lemurnick

The issue is with the carousel and images that the browser considers loaded (complete: true), but their naturalWidth and naturalHeight are 0.
Images in the Elementor carousel load via lazy loading but do not display visually, showing an infinite loading animation. At the same time, the images are actually loaded in the DOM, have the status complete: true, but their dimensions naturalWidth/naturalHeight remain 0px.

1. Symptoms:

• Images in the carousel show an infinite loading indicator (spinner)
• No JavaScript or network errors in the browser console
• Images are technically loaded (HTTP 200, visible in the Network tab)
• When inspecting the DOM: img.complete === true, but img.naturalWidth === 0
• The problem occurs only after updating Elementor; previous versions worked correctly
• 30-50% of images remain in the “loading” state
• Scrolling or navigating through slides does not fix the situation

2. Tests performed and their results:

• Disabling lazy loading in Elementor settings | ❌ Doesn’t help | Problem persists |
• Enabling/disabling in plugin settings | ❌ Doesn’t help | Problem persists |
• Clearing browser cache (full) | ❌ Doesn’t help | Problem persists |
• Regenerating CSS in Elementor Tools | ❌ Doesn’t help | Problem persists |
• Disabling all plugins except Elementor | ❌ Doesn’t help | Problem persists |
• Switching to Twenty Twenty-Four theme | ❌ Doesn’t help | Problem persists |
• Disabling image optimization | ❌ Doesn’t help | Problem persists |

3. Technical details:

State of problematic images in the DOM:

// Problematic image:
img.complete === true
img.naturalWidth === 0
img.naturalHeight === 0
img.clientWidth > 0
img.clientHeight > 0
img.loading === "lazy"
img.hasAttribute('data-src') === true

HTML structure:

<div class="swiper-slide swiper-lazy" data-background="url.jpg">
  <img src="" data-src="url.jpg" loading="lazy" class="swiper-lazy">
  <div class="swiper-lazy-preloader"></div> <!-- Remains visible! -->
</div>

4. Temporary workarounds that do work:

Workaround 1: Manual intervention via DevTools

/ Changing any property that triggers reflow /
body { box-sizing: border-box; }
/ Instantly makes images appear /

Workaround 2: Lazy loading fix script (solves the problem):

// Working fix:
const images = document.querySelectorAll('.elementor-image-carousel img[data-src]');
images.forEach(img => {
  if (img.complete && img.naturalWidth === 0) {
    img.src = img.getAttribute('data-src');
    img.removeAttribute('data-src');
    img.loading = 'eager';

    // Remove preloader
    const preloader = img.closest('.swiper-slide')?.querySelector('.swiper-lazy-preloader');
    if (preloader) preloader.style.display = 'none';
  }
});

Workaround 3: CSS workaround:

.elementor-image-carousel .swiper-lazy-preloader {
  display: none !important;
}
.elementor-image-carousel img {
  loading: eager !important;
}

5. Root cause (based on analysis):

Hypothesis: Elementor/Swiper uses Intersection Observer for lazy loading, but after the image loads:

1. The image is marked as complete: true
2. But the load event does not trigger a Swiper update
3. Swiper does not hide the preloader and does not apply the swiper-lazy-loaded class
4. The image remains “invisible” in the DOM, even though it’s technically loaded

Hypothesis confirmation:

• Images are loading (visible in the Network tab)
• Lazy loading attributes (data-src) remain after loading
• Preloaders remain visible
• Manual call to swiper.update() or changing CSS to trigger reflow fixes the display

6. Conditions for occurrence:

• ✅ Elementor Free with carousel is used
• ✅ Lazy loading is enabled (by default or explicitly); disabling it has no effect
• ✅ Multiple images in the carousel (5+)
• ✅ Occurs after updating Elementor
• ❌ Does not depend on hosting, theme, or other plugins

Areas to check:

1. Swiper lazy loading initialization: Check load/error event handlers for lazy images
2. Intersection Observer callbacks: Ensure state updates after image loading
3. Preloaders and CSS classes: Check logic for adding/removing swiper-lazy-loaded
4. Swiper update: Ensure swiper.update() is called after lazy load

Status: Active, requires urgent fix!!!

