Your real spam protection lives upstream. Cloudflare or CleanTalk or Akismet is sitting between the public internet and your WordPress site, filtering the obvious stuff before it ever hits the review form. You should already be running one of those. Trustie doesn’t replace any of them.
What Trustie Pro adds is a thin, review-specific layer. It fires after the edge tools have done their job, catching the two cases they weren’t designed to look for:
1. An honest customer who accidentally submits twice (forgot they reviewed it, or thought their first one didn’t go through). Cloudflare doesn’t know what counts as a duplicate review on your shop. 2. A script that gets past the edge and starts hammering the review form specifically. Edge tools catch a lot, but the long tail of “low-volume, custom-targeted” scripts can slip through.
Both of those land at the review form, where Pro’s guards take a second look.
The duplicate block
When a second submission for the same customer + same product hits Submit, the check runs server-side and returns a polite form error:
“You have already reviewed this item.”
Inline at the top of the form, the same way other validation errors render. The customer reads it, closes the form, goes back to find their original review.
The check looks at reviews in any state (approved, pending, spam, even trashed), so the customer doesn’t get to silently submit again because their first review isn’t visible yet.
The rate limits
A quiet rate limiter caps how often anyone can submit reviews. Defaults are tuned to stay invisible to honest customers while flagging the patterns scripts use:
- 5 reviews per customer per day (and 2 per hour). A real customer reviewing five things in a day is rare; a script doing it is the whole point.
- 2-minute cooldown between submissions. A human typing a review thoughtfully takes longer than a second.
- 20 reviews per IP per day for guests. Caps the abuse pattern where a script hammers the form from one address.
When a limit fires, the customer sees the relevant message (“You can only submit 5 reviews per day. Please try again tomorrow.”) and the submission is rejected.
Logged so you can see it working
Every blocked submission writes to the Trustie debug log as a warning, with the customer identifier, the product, and the reason. Most shops never check; the value is that nothing’s leaking through. If you ever wonder how often the guards fire, the log tells you.
Tuning the defaults
If you run a campaign that genuinely sends a wave of review requests at once (post-event, end-of-quarter), honest customers might bunch their submissions and hit the daily or hourly cap. The caps are configurable, so bump them up for the duration of the campaign and revert after. The 2-minute cooldown stays where it is; that one’s about throttling scripts, not customers.
Why this just being on by default matters
The duplicate block and the rate limits both run out of the box. You don’t configure them, and you don’t notice them working unless you go looking at the log. The kind of feature that’s most valuable when you forget it exists. Once you’ve seen what your review queue looks like after a script gets through, you don’t go back to running without it.