses stricter allowlisted request parsing.

= 1.0.34 =
Fixes cached form challenge refresh after request allowlist hardening.

= 1.0.33 =
Uses stricter allowlisted request parsing for public anti-spam checks.

= 1.0.32 =
Improves review compliance and clarifies the 24-hour statistics label.

= 1.0.31 =
Refines public-facing descriptions and cleans duplicate 1.0.30 release notes.

= 1.0.30 =
Refines statistics visibility and aligns legacy CF7 passed counting with modern behavior.

= 1.0.29 =
Fixes WordPress comment protection token validation.

= 1.0.28 =
Fixes comment protection token validation for real comment submissions.

= 1.0.27 =
Removes the hard Contact Form 7 dependency and refines the admin interface styling.

= 1.0.26 =
Refines the admin layout and visual styling for a cleaner native WordPress look.

= 1.0.25 =
Refines the settings screen and improves the statistics layout.

= 1.0.24 =
Improves comment-module diagnostics and frontend loading behavior.

= 1.0.23 =
Adds optional WordPress comment protection and expanded per-module statistics.

= 1.0.22 =
Improves legacy fork blocking, fallback refresh, and spam response handling.

= 1.0.18 =
Adds a behavior marker layer, built-in protection statistics, and synchronized asset versioning.

= 1.0.17 =
Improves admin guidance and overall clarity.

= 1.0.16 =
Better balance between spam protection and user experience.

= 1.0.15 =
Improved reliability for modern CF7 AJAX/REST submissions.

= 1.0.12 =
Important fix for Contact Form 7 compatibility.

= 1.0.10 =
Introduces optional debug logging for troubleshooting.

= 1.0.0 =
Initial release.
