Title: Custom php validation
Last modified: February 11, 2022

---

# Custom php validation

 *  Resolved [calypso88](https://wordpress.org/support/users/calypso88/)
 * (@calypso88)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/)
 * Hi,
    We’re getting a lot of spam and want to do some custom php validation on
   one of our fields. Note we already have recaptcha and honeypot enabled but get
   spam every single day. We have a hidden field which the spammers always blank
   so I’d like to try some extra validation to stop them submitting the form.
 * Is there an action hook I could use to check if this particular field is NULL,
   and if so return a message (a fake success message) but not submit the form?
   
   I’ve tried this “forminator_custom_form_submit_errors” however I don’t want to
   show an error below a field (or focus on any field), and the main message is “
   Error: Your form is not valid, please fix the errors!” – which I’d like to control.
 * Thanks!

Viewing 9 replies - 1 through 9 (of 9 total)

 *  Plugin Support [Imran – WPMU DEV Support](https://wordpress.org/support/users/wpmudev-support9/)
 * (@wpmudev-support9)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/#post-15356267)
 * Hello [@calypso88](https://wordpress.org/support/users/calypso88/) !
 * I’m very sorry to hear that you’ve experienced this issue while using our plugin!
 * We’re aware of some cases where the spammers are employing actual people to post
   the spam so they are able to get around ReCaptcha.
 * Some possible solutions for this:
 * 1. Trying hCaptcha instead – from the reports we have it seems that hCaptcha 
   is actually better at stopping the spam than ReCaptcha so it may be a good solution
   here.
 * 2. Trying out this mu-plugin: [https://gist.github.com/panoslyrakis/3af8aa3b223249c7754ffd6b76eb6c51](https://gist.github.com/panoslyrakis/3af8aa3b223249c7754ffd6b76eb6c51)
 * It can be useful if the spammers are using specific words in the messages. Or
   you can use it as a base to develop your own custom solution.
 * If you check the link, there’s already a list of banned words you can use as 
   a base.
 * The word list should be uploaded to wp-content/mu-plugins/bannedwords.csv or 
   you can set that up by changing the line 45: [https://gist.github.com/panoslyrakis/3af8aa3b223249c7754ffd6b76eb6c51#file-forminator-banned-words-php-L45](https://gist.github.com/panoslyrakis/3af8aa3b223249c7754ffd6b76eb6c51#file-forminator-banned-words-php-L45)
 * To install the plugin, please adjust your settings in the code (this also includes
   the error message) and upload the .php and .csv files to wp-content/mu-plugins
 * 3. If the spam comes from a specific country which the site is not expected to
   serve, you can use our plugin Defender to activate geo-blocking for that country(
   Defender is a free plugin available from the wordpress.org repository): [https://wpmudev.com/docs/wpmu-dev-plugins/defender/#locations](https://wpmudev.com/docs/wpmu-dev-plugins/defender/#locations)
 * Hope this helps!
 * Best regards,
    Pawel
 *  Thread Starter [calypso88](https://wordpress.org/support/users/calypso88/)
 * (@calypso88)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/#post-15361148)
 * Hi Pawel,
 * I believe hCaptcha is a paid plugin? Trying to avoid that for now.
    It’s a bit
   odd as this one hidden field is always blank when they submit. So I assume there’s
   no action hook we could use to do some extra validation on this field?
 *  Plugin Support [Patrick – WPMU DEV Support](https://wordpress.org/support/users/wpmudevsupport12/)
 * (@wpmudevsupport12)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/#post-15361195)
 * Hi [@calypso88](https://wordpress.org/support/users/calypso88/)
 * I hope you are doing well.
 * hcaptcha should have a free plan too:
 * [https://www.hcaptcha.com/#plans](https://www.hcaptcha.com/#plans)
 * > I don’t want to show an error below a field (or focus on any field),
 * I just made a test on my lab site and I believe you could use a hidden field,
   [https://monosnap.com/file/frddQaisWYSANPqen0ohLFFXiNVWqY](https://monosnap.com/file/frddQaisWYSANPqen0ohLFFXiNVWqY)
 * Best Regards
    Patrick Freitas
 *  Plugin Support [Patrick – WPMU DEV Support](https://wordpress.org/support/users/wpmudevsupport12/)
 * (@wpmudevsupport12)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/#post-15361199)
 * Hi [@calypso88](https://wordpress.org/support/users/calypso88/)
 * Just an update about hcaptcha, you don’t need any extra plugins as we have a 
   native integration [https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#captcha-field](https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#captcha-field)
 * Best Regards
    Patrick Freitas
 *  Thread Starter [calypso88](https://wordpress.org/support/users/calypso88/)
