infinum · dingo-d · Sep 22, 2025 · Sep 22, 2025 · Sep 22, 2025 · Sep 22, 2025
diff --git a/phpstan.neon.dist b/phpstan.neon.dist
@@ -7,7 +7,6 @@ parameters:
 	scanFiles:
 		- vendor/wp-cli/wp-cli/php/class-wp-cli.php
 	bootstrapFiles:
-		- %rootDir%/../../php-stubs/wordpress-stubs/wordpress-stubs.php
 		- vendor-prefixed/autoload.php
 	paths:
 		- src/

diff --git a/src/Activate.php b/src/Activate.php
@@ -13,6 +13,7 @@
 use EightshiftForms\Config\Config;
 use EightshiftForms\Db\CreateActivityLogsTable;
 use EightshiftForms\Db\CreateEntriesTable;
+use EightshiftForms\Db\CreateRateLimitingTable;
 use EightshiftForms\Permissions\Permissions;
 use EightshiftFormsVendor\EightshiftLibs\Plugin\HasActivationInterface;
 use WP_Role;
@@ -44,6 +45,9 @@ public function activate(): void
 		// Create DB table.
 		CreateActivityLogsTable::createTable();
 
+		// Create DB table.
+		CreateRateLimitingTable::createTable();
+
 		// Do a cleanup.
 		\flush_rewrite_rules();
 	}

diff --git a/src/CronJobs/LogEntryCleanupJob.php b/src/CronJobs/LogEntryCleanupJob.php
@@ -0,0 +1,90 @@
+<?php
+
+/**
+ * A cleanup service for log entries.
+ *
+ * @package EightshiftForms\CronJobs
+ */
+
+declare(strict_types=1);
+
+namespace EightshiftForms\CronJobs;
+
+use EightshiftForms\Security\RateLimitingLogEntry;
+use EightshiftFormsVendor\EightshiftLibs\Services\ServiceInterface;
+
+/**
+ * A log entry cleanup service.
+ */
+class LogEntryCleanupJob implements ServiceInterface
+{
+	public const string LOG_ENTRY_CLEANUP_ACTION = 'es_forms_cleanup_log_entries';
+
+	/**
+	 * Register all the hooks
+	 *
+	 * @return void
+	 */
+	public function register(): void
+	{
+		\add_action('init', [$this, 'maybeCleanupLogEntries']);
+		\add_filter('cron_schedules', [$this, 'addJobToSchedule']); // phpcs:ignore WordPress.WP.CronInterval.ChangeDetected
+		\add_action(self::LOG_ENTRY_CLEANUP_ACTION, [$this, 'cleanupLogEntries']);
+	}
+
+	/**
+	 * Cleans up log entries using a recurring action if available, or immediately if not.
+	 * Recurring actions are scheduled using Action Scheduler if available and run daily.
+	 *
+	 * @return void
+	 */
+	public function maybeCleanupLogEntries(): void
+	{
+		if (\function_exists('as_schedule_recurring_action')) {
+			\as_schedule_recurring_action(
+				\time(),
+				\DAY_IN_SECONDS,
+				self::LOG_ENTRY_CLEANUP_ACTION
+			);
+
+			return;
+		} else {
+			if (!\wp_next_scheduled(self::LOG_ENTRY_CLEANUP_ACTION)) {
+				\wp_schedule_event(
+					\strtotime('tomorrow', \time()),
+					'daily',
+					self::LOG_ENTRY_CLEANUP_ACTION
+				);
+			}
+		}
+
+		$this->cleanupLogEntries();
+	}
+
+	/**
+	 * Add job to schedule.
+	 *
+	 * @param array<mixed> $schedules WP schedules list.
+	 *
+	 * @return array<mixed>
+	 */
+	public function addJobToSchedule(array $schedules): array
+	{
+		$schedules['daily'] = [
+			'interval' => \DAY_IN_SECONDS,
+			'display' => \esc_html__('Every day at midnight', 'eightshift-forms'),
+		];
+
+		return $schedules;
+	}
+
+	/**
+	 * Cleans up log entries older than a day.
+	 *
+	 * @return void
+	 */
+	public function cleanupLogEntries(): void
+	{
+		RateLimitingLogEntry::cleanup(\DAY_IN_SECONDS);
+	}
+}
diff --git a/src/CronJobs/SecurityJob.php b/src/CronJobs/SecurityJob.php
diff --git a/src/Db/CreateRateLimitingTable.php b/src/Db/CreateRateLimitingTable.php
@@ -0,0 +1,55 @@
+<?php
+
+/**
+ * Class that holds DB table creation for rate limiting.
+ *
+ * @package EightshiftForms\Db
+ */
+
+declare(strict_types=1);
+
+namespace EightshiftForms\Db;
+
+/**
+ * CreateRateLimitingTable class.
+ */
+class CreateRateLimitingTable
+{
+	/**
+	 * Table name
+	 *
+	 * @var string
+	 */
+	public const string RATE_LIMITING_TABLE = 'es_forms_rate_limiting';
+
+	/**
+	 * Create DB table.
+	 *
+	 * @return void
+	 */
+	public static function createTable(): void
+	{
+		require_once(\ABSPATH . 'wp-admin/includes/upgrade.php');  // @phpstan-ignore-line
+
+		global $wpdb;
+
+		$tableName = $wpdb->prefix . self::RATE_LIMITING_TABLE;
+
+		$charsetCollate = $wpdb->get_charset_collate();
+
+		$sql = "CREATE TABLE {$tableName} (
+			`log_id` int(11) unsigned NOT NULL AUTO_INCREMENT,
+			`form_id` int(11) DEFAULT NULL,
+			`user_token` varchar(256) NOT NULL,
+			`activity_type` varchar(256) NOT NULL,
+			`created_at` bigint(20) NOT NULL,
+			PRIMARY KEY (`log_id`),
+			KEY `token_time` (`user_token`,`created_at`),
+			KEY `token_form_time` (`user_token`,`form_id`,`created_at`),
+			KEY `token_activity_time` (`user_token`,`activity_type`,`created_at`),
+			KEY `token_form_activity_time` (`user_token`,`form_id`,`activity_type`,`created_at`)
+		) $charsetCollate;";
+
+		\maybe_create_table($tableName, $sql);
+	}
+}