CODEWITHSUNDEEP
wordpressforms
Cory Cress
Cory Cress

Reputation: 13

Contact Form Spam Issues

I have a relatively simple contact form on a wordpress website. I have been getting floods of spam recently. I'm concerned about implementing a captcha for conversion reasons. All of the spam entries have a website url (either "http://" or "www.") at least once in the contact form submittal.

Is there a way to prevent the form from executing (hence, I won't receive an email) if "http://" or "www." is submitted on the contact form?

Can anyone tell me how to implement this code?

Upvotes: 1

Views: 269

Answers (3)

Doug
Doug

Reputation: 232

10 years have passed since this question was asked. The best solutions at the time were to implement a honeypot and ReCaptcha.

Today (2023), because of the advent of LLMs, there are much better ways to handle contact form spam: Use one of the APIs like Bot Butcher or Akismet to classify the message (Only pass on messages that have been classified as not spam). The additional benefit is you can now remove Recaptcha or any other "Are you a human?" challenges - which makes for a better user experience.

Upvotes: 0

user850010
user850010

Reputation: 6359

Why don't you just try to install captcha system. reCAPTCHA is very popular. In WordPress you can add it by simply install plugin for it WP-reCAPTCHA

Upvotes: 1

Jared Kipe
Jared Kipe

Reputation: 1187

Sure. You will need to locate the code or method that handles or processes the incoming form data. Next all you would need to do is interrupt the process.

Lets say the current processing looks like this.

function handleContactFormData() {
    if (isset($_POST['from']) && isset($_POST['message']) {
        // put 'from' or 'message' into a DB or email message.
    }
}

Get in the way of the handling if 'http://' or 'www.' are found in the message.

function handleContactFormData() {
    if (isset($_POST['from']) && isset($_POST['message']) {
        if (stripos($_POST['message'], 'http://') !== false || stripos($_POST['message'], 'www.') !== false)
            return;
        }
        // put 'from' or 'message' into a DB or email message.
    }
}

Of course this is highly dependent on how the data is being processed, and what you want the result to be to a user that posts such data to be. But then again, you didn't post any code at all.

Upvotes: 0

Related Questions