 * (@calypso88)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/#post-15361230)
 * Hi Patrick,
    Ok cool, not focusing on any field is good. But any way to change
   the message that appears above (“Error: your form is not valid….”)? If it’s a
   real person spamming us I want to change that message so it appears as if it’s
   actually submitted – so a fake success message instead of error. Thanks!
 *  Plugin Support [Laura – WPMU DEV Support](https://wordpress.org/support/users/wpmudev-support8/)
 * (@wpmudev-support8)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/#post-15362924)
 * HI [@calypso88](https://wordpress.org/support/users/calypso88/)
 * I’m not entirely sure yet but I suppose it could be possible with some additional
   custom code.
 * But before we get there, let me ask first for some additional clarification.
 * I understand that you got some additional hidden fields on form (that if not 
   empty would indicate “spammy submission”) but since other solution were also 
   discussed here, what “measures” should be taken into account to consider given
   submission as “spam” in case of your form?
 * I mean:
    – “honeypot” obviously if it’s enabled – your custom hidden fields –
   but then – do you have Akismet or CleanTalk Anti-Spam integration enabled or 
   not and should it also trigger “false positive”? – what about captcha – this,
   I’m guessing, should be giving the real error?
 * Let me know, please.
 * Best regards,
    Adam
 *  Thread Starter [calypso88](https://wordpress.org/support/users/calypso88/)
 * (@calypso88)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/#post-15365260)
 * Hi Adam,
 * Our hidden field has a value. We used to have a slider that updated this value
   but have temporarily hidden the slider, but the hidden field still has a default
   value. The spam submissions always blank this field so it’s empty on the submission.
   Real submissions pass the value.
 * Yes we have honeypot enabled, and Recaptcha v2 invisible. We don’t have CleanTalk
   or Akismet as they’re both paid options, which we are trying to avoid.
 *  Plugin Support [Laura – WPMU DEV Support](https://wordpress.org/support/users/wpmudev-support8/)
 * (@wpmudev-support8)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/#post-15372350)
 * Hi [@calypso88](https://wordpress.org/support/users/calypso88/)
 * Thank you for response!
 * I think you can use this code then:
 * [https://gist.github.com/wpmudev-sls/0787f42205c169a077f1f43cd7156704](https://gist.github.com/wpmudev-sls/0787f42205c169a077f1f43cd7156704)
 * You’d need to add it to the site as [MU plugin](https://wordpress.org/support/article/must-use-plugins/)
   and then adjust this part of code (according to comments) to your needs:
 *     ```
       array(
       	'form_id'                  => '14815', // form id.
       	'field_name'               => 'email-1', // the field name that you want to validate.
       	'contain'                  => '@gmail', // if the field contains this string, then is validated based on the pattern.
       	// value validation list - you can also use php regex pattern in /your-pattern/ format.
       	'field_validation_pattern' => array(
       		'/.*.gmail.com$/',
       	),
       	'error_message'            => 'This email is not accepted.just use @gmail.com', // error message.
       ),
       ```
   
 * You can set in it what field and for what form should be validate and what should
   it contain, as well as what should be the message displayed to user.
 * Best regards,
    Adam
 *  Plugin Support [Amin – WPMU DEV Support](https://wordpress.org/support/users/wpmudev-support2/)
 * (@wpmudev-support2)
 * [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/#post-15416169)
 * Hello [@calypso88](https://wordpress.org/support/users/calypso88/) ,
 * We haven’t heard from you for several days now, so it looks like you don’t need
   our assistance anymore.
 * Feel free to re-open this ticket if needed.
 * Kind regards
    Kasia

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘Custom php validation’ is closed to new replies.

 * ![](https://ps.w.org/forminator/assets/icon-256x256.gif?rev=3443182)
 * [Forminator Forms – Contact Form, Payment Form & Custom Form Builder](https://wordpress.org/plugins/forminator/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/forminator/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/forminator/)
 * [Active Topics](https://wordpress.org/support/plugin/forminator/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/forminator/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/forminator/reviews/)

 * 9 replies
 * 5 participants
 * Last reply from: [Amin – WPMU DEV Support](https://wordpress.org/support/users/wpmudev-support2/)
 * Last activity: [4 years, 3 months ago](https://wordpress.org/support/topic/custom-php-validation/#post-15416169)
 * Status: resolved