VMS Elements Form Guard

VMS Elements Form Guard is a comprehensive spam protection plugin that validates email domains, blocks disposable emails, and protects your forms from malicious submissions using multiple security layers.

VMS Elements Form Guard Pro adds Form Guard, Contact Guard, Subscribe Guard, AI summaries, email templates, and more.

Key Features

Core Protection

• Disposable Email Detection – Block 10,000+ temporary/disposable email domains automatically
• Email Domain Validation – Verify email domains have valid MX records and HTTPS
• Real-time Validation – Instant feedback before form submission
• Custom Whitelist – Always allow trusted domains
• Custom Blocklist – Add your own blocked domains

Security API Integrations

• Google Web Risk API – Enterprise-grade malware and phishing detection
• VirusTotal Integration – Multi-engine domain scanning with support for multiple API keys
• Google reCAPTCHA – Both v2 and v3 support for bot protection

AI-Powered Features

• AI Spam Detection – Intelligent comment analysis using leading AI providers
• AI Post Summaries – Auto-generate summaries for blog posts
• AI Product Summaries – Auto-generate WooCommerce product summaries
• Multiple AI Providers – OpenAI (GPT-4), Anthropic (Claude), Google Gemini, DeepSeek

Form Protection Guards

• Contact Guard – Protect contact forms from spam
• Subscribe Guard – Protect newsletter subscription forms
• Registration Guard – Protect WordPress user registration
• Login Guard – Protect login forms with validation
• Comment Guard – Advanced comment spam protection with custom rules
• Product Review Guard – Protect WooCommerce product reviews

Additional Features

• Activity Dashboard – Monitor all validation events with analytics
• Detailed Logging – Track every blocked attempt with reasons
• Blocked Users Management – View and manage blocked users
• Custom Error Messages – Customize all validation messages
• Email Templates – Customizable notification emails
• Translation Ready – Full internationalization support

Supported Forms

VMS Elements Form Guard works with any HTML form including:

• Contact Form 7
• WPForms
• Gravity Forms
• Ninja Forms
• Formidable Forms
• Newsletter Plugin
• Mailchimp Forms
• WooCommerce Forms
• WordPress Registration
• WordPress Comments
• Any Custom HTML Form

How It Works

1. Install and Activate – Simple one-click installation
2. Add Form Mapping – Tell the plugin which forms to protect
3. Configure Validation – Choose your protection level
4. Automatic Protection – Forms are protected in real-time

API Keys (Optional)

Basic protection works without any API keys. For enhanced security:

• Google Web Risk – Detect malware and phishing domains
• VirusTotal – Multi-engine scanning (free tier: 500 requests/day)
• AI Providers – Enable intelligent spam detection

Privacy & GDPR

• Only email domains are processed for validation, not full email addresses (unless you enable features that require them).
• Data is sent to third-party services only when you enter API keys and enable those features.
• No personal data is stored on VMS Elements servers by default.
• Full GDPR compliance depends on your configuration and privacy policy.

Privacy Policy

VMS Elements Form Guard does not collect, store, or send any data from your website on its own. Every outbound network call is opt-in and only happens after you explicitly configure the corresponding API key or feature in the plugin settings.

Third-party services used by this plugin

The plugin can connect to the following third-party services. Each one is only contacted when you actively enable the matching feature and provide the required API key:

• Google Web Risk — Sends the email domain or URL hostname being validated to https://webrisk.googleapis.com/v1/uris:search. Requires your own Google API key. Terms of Service · Privacy Policy.
• VirusTotal — Sends the email domain or URL hostname being validated to https://www.virustotal.com/api/v3/domains/. Requires your own VirusTotal API key. Terms of Service · Privacy Policy.
• Google reCAPTCHA — Loaded only when you enable reCAPTCHA on a form. The visitor’s browser exchanges a verification token with https://www.google.com/recaptcha/. Terms · Privacy Policy.
• OpenAI — Sends the message body being moderated to https://api.openai.com/v1/chat/completions. Requires your own OpenAI API key. Terms · Privacy Policy.
• Anthropic — Sends the message body being moderated to https://api.anthropic.com/v1/messages. Requires your own Anthropic API key. Terms · Privacy Policy.
• Google Gemini — Sends the message body being moderated to https://generativelanguage.googleapis.com/. Requires your own Gemini API key. Terms · Privacy Policy.
• DeepSeek — Sends the message body being moderated to https://api.deepseek.com/chat/completions. Requires your own DeepSeek API key. Terms · Privacy Policy.
• Amazon Bedrock — Sends the message body being moderated to the AWS Bedrock Runtime endpoint https://bedrock-runtime.{region}.amazonaws.com/model/{model}/invoke (the region and model are the ones you configure). Requires your own AWS access key, secret key, and model ID. Terms · Privacy Policy.

