What's new

Changelog

Version history for QWeb Spam Shield AI. Dates are release dates.

v1.2.2 May 30, 2026 Current
Fixed
  • First-time contact form messages are no longer held by mistake. In some setups the very first submission from a brand new visitor could be held for review by Mail Guard. Genuine first messages from new customers now go straight through, while real spam floods are still caught and held.
v1.2.1 May 29, 2026
Added
  • One unified Activity log — the old Queue and Logs pages are now a single timeline of everything Spam Shield handled. Every row is tagged with what it is (form, comment, review, registration, checkout, or outbound email) and its outcome (blocked / held / allowed).
  • Click any row to see the full detail — the actual email, the submitted form content, the IP and country, and the exact reasons it was flagged. Held items can be released or deleted right from the log.
Changed
  • Redesigned the dashboard into two clear panels — Incoming (forms, comments, reviews, checkout) and Outgoing (your site's email) — so it's obvious at a glance what's protected in each direction.
  • Mail Guard's outbound-email settings moved into Settings → Mail Guard (Outbound), and every setting now has an in-line "?" help tooltip.
  • The admin header now shows the exact installed version, read live from the plugin.
v1.1.6 May 29, 2026
Fixed
  • Checkout no longer blocks a real customer who retries a declined card. Email-based velocity now flags the order for review instead of rejecting it; only true bot bursts from one IP are hard-blocked. Card testing stays defended by the payment gateway.
  • Returning customers (logged in, or a guest who already has a paid order) are never velocity-blocked at checkout.
v1.1.3 May 29, 2026
Added
  • Transactional email is now exempt from outbound rate limits — order confirmations, password resets, and receipts always send, even if a contact-form spam burst is hammering your site at the same time.
  • Per-recipient flood cap: contains password-reset bombing aimed at one address without throttling anyone else. Your store/admin address is never capped.
  • Content storage is on by default, so the Activity log keeps the full submission text for review.
Fixed
  • WooCommerce order notifications to an on-site address are no longer mistakenly held by the outbound content scan.
  • Links pointing back to your own domain (and your CDN) are no longer counted as spam links, fixing false positives on notification email.
v1.1.1 May 22, 2026
Fixed
  • Mail Guard ban-list entries with trailing spaces were not matching correctly on the outbound queue check. Trimmed on save and on compare.
  • GeoIP auto-download failed silently on servers where allow_url_fopen is disabled. Now falls back to a curl-based download and logs the method used.
  • Logs page pagination broke when a filter was active and you navigated past page 1. URL parameters are now preserved across page links.
  • Detection sensitivity slider value didn't persist after saving Settings on PHP 8.3 with strict type coercion enabled.
Changed
  • Gemini API timeout increased from 8s to 12s to reduce false "AI unavailable" flags on slow connections.
  • Queue page now shows the AI reason inline without requiring a row expand, making triage faster.
v1.1.0 April 15, 2026
Added
  • Mail Guard — outbound email protection via a wp_mail filter. Suspicious emails are held in a separate outbound queue rather than sent. Configurable whitelist and ban list.
  • Queue page now has two tabs: Inbound spam (flagged form submissions) and Outbound held (Mail Guard queue). Bulk release and bulk delete work on both.
  • Fluent Forms integration added as a supported form plugin alongside the existing CF7, Gravity, and WPForms hooks.
  • Detection sensitivity setting: a 1-10 slider that adjusts the AI confidence threshold before a submission is flagged vs. queued vs. passed through. Defaults to 7.
  • License-expiry grace period: when a license expires, spam protection continues running. Plugin updates and new-site activations pause. A dismissible banner in the admin prompts renewal.
  • Plugin branded as QWeb Spam Shield AI throughout the admin UI (previously showed internal development name).
Fixed
  • WooCommerce checkout hook fired twice on some themes that called woocommerce_checkout_process more than once per submission. De-duplication guard added.
  • GeoIP database auto-downloaded correctly on first activation but not on subsequent reinstalls after database deletion.
  • Comment spam detection missed submissions where the comment author field was empty (anonymous comments). Now checked.
Changed
  • Admin UI rebuilt as a React SPA with client-side routing. Pages: Dashboard, Queue, Logs, Patterns, Settings, Mail Guard. Navigation is now instant, no full page reloads.
  • Logs table columns reordered: Type, Source, IP, Country, Detection method, AI score, Date. Country now shows a flag emoji alongside the code.
  • Qwebmaster visual style applied across all admin screens: blue #1c96f3 accent, Nunito, consistent card layout matching other Qwebmaster tools.
v1.0.2 March 19, 2026
Added
  • IP address and country are now recorded in every log entry. GeoIP database (MaxMind GeoLite2-Country) is downloaded automatically on first use.
  • Disposable-email blocklist now ships with the plugin and is checked on WooCommerce checkout and user registration before the AI call, reducing API usage.
  • Dashboard shows a 30-day sparkline of spam volume so you can spot spikes at a glance.
Fixed
  • Gravity Forms integration threw a PHP notice on forms with file-upload fields when strict notices were enabled.
  • Registration spam check ran even when WordPress user registration was disabled in Settings. Now skipped when registration is off.
v1.0.1 March 5, 2026
Fixed
  • License activation failed with a "key not found" error on sites where ABSPATH ends with a double slash. Key normalization tightened.
  • Settings page threw a white screen on WordPress installs with the default WP_DEBUG_DISPLAY on and a misconfigured Gemini API key. Error is now caught and shown inline.
  • WPForms spam block returned a generic WordPress error instead of the plugin's rejection message. Now uses the WPForms process error API correctly.
  • Uninstall routine left the qweb_spamguard_ options in the database. Cleanup is now complete on uninstall.
Changed
  • Minimum PHP version bumped to 8.1 (from 8.0) to use readonly properties in the Gemini client.
v1.0.0 February 24, 2026
Added
  • Initial release: Google Gemini AI content analysis on all supported form submissions.
  • Supported integrations at launch: WooCommerce checkout, Contact Form 7, Gravity Forms, WPForms, WordPress comments, WordPress user registration.
  • Spam review queue: flagged submissions held for manual review, not deleted automatically.
  • Spam log: searchable table of all detection events with type, source, detection method, AI reason, and timestamp.
  • Pattern overrides: custom keyword patterns you can add to always-block or always-allow a submission regardless of AI score.
  • Settings page: enable/disable individual integrations, configure Gemini API key, set queue retention days.
  • Self-hosted license validation against the Qwebmaster license server (license.qwebmaster.com/v1).
  • Automatic plugin updates delivered via the license API when a new version is available.
  • Dashboard with today's blocked count, detection breakdown by source, and recent flagged items.

Always up to date

Every plan includes automatic updates. Your plugin updates itself when a new version ships, with no manual download needed.

Start free trial See pricing