It’s really cool that can now connect to the filter chain! 🤩
When your plugin became unavailable, so I had to develop a temporary spam protection solution.
In the process, I got a little carried away and as a result, I also got a full-fledged plugin.
Here are its main functions:

1. Automatic ban by IP address
2. Checking the browser language
3. Checking the HTTP link
4. Checking for prohibited words in the message text
5. Checking an empty message
   Penalties if the message field is empty.
6. Checking email for prohibited words
7. Check the subject of the message for keywords
8. User Agent Verification
9. Check the time of filling out the form
10. Honeypot
11. The Honeypot button – send
    Added a hidden submit button that should not be marked.
12. DNSBL
13. Dynamic fields
    Adds dynamic fields using JavaScript
    that must remain empty or contain certain values.
14. Interaction time analysis
    Analyzes the time and order of filling in the fields.
15. Checking with regular expressions in the message text
16. Analysis of the time required to fill in individual fields
    Tracks the focus time on each field and the order in which it is filled in.
    Penalty for filling in fields too quickly and for simultaneous/linear ordering.
17. Token protection
18. Reports and the Report Scheduler
    Settings: report_enabled, report_email, report_days
    Allows you to set up the sending of anti-spam reports by e-mail with a set frequency.
    To the address provided on the website, or you can specify another email address (reports for 1-30 days).
19. Defining form fields
    Automatic detection of forms and form fields (name, email address, subject, message)
    allows you to configure them manually in the admin area and create exceptions.
20. Logging
    Logs all messages with non-zero penalty points (both blocked
    and not) with details (IP, account, reasons, user agent, referrer, etc.).
21. Admin panel management, quick actions, log cleanup,
    reset counters, disable all IP addresses, reset/save settings,
    export/import settings (json), export logs (csv) and prohibited IP(txt)
22. CSS and JS to hide honeypot fields
23. Optimized the admin panel for mobile devices

The implementation of these functions helps a lot.:

• In addition to bad words, regex instantly cuts off 70% of spam through the admin panel – very effective.
• Checking for an empty message text prevents a preliminary reconnaissance by spammers and subsequent mailings – this often helps.
• Checking the timestamp is good. But what if the form was submitted on the specified time?,
  but the time to fill in each field was only 50-100 ms, which clearly indicates a bot.
  Therefore, I added focus and analysis of the interaction time when filling in each of the form fields and the order of filling in the aggregate.
• Reports have been added so that don’t have to log into the admin area every time.

The plans are as follows:

• paragraphs 4 and 7 have compiled lists separately, but this is unnecessary. The list of bad words should have been created unified, but it should be processed on a per-field basis, I’ll finalize it later.
• as a priority, I want to add a DNSBL test and a timeout setting in the administration area.
  Reason: Many dnsbl are not responding or have a long response time, so as not to add slow or non-working dnsbl to the list.
  As a result, the load on the server – DNSBL verification increases the processing time of the form by X ms/s.
  By the way, uceprotect.net very aggressive and often blocks good ip addresses.
• I tried to quickly fix the caching issue but didn’t succeed. For now, I’ve added the CF7 form page to the WP Super Cache exclusions. It works with caching enabled, but there are some nuances.
• change/replace submit with an interactive button, something like a captcha, take the letter with the mouse and drop it into the mailbox,
  like a basketball in a hoop. Or process the time of interaction with the button, set 1-3 seconds instead of clicking.
• I didn’t have time to get to the fingerprint, I didn’t have enough time.

Filters allow you to cut off 100% of spam, but little time has passed for a full assessment.
Non c’è male che non porti un bene. Anyway, now I have a backup option. 😊

Cursed be the day I got involved with elementor.

All in One SEO
Asset CleanUp: Page Speed Booster
Async JavaScript
Autoptimize
Code Snippets
Contact Form 7
Deep Core
Elementor
Email Encoder - Protect Email Addresses
Flamingo
Head & Footer Code
ImageMagick Engine
Object Cache 4 everyone
ReCrawler
Smart Custom 404 Error Page
UpdraftPlus - Backup/Restore
WP Crontrol
WP Super Cache
WP-Optimize

My plugins. If I can’t find the problem, it’s not a big deal. I’ll be checking this thread, and if there’s any news, I’ll install the plugin and test it for you.

All logs and notes, how I came to this conclusion.

