Title: Broken plugin
Last modified: November 13, 2025

---

# Broken plugin

 *  [lemurnick](https://wordpress.org/support/users/lemurnick/)
 * (@lemurnick)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/)
 * Someone got their hands dirty and broke the plugin. After the update, the field
   data was inaccessible, and it started banning everyone. And rightly so—the bad
   plugin should be removed. Long live it – $spam = true; $reason[‘no_ip’] = ‘Address
   field empty’;
 * IP address field of $remote_ip is empty, this means it has been modified, removed
   or hacked! (i’m getting the real ip from http header). Broken plugin – solution
   to remove!

Viewing 15 replies - 1 through 15 (of 17 total)

1 [2](https://wordpress.org/support/topic/broken-plugin-82/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/broken-plugin-82/page/2/?output_format=md)

 *  Plugin Author [Erik](https://wordpress.org/support/users/codekraft/)
 * (@codekraft)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18715192)
 * Hi [@lemurnick](https://wordpress.org/support/users/lemurnick/),
   Please remember
   that this is not the support forum and that it is possible that the error you
   are seeing is due to some incompatibility or other issue not strictly related
   to the plugin (or as you claim, to all installations of the plugin), that I cannot
   currently identify given the limited information I have. Yesterday, the plugin
   was downloaded by 3,000 people, and so far, you are the only one reporting this
   issue.
 * I ask you not to be so disrespectful to those who produce free software.
 *  Thread Starter [lemurnick](https://wordpress.org/support/users/lemurnick/)
 * (@lemurnick)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18715344)
 * What else can I tell you? Here’s my answer after the update…
 * data_mismatch: Version mismatch ” != ‘0.7.1’ bot_fingerprint: timezone, platform,
   screens, user_agent, app_version, webdriver, session_storage, bot_fingerprint,
   memory bot_fingerprint_extras: activity 0, mouseclick_activity, mousemove_activity,
   webgl, webgl_render browser_language: missing browser language language_field:
   missing language field timestamp: undefined
 * If you don’t test your code before production, what other relationship can there
   be? Don’t worry too much, I’ve already removed it and installed another plugin
   that doesn’t cause any “incompatibility” issues.
 *  Plugin Author [Erik](https://wordpress.org/support/users/codekraft/)
 * (@codekraft)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18715398)
 * Hi [@lemurnick](https://wordpress.org/support/users/lemurnick/),
 * I don’t understand how you can claim that I don’t test my code before production.
    - I personally use every new release for at least a couple of days on my own
      blog ([https://modul-r.codekraft.it/contacts/](https://modul-r.codekraft.it/contacts/)).
    - I also deploy it on 4-5 of my clients’ websites, which receive at least ten
      form submissions daily (I obviously cannot share these for privacy reasons).
    - Furthermore, I have automated End-to-End (E2E) and unit tests running for 
      every pull request to the repository, a practice that, to my knowledge, few
      plugins—including popular ones like CF7—have.
 * The specific problem you are describing can happen, and I suspect you have JavaScript
   issues on your site. This would prevent the script designed to “observe” the 
   form completion from executing correctly.
 * I remain quite confident that this issue is limited to your specific website.
   However, if you are right, we will certainly see many more feedback/reports/issues
   like yours within the next few days.
 *  Thread Starter [lemurnick](https://wordpress.org/support/users/lemurnick/)
 * (@lemurnick)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18715450)
 * I am faced with the following problems (Apache 2.4 + PHP 8.4+MySQL 8+WP6.8.3):
 * JavaScript is working incorrectly to fill in hidden fields.
   The JavaScript of
   the plugin does not fill in the required hidden fields of the form:_cf7a_address(
   IP address)_cf7a_version (plugin version)_cf7a_timestamp (timestamp)Fields for
   bot fingerprintingAs a result, the plugin marks all shipments as spam due to 
   the lack of necessary data.
 * Critical error in the B8 filter database.
   A fatal PHP error occurs when submitting
   the form.:b8\storage\storage_base: The connected database is not a b8 v3 databasePHP
   Fatal error: Uncaught Error: Call to a member function classify() on falseThe
   consequences are a complete failure of form processing, the form is not sent.
   A temporary solution is to reset B8 via the admin panel, they added it for a 
   reason;)Although it was possible to add exception handling during B8 initialization
   and automatic database recovery in case of errors.
 * Lack of graceful degradation in case of errors.
   If any component fails (IP detection,
   b8, etc.), the entire protection system stops working and collapses.There is 
   no fallback mechanism – if there are errors in individual components, the rest
   of the checks do not continue.
 * Problems with determining the IP address – the plugin does not take into account
   various proxy/CDN configurations.
   Only $_POST[‘_cf7a_address’] is used, but not
   the standard methods.There is no multi-level IP detection with a fallback to 
   standard server methods in case of errors.
 * Caching conflict – static timestamp and other dynamic data values are cached.
   
   When using page caching, time checking becomes ineffective.
 * I didn’t go into much detail, but looking at the code, I can say that this plugin
   uses a “fragile” architecture.:
    - Relies on client-side JavaScript for mission-critical data
    - Has no backup processing mechanisms when client data is unavailable
    - Ignores server-side methods for determining the same IP, which are standard
 * …good luck with the development, maybe I’ll come back in a while 🙂
 *  Plugin Author [Erik](https://wordpress.org/support/users/codekraft/)
 * (@codekraft)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18715515)
 * Hi [@lemurnick](https://wordpress.org/support/users/lemurnick/),
 * I appreciate that you have raised several valid and, in some cases, agreeable
   points regarding the architecture. However, I still don’t understand the punitive
   way used, which is not constructive at all.
 * Aside from the (legitimate) choice not to use this plugin, you have the choice,
   for example, to disable the entire JS section and use only certain functions 
   of the plugin, like the honeypots. Using JS has its pros and cons; for instance,
   many bots don’t execute it, making them easily “captured.”
 * I find it somewhat amusing when you call the plugin’s architecture “fragile,”
   especially when compared to simple honeypot plugins that rely entirely on using
   JS to insert fields (which, as I mentioned, a large portion of bots do not execute).
   Are those plugins reliable? Did you leave a poor feedbacks for them too?
 * I’d like to point out a couple of things:
    - PHP 8.4 is currently only in beta support for WordPress, and that could easily
      be the source of the critical error you experienced with the B8 filter.
    - The IP address is checked in a multi-layered way, not only using the frontend
      method you saw but also using PHP. You can find the server-side detection 
      logic here: [https://github.com/wp-blocks/cf7-antispam/blob/main/core/functions.php#L19-L46](https://github.com/wp-blocks/cf7-antispam/blob/main/core/functions.php#L19-L46)
 * You are correct that the plugin doesn’t have a backup mechanism for every component.
   But tell me: how many anti-spam WordPress plugins do you know that have that 
   level of graceful degradation?
 * Ideally, you are perfectly right about the architecture. If you feel strongly
   about these architectural issues, you are more than welcome to contribute to 
   the development. I have never rejected a sensible pull request from anyone.
   Anyway,
   thanks, you’ve given me a couple of ideas in the end.