Private storage
- Voiceline stores audio files in a private storage folder instead of exposing them like normal public media uploads.
- This reduces direct public access and gives the plugin tighter control over file delivery.
Tokenized access
- Secure actions such as email moderation and protected file access use tokenized links.
- This helps protect approval, deletion, and file access from unauthorized use.
Maintenance mode
- Enable Maintenance when you need the widget visible but want to temporarily stop new submissions.
Sandbox mode
- Enable Sandbox when you want to test the frontend flow without storing real submissions.
User waiting time
- This is the minimum pause required before the same user can send another message.
- It helps slow down spam bursts and repeated rapid submissions.
Per-user rate limiting
- The Rate limiting option controls how many pending messages one user can have at the same time.
- This is one of the main anti-abuse protections in the plugin.
Global rate limiting
- The Global rate limit controls the total number of submissions allowed per hour site-wide.
- Use this to protect the site from spikes, campaigns, or automated attacks.
IP blacklist
- The Blacklist IP option silently blocks known abusive IP addresses.
- Use it for repeated spam, testing bots, or persistent abuse sources.
Privacy consent
- The privacy checkbox is not only useful legally. It also adds an extra explicit step before submission.
- For public radio websites, it is strongly recommended to keep it enabled.
Honeypot and validation
- The plugin includes hidden anti-bot checks and submission validation.
- It also validates required fields, cooldown timing, and file flow before accepting a message.
How to tune security
- Keep a short user waiting time.
- Keep moderate per-user limits.
- Use a conservative global hourly limit.
- Enable privacy consent.
- Blacklist abusive IPs when needed.
- Use Maintenance mode if you are under active spam or during maintenance windows.
Final considerations
The built-in plugin rate-limit is already complex and strong, but it's not guaranteed to be bullet-proof.
If you still experience many spam submissions, consider integrating Cloudflare and WordFence for an extra layer of security, especially against modern AI bots.