 === CF7 ANTISPAM ADVANCED ROOT CAUSE ANALYSIS ===
1. DETAILED SCRIPT LOADING ANALYSIS:
 Total scripts on page: 92
 CF7-related scripts: 6
    Script 1: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'YES', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "YES"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"
      ↳ Inline content preview: // Passing PHP diagnostics to JavaScript
window.cf7a_php_diagnostics = {plugin_active: true,registered_scripts: 0,options_prefix: '_cf7a_'
};...
    Script 2: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'YES', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "YES"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"
    Script 3: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'YES', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "YES"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"
      ↳ Inline content preview: // Updating the debug panel based on the results
setTimeout(() => {const panel = document.querySelector('.cf7a-debug-panel');if (panel) {const status = panel.querySelector('.status');if (typeof cf7a_settings =...
    Script 4: {src: 'https://mysite.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.3', isCF7AntiSpam: 'NO', async: false, defer: true, readyState: undefined, …}async: falsedefer: trueisCF7AntiSpam: "NO"loaded: "LOADING/ERROR"readyState: undefinedsrc: "https://mysite.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.3"
    Script 5: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'NO', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "NO"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"
    Script 6: {src: 'https://mysite.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.3', isCF7AntiSpam: 'NO', async: false, defer: true, readyState: undefined, …}async: falsedefer: trueisCF7AntiSpam: "NO"loaded: "LOADING/ERROR"readyState: undefinedsrc: "https://mysite.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.3"

2. WORDPRESS HOOKS AND INITIALIZATION:
    WordPress JS object: EXISTS
    wp.hooks: EXISTS
    wp.domReady: MISSING

3. CONTACT FORM 7 INITIALIZATION:
    wpcf7 version: UNKNOWN
    wpcf7 cached: 1
    wpcf7 api settings: {root: 'https://mysite.com/wp-json/', namespace: 'contact-form-7/v1'}namespace: "contact-form-7/v1"root: "https://mysite.com/wp-json/"[[Prototype]]: Object
    CF7 forms found: 1
    Form 1 classes: wpcf7-form init
    Form 1 init state: INITIALIZED

4. CF7 ANTISPAM PLUGIN DETECTION:
      true

5. SCRIPT LOADING ERRORS:
    Potentially failed scripts: 0

6. PLUGIN CONFLICT DETECTION:
    ✅ No obvious plugin conflicts detected

7. CF7 ANTISPAM STYLES DETECTION:
    CF7A style sheets: 0

8. DYNAMIC INITIALIZATION CHECK:

9. SCRIPT PATH ANALYSIS:
       CF7A REST routes detected: 13
      /cf7-antispam/v1
      /cf7-antispam/v1/force-geoip-download
      /cf7-antispam/v1/status
      /cf7-antispam/v1/resend_message
      /cf7-antispam/v1/force-update
      /cf7-antispam/v1/reset-blacklist
      /cf7-antispam/v1/reset-dictionary
      /cf7-antispam/v1/full-reset
      /cf7-antispam/v1/rebuild-dictionary
      /cf7-antispam/v1/unban-ip
      /cf7-antispam/v1/ban-forever
      /cf7-antispam/v1/get-blacklist
      /cf7-antispam/v1/export-blacklist

10. ROOT CAUSE ANALYSIS SUMMARY:
      IDENTIFIED ISSUES:
      1. CF7 AntiSpam scripts not enqueued by WordPress
      2. CF7A settings not localized - plugin PHP code not running
  
DELAYED WP SCRIPT ANALYSIS (after DOM ready):
    WP scripts object status: NOT AVAILABLE
EAL-TIME ENQUEUE STATUS CHECK:
    CF7A script elements in DOM: 0

=== CF7 ANTISPAM ADVANCED SCRIPT REGISTRATION ANALYSIS ===
PHP SCRIPT REGISTRY ANALYSIS:
    PHP Registered CF7A Scripts: 0
    PHP Enqueued CF7A Scripts: 0

DYNAMIC WP SCRIPT OBJECT ANALYSIS:
    WP.scripts object not available for analysis
ACTUALLY ENQUEUED/LOADED SCRIPTS ANALYSIS:
    Total enqueued scripts: 44
    Enqueued CF7A scripts: 0

CF7A PHP diagnostics script executed
    === CF7A SUPER DEBUG - START ===
 1. Environment check:
    DOM Ready: loading
    jQuery: MISSING
    WordPress: LOADED
 2. CF7A Scripts in DOM:
    Found scripts: 0
 3. PHP Variables check:
    cf7a_php_diagnostics: {plugin_active: true, plugin_path: 'cf7-antispam/cf7-antispam.php', debug_time: '2025-11-12 03:51:08', memory_usage: '93.25855255127 MB'}
    cf7a_script_analysis: NOT SET
    cf7a_settings: NOT SET
 4. Page context check:
    Current URL: https://mysite.com/contacts/
    Page contains CF7 forms: YES
    Page contains "contacts": YES
 5. Error check:
    PHP diagnostics: {plugin_active: true, plugin_path: 'cf7-antispam/cf7-antispam.php', debug_time: '2025-11-12 03:51:08', memory_usage: '93.25855255127 MB'}
    === CF7A SUPER DEBUG - END ===

