MentoGuard

STOP BOTS. PROTECT YOUR FORMS.

WordPress, Contact Form, Anti Spam

Every day, bots flood contact forms with spam — wasting your time, polluting your inbox, and bypassing basic filters. MentoGuard silently analyzes visitor behavior and blocks automated submissions before they happen. No Google reCAPTCHA. No external servers. No GDPR headaches. Just clean, human-only submissions from the moment you install it.

Get from WP
GitHub

Three layers of protection. Zero friction for real users.

MentoGuard does not ask visitors to solve puzzles or tick boxes. Instead it works invisibly in the background — measuring how long someone takes to fill a form, whether they move their mouse, whether they type or paste, and whether the submission came from a real page load.

Bots fail these checks instantly. Humans never notice them.

Silent protection that works on arrival.

MentoGuard uses three independent layers that work together. A signed one-time token verifies every submission came from a real page load. A server-side timing check catches bots that submit in milliseconds. A behavioral score tracks mouse movement, typing patterns, and field interaction. Bots fail all three. Real users never notice any of them.

Token Verification | Time Protection | Behavioral Scoring | Honeypot

Full visibility. Full control.

Every blocked submission is logged with its IP address, spam score, and the exact signals that triggered the block. The Top Spammers page shows your worst offenders ranked by attempt count — one click adds them to the permanent IP blacklist. Test Mode shows live scores without blocking anyone, so you can tune settings before going live. Debug Log shows every validation step in plain language.

Spam Log | Top Spammers | IP Blacklist | Test Mode | Debug Log

Real problems. Real answers.

Here is what MentoGuard solves in under a minute.

SCENARIO 01  ·  OVERNIGHT SPAM FLOOD

You wake up to 200 spam emails. Again.

Your contact form has no protection, or your current CAPTCHA was bypassed. Bots are submitting hundreds of times a day and your inbox is unusable.

HOW TO DO IT

  1. Install MentoGuard
  2. Add mentoguard short code inside your CF7 form before the submit button
  3. Set preset to Balanced
  4. Enable IP Blacklist for repeat offenders

RESULT Spam blocked from first submission — real users unaffected

SCENARIO 02  ·  GDPR COMPLIANCE PROBLEM

Your current anti-spam sends data to Google. Your client is asking questions.

reCAPTCHA v3 transmits visitor data to Google servers. For European clients — especially in Germany, France, or the Netherlands — this creates a legal exposure that is difficult to justify.

HOW TO DO IT

  1. Remove reCAPTCHA from your CF7 form
  2. Install MentoGuard
  3. All validation happens on your own server — nothing leaves your site

RESULT Zero data sent externally — fully GDPR compliant by design

SCENARIO 03  ·  BOT BYPASSING YOUR HONEYPOT

You added a honeypot field. Bots still get through.

Modern bots are smart enough to skip honeypot fields. They load the page, identify the hidden field, and leave it empty on purpose.

HOW TO DO IT

  1. MentoGuard uses behavioral timing and a signed server-side token
  2. Even if a bot loads the page and skips the honeypot, it still fails the timing check and behavioral score
  3. Multiple independent layers mean no single bypass defeats the system

RESULT Layered protection — failing one check is enough to block