rbennemann

Hi @retrovertigo,

We have a fix ready.

Here’s a build with the corrected report link you can install now:
https://www.dropbox.com/scl/fi/ia8lek7gk56o7cx3tp31z/gravity-forms-zero-spam-1.8.0-6a7dc9a.zip?rlkey=27zanb2ow9gdnvfmhagpfy049&dl=1

The same fix ships in the next ww.wp.xz.cn release.

Let me know if anything looks off. Thanks!

Hi there,

You’re reading it correctly. When an entry is flagged as spam, Gravity Forms throws out the form’s configured confirmation (whether that’s a redirect to a thank you page, a redirect URL, or a custom message) and shows the default “Thanks for contacting us! We will get in touch with you shortly.” message inline on the form page instead.

There is no redirect, so a suspected bot never reaches your thank you page and your analytics stay clean.

This is enforced by Gravity Forms itself (not specifically Zero Spam), so it applies to any entry marked as spam regardless of what caught it (honeypot, Zero Spam, Akismet, etc.).

Note: Gravity Forms 2.10+ added a “Custom Spam Confirmation” toggle under Form Settings > Spam that lets you configure a separate confirmation specifically for spam entries if you ever want one. Leaving it off keeps the default-message behavior above.

To test it, here are two easy options:

1. Disable JavaScript in your browser, then submit the form. Zero Spam adds the spam prevention token via JavaScript at submit time, so without JS the submission will be flagged as spam. You should see the default confirmation message appear on the same page instead of being redirected, and the entry will land in Forms > Entries > Spam.
   
2. Temporarily force every submission to be marked as spam by adding this snippet (via a code snippets plugin or your theme’s functions.php):
   

add_filter( 'gform_entry_is_spam', '__return_true' );

Submit the form normally, confirm the default message appears inline instead of a redirect to your thank you page, then remove the snippet.

Hope that helps!

Hi @lajd,

This can sometimes happen when Gravity Forms Zero Spam is active on sites using full-page caching. Zero Spam relies on dynamic output to validate submissions, and if the form page is cached (via a plugin, host, or CDN), that validation can break and result in false positives. If caching is in use, we suggest excluding the form page from being cached and testing again.

If excluding the page from caching isn’t feasible, another option is to disable Gravity Forms Zero Spam. You can then try enabling the built-in Gravity Forms honeypot under Form Settings → Form Options → Enable anti-spam honeypot.

More details here: Gravity Forms Honeypot Feature

Hope this helps!

Hi there,

Gravity Forms Zero Spam is designed to block spam bots by adding a hidden field that automated scripts typically fill out, flagging them as spam. However, the spam you’re receiving is likely from more advanced bots that can detect and bypass these hidden fields or from human-assisted spam.

If spam is still getting through, consider implementing the following:

• Enable Gravity Forms’ built-in honeypot: https://docs.gravityforms.com/spam/#honeypot
• Use reCAPTCHA v2 or v3 for stronger bot filtering: https://www.gravityforms.com/add-ons/recaptcha/
• Limit form submissions per IP and time period using Gravity Wiz’s Limit Submissions plugin: https://gravitywiz.com/documentation/gravity-forms-limit-submissions/

I hope this helps!

Best,