What data is sent

For each enabled service the plugin sends ONLY:

• The domain part of the submitted email or the URL hostname, for reputation checks (Web Risk, VirusTotal).
• The message text the visitor typed in a guarded textarea, for AI spam moderation (OpenAI, Anthropic, Gemini, DeepSeek, Amazon Bedrock). The chosen AI provider receives the body of the field plus a fixed system prompt.
• The reCAPTCHA token generated by the visitor’s browser, for bot-protection verification (Google reCAPTCHA).

The plugin does NOT send the full submitted form, IP addresses, user accounts, or any other personal data to these third parties.

Data stored locally

The plugin writes only to the WordPress site database. The following tables and options may be created:

• *_vms_elements_form_guard_whitelist_domains, *_vms_elements_form_guard_disposable_domains — Email-domain reputation lists you manage.
• *_vms_elements_form_guard_logs — Validation events (domain, decision, timestamp). No personal data.
• *_vms_elements_form_guard_api_keys — Encrypted copies of the API keys you entered.
• *_vms_elements_form_guard_comment_enforcement — IP/user-ID strike counters for the optional Block User feature.
• vefg-google-config, vefg-virustotal-config, vefg-ai-span-config, vefg-recaptcha-config, vefg-error-messages, vefg-registration-guard — Plugin settings.

All tables and options are removed when you uninstall the plugin.

Cookies

The plugin itself does not set any cookies. Google reCAPTCHA sets its own cookies when you enable it.

GDPR

Because every outbound request requires an administrator to first enable the matching feature and provide an API key, your site only becomes a “data processor” toward these third parties after you opt in. We recommend listing each enabled service in your site’s own privacy policy.

External services

This plugin relies on the following third-party / external services. Each service is contacted ONLY after a site administrator enables the matching feature and provides the required API key or credentials. Nothing is sent by default.

1. Google Web Risk — Used to detect malware and phishing domains. The email domain or URL hostname being validated is sent to https://webrisk.googleapis.com/v1/uris:search each time a guarded field is validated and this feature is enabled. Provided by Google. Terms of Service — Privacy Policy.

2. VirusTotal — Used for multi-engine domain reputation scanning. The email domain or URL hostname being validated is sent to https://www.virustotal.com/api/v3/domains/ each time a guarded field is validated and this feature is enabled. Provided by VirusTotal (Google). Terms of Service — Privacy Policy.

3. Google reCAPTCHA — Used for bot protection on guarded forms. When enabled, the visitor’s browser exchanges a verification token with https://www.google.com/recaptcha/. Provided by Google. Terms of Service — Privacy Policy.

4. OpenAI — Used for AI spam moderation. The message text typed in a guarded field is sent to https://api.openai.com/v1/chat/completions when AI moderation is enabled with this provider. Provided by OpenAI. Terms of Use — Privacy Policy.

5. Anthropic — Used for AI spam moderation. The message text typed in a guarded field is sent to https://api.anthropic.com/v1/messages when AI moderation is enabled with this provider. Provided by Anthropic. Terms — Privacy Policy.

6. Google Gemini — Used for AI spam moderation. The message text typed in a guarded field is sent to https://generativelanguage.googleapis.com/ when AI moderation is enabled with this provider. Provided by Google. Terms — Privacy Policy.

7. DeepSeek — Used for AI spam moderation. The message text typed in a guarded field is sent to https://api.deepseek.com/chat/completions when AI moderation is enabled with this provider. Provided by DeepSeek. Terms — Privacy Policy.

8. Amazon Bedrock — Used for AI spam moderation. The message text typed in a guarded field is sent to the AWS Bedrock Runtime endpoint https://bedrock-runtime.{region}.amazonaws.com/model/{model}/invoke (region and model are the ones you configure) when AI moderation is enabled with this provider. Provided by Amazon Web Services. Service Terms — Privacy Policy.