Hello @calypso88 !
I’m very sorry to hear that you’ve experienced this issue while using our plugin!
We’re aware of some cases where the spammers are employing actual people to post the spam so they are able to get around ReCaptcha.
Some possible solutions for this:
1. Trying hCaptcha instead – from the reports we have it seems that hCaptcha is actually better at stopping the spam than ReCaptcha so it may be a good solution here.
2. Trying out this mu-plugin: https://gist.github.com/panoslyrakis/3af8aa3b223249c7754ffd6b76eb6c51
It can be useful if the spammers are using specific words in the messages. Or you can use it as a base to develop your own custom solution.
If you check the link, there’s already a list of banned words you can use as a base.
The word list should be uploaded to wp-content/mu-plugins/bannedwords.csv or you can set that up by changing the line 45: https://gist.github.com/panoslyrakis/3af8aa3b223249c7754ffd6b76eb6c51#file-forminator-banned-words-php-L45
To install the plugin, please adjust your settings in the code (this also includes the error message) and upload the .php and .csv files to wp-content/mu-plugins
3. If the spam comes from a specific country which the site is not expected to serve, you can use our plugin Defender to activate geo-blocking for that country (Defender is a free plugin available from the ww.wp.xz.cn repository): https://wpmudev.com/docs/wpmu-dev-plugins/defender/#locations
Hope this helps!
Best regards,
Pawel
Hi Pawel,
I believe hCaptcha is a paid plugin? Trying to avoid that for now.
It’s a bit odd as this one hidden field is always blank when they submit. So I assume there’s no action hook we could use to do some extra validation on this field?
Hi @calypso88
I hope you are doing well.
hcaptcha should have a free plan too:
https://www.hcaptcha.com/#plans
I don’t want to show an error below a field (or focus on any field),
I just made a test on my lab site and I believe you could use a hidden field, https://monosnap.com/file/frddQaisWYSANPqen0ohLFFXiNVWqY
Best Regards
Patrick Freitas
Hi @calypso88
Just an update about hcaptcha, you don’t need any extra plugins as we have a native integration https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#captcha-field
Best Regards
Patrick Freitas
Hi Patrick,
Ok cool, not focusing on any field is good. But any way to change the message that appears above (“Error: your form is not valid….”)? If it’s a real person spamming us I want to change that message so it appears as if it’s actually submitted – so a fake success message instead of error.
Thanks!
HI @calypso88
I’m not entirely sure yet but I suppose it could be possible with some additional custom code.
But before we get there, let me ask first for some additional clarification.
I understand that you got some additional hidden fields on form (that if not empty would indicate “spammy submission”) but since other solution were also discussed here, what “measures” should be taken into account to consider given submission as “spam” in case of your form?
I mean:
– “honeypot” obviously if it’s enabled
– your custom hidden fields
– but then – do you have Akismet or CleanTalk Anti-Spam integration enabled or not and should it also trigger “false positive”?
– what about captcha – this, I’m guessing, should be giving the real error?
Let me know, please.
Best regards,
Adam
Hi Adam,
Our hidden field has a value. We used to have a slider that updated this value but have temporarily hidden the slider, but the hidden field still has a default value. The spam submissions always blank this field so it’s empty on the submission. Real submissions pass the value.
Yes we have honeypot enabled, and Recaptcha v2 invisible. We don’t have CleanTalk or Akismet as they’re both paid options, which we are trying to avoid.
Hi @calypso88
Thank you for response!
I think you can use this code then:
https://gist.github.com/wpmudev-sls/0787f42205c169a077f1f43cd7156704
You’d need to add it to the site as MU plugin and then adjust this part of code (according to comments) to your needs:
array(
'form_id' => '14815', // form id.
'field_name' => 'email-1', // the field name that you want to validate.
'contain' => '@gmail', // if the field contains this string, then is validated based on the pattern.
// value validation list - you can also use php regex pattern in /your-pattern/ format.
'field_validation_pattern' => array(
'/.*.gmail.com$/',
),
'error_message' => 'This email is not accepted.just use @gmail.com', // error message.
),
You can set in it what field and for what form should be validate and what should it contain, as well as what should be the message displayed to user.
Best regards,
Adam
Hello @calypso88 ,
We haven’t heard from you for several days now, so it looks like you don’t need our assistance anymore.
Feel free to re-open this ticket if needed.
Kind regards
Kasia