DIAGNOSTIC RESULTS:
WHAT WORKS:
PHP code is running - diagnostics are working
The plugin is active (plugin_active: true)
The right way (cf7-antispam/cf7-antispam.php )
CF7 forms are on the page - YES
WordPress JS loaded - LOADED

PROBLEM:
CF7A scripts are not loaded - Found scripts: 0
CF7A settings are not set - cf7a_settings: NOT SET
jQuery is not loaded at the time of diagnosis (but this is normal for early execution)

DETAILED CF7 ANTISPAM DIAGNOSTIC REPORT
THE OVERALL PICTURE
The CF7 AntiSpam plugin is installed and activated, but its JavaScript files are not loaded on the frontend.
This is a critical issue that completely disables the antispam functionality.

WHAT IS WORKING CORRECTLY
1. ACTIVATION OF THE PLUGIN
The plugin is activated in WordPress
Path:
cf7-antispam/cf7-antispam.php , The PHP part of the plugin is running

2. REST API FUNCTIONALITY
13 REST endpoints registered
 API routes available:
/cf7-antispam/v1/status
/cf7-antispam/v1/force-update
/cf7-antispam/v1/reset-blacklist
and the other 10 endpoints

3. CONTACT FORM 7
CF7 is initialized correctly
A form has been found on the contact page
The form is in the init state (initialized)
The wpcf7 object is available in JavaScript

4. WORDPRESS ENVIRONMENT
WordPress JavaScript object loaded
jQuery is loaded (but later in the download process)
44 scripts have been successfully loaded on the page
 There are no conflicts with other anti-spam plugins

 WHAT DOESN 'T WORK
1. CF7 ANTISPAM SCRIPTS
   0 CF7A scripts uploaded to DOM
   0 scripts registered in WordPress
   0 scripts queued up
2. SETTINGS AND CONFIGURATION
   The cf7a_settings object is not defined
   Localization of settings is not performed
3. STYLES
   CF7 AntiSpam styles are not loaded

DETAILED ANALYSIS OF THE CAUSES
THE MAIN REASON: SCRIPTS ARE NOT REGISTERED IN WORDPRESS
Proofs:
PHP has registered CF7A scripts: 0
PHP has queued CF7A scripts: 0
CF7A script elements in DOM: 0
The CF7 anti-spam plugin does not call wp_register_script() for its JS files
The plugin does not call wp_enqueue_script() to add scripts to the queue.
WordPress knows nothing about plugin scripts

SECONDARY CAUSE: THERE IS NO LOCALIZATION OF SETTINGS
Proofreading:
cf7a_settings: NOT INSTALLED
There is no wp_localize_script() call to transfer settings from PHP to JS

TECHNICAL ANALYSIS
PROBLEM STRUCTURE:
php
CORRECT FLOW (missing):
wp_register_script('cf7a-script', $url, $deps, $ver); // ❌ NOT CALLED
wp_enqueue_script('cf7a-script');                      // ❌ wp_localize_script IS NOT CALLED
('cf7a-script', 'cf7a_settings', $data); // ❌ NOT CALLED

RESULT:
Scripts are not loaded into the browser.
The settings are not transmitted in JavaScript
Anti-spam functionality does not work

POTENTIAL CAUSES OF FAILURE:
An error in the main plugin file (cf7-antispam.php )
Script loading conditions are not met
Priority conflict of hooks (wp_enqueue_scripts is called too early/late)
PHP errors in the plugin code that interrupt execution

FINAL ANALYSIS OF THE PROBLEM:
ROOT CAUSE:
File build/script.asset.php it contains an empty array of dependencies, although the CF7 AntiSpam script requires:
jQuery - for basic functionality
of contact-form-7 - for integration with CF7 forms

WHY THIS HAPPENS:
The plugin uses Webpack or another build system
The dependencies were not correctly identified during the build.
As a result, the script is registered without dependencies.
WordPress does not download the necessary libraries before the CF7A script.

