• Resolved Anita C


    Hello, I have a client using Ninja Forms. The form has been continuously hit by spam since last night. HTMl is being placed in all of the form entries. We have an anti spam question and answer, character limits on others and restrictions set and yet they are still coming in. The restrictions and character limits work on the front end. I think possibly there is some sort of back door to the form where they are able to do this. They are using a series of email address and the IP addresses are changing. Any insight you can give on how this is happening.

Viewing 8 replies - 1 through 8 (of 8 total)
  • Hi @mymothersdaughter,

    Did you find a resolution to this? I’ve had exactly the same issue the past few days, and because of it my host provider suspended my account due to number of times the form was spammed till I removed the issue. Caused chaos on all my sites.

    I’ve been advised to downgrade to Ninja Forms to 3.4.24 by Ninja Forms support team, so Im guessing there is a backdoor in the latest release.

    Thread Starter Anita C


    @whitecurtis when submitting a ticket that was the same response. They are aware of the issue and to downgrade. I use a plugin call WP-Rollback and you can use that to roll back to the previous version. So unfortunate.

    Thanks Anita, will try that. Got a bit of work to do tonight I think now. Such a pain!

    Take care

    Hi All, On of my clients got slammed with email last night. Anita, does the roll back plugin keep the existing forms and submission info? I just downgraded in ninja form settings and lost my forms. This is ridiculous!

    Also, anyone know where the anti-spam fields are, supposedly under template fields/misc. for 3.0, i can find neither…

    Thanks! sorry you are having to deal with this too!

    Thread Starter Anita C


    @mickif I don’t know about forms missing. Maybe it would if you created new forms in between the last update and the most current one. Maybe they can answer that. But I always export my forms to my desktop so even if it had, I could import the last form.

    Make sure you check the box in the settings for Dev Mode. That box is so unnecessary. New users need access to every single setting and configuration. No need to hide things in the Dev Mode. It’s pretty stupid to have it there. That’s just my opinion and something I have to share with clients when I am training.

    Thanks Anita! Once I started looking it all over, I see that spam submissions started heavy on the 10th, before yesterday’s update. Such a pain… take care.

    Hi all,

    Ive reinstalled my site from a back up and ensured I have the following on my site. Ive had no hacks as yet since this was done:

    – Google Recaptcha (on the form)
    – Cerber Security, Antispam & Malware Scan (it says it prevents attacks on forms)
    – I’ve also (as Anita advised) installed previous version of Ninja forms until this is resolved

    After speaking again to the ninja forms team, they are looking in to the issue and a solution will be released.

    They have also suggested using conditional logic to stop the spammers:


    Hope this helps.


    Plugin Contributor Justin McElhaney


    @mymothersdaughter @whitecurtis @mickif
    Can you update Ninja Forms to version and let us know if you are still having this issue by contacting us through ninjaforms.com/contact

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Backdoor Spam Possible’ is closed to new replies.