CF7A SUCCESS DIAGNOSTIC:
 === BUILD ISSUE RESOLVED ===
 Problem: Empty dependencies array in script.asset.php
 Solution: Manually added dependencies: jQuery, Contact Form 7
 Script loaded: true
 Settings defined: true
 Dependencies loaded:
  - jQuery: false
  - CF7: true

 === CF7A SIMPLE DIAGNOSTIC ===
 DOM Ready: interactive
 CF7A Scripts found: 1
   Script 1: script.js?ver=1829dacfa96318b4e905
 CF7A Settings: DEFINED
   Prefix: _cf7a_
   Version: 1829dacfa96318b4e905
 jQuery: LOADED
 CF7: LOADED
 CF7 Forms: 1
   Form 1 CF7A fields: 1
 === CF7A DELAYED CHECK ===
 CF7A Settings (delayed): DEFINED
 jQuery (delayed): LOADED
 DOMContentLoaded

The problem b8 (fixed via the admin panel)
b8\b8::classify(): Implicitly marking parameter $text as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 125
b8\b8::learn(): Implicitly marking parameter $text as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 328
b8\b8::learn(): Implicitly marking parameter $category as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 328
b8\b8::unlearn(): Implicitly marking parameter $text as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 349
b8\b8::unlearn(): Implicitly marking parameter $category as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 349
b8\lexer\standard::add_token(): Implicitly marking parameter $word_to_remove as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/lexer/standard.php on line 168

[12-Nov-2025 05:32:48 UTC] 🔄 CF7A FALLBACK: Script not loaded by main fix, loading in footer
[12-Nov-2025 05:32:48 UTC] ✅ CF7A FALLBACK: Script loaded directly in footer
[12-Nov-2025 05:32:48 UTC] === CF7A IP DEBUG ===
[12-Nov-2025 05:32:48 UTC] REMOTE_ADDR: XX.XX.XXX.XXX
[12-Nov-2025 05:32:48 UTC] HTTP_X_FORWARDED_FOR: NOT SET
[12-Nov-2025 05:32:48 UTC] HTTP_X_REAL_IP: NOT SET
[12-Nov-2025 05:32:48 UTC] HTTP_CLIENT_IP: NOT SET
[12-Nov-2025 05:32:48 UTC] CF7A Detected IP: XX.XX.XXX.XXX

CF7A HIDDEN FIELDS DEBUG:
 CF7 Forms found: 1
 Form 1:
 CF7A hidden fields: 1
 _cf7a_processed: HAS VALUE
 Value: 1...
 ❌ Address field not found in form

[12-Nov-2025 06:04:02 UTC] === CF7A POSTED DATA FILTER ===
[12-Nov-2025 06:04:02 UTC] Checking address field in posted data: _cf7a_address
[12-Nov-2025 06:04:02 UTC] ❌ CF7A IP FIX (posted_data): Address field is empty
[12-Nov-2025 06:04:02 UTC] CF7A IP FIX (posted_data): Real IP = XX.XX.XXX.XXX
[12-Nov-2025 06:04:02 UTC] ✅ CF7A IP FIX (posted_data): Added encrypted IP

I am faced with the following problems (Apache 2.4 + PHP 8.4+MySQL 8+WP6.8.3):

JavaScript is working incorrectly to fill in hidden fields.
The JavaScript of the plugin does not fill in the required hidden fields of the form:
_cf7a_address (IP address)
_cf7a_version (plugin version)
_cf7a_timestamp (timestamp)
Fields for bot fingerprinting
As a result, the plugin marks all shipments as spam due to the lack of necessary data.

Critical error in the B8 filter database.
A fatal PHP error occurs when submitting the form.:
b8\storage\storage_base: The connected database is not a b8 v3 database
PHP Fatal error: Uncaught Error: Call to a member function classify() on false
The consequences are a complete failure of form processing, the form is not sent.
A temporary solution is to reset B8 via the admin panel, they added it for a reason;)
Although it was possible to add exception handling during B8 initialization and automatic database recovery in case of errors.

Lack of graceful degradation in case of errors.
If any component fails (IP detection, b8, etc.), the entire protection system stops working and collapses.
There is no fallback mechanism – if there are errors in individual components, the rest of the checks do not continue.

Problems with determining the IP address – the plugin does not take into account various proxy/CDN configurations.
Only $_POST[‘_cf7a_address’] is used, but not the standard methods.
There is no multi-level IP detection with a fallback to standard server methods in case of errors.

Caching conflict – static timestamp and other dynamic data values are cached.
When using page caching, time checking becomes ineffective.

I didn’t go into much detail, but looking at the code, I can say that this plugin uses a “fragile” architecture.:

• Relies on client-side JavaScript for mission-critical data
• Has no backup processing mechanisms when client data is unavailable
• Ignores server-side methods for determining the same IP, which are standard

…good luck with the development, maybe I’ll come back in a while 🙂

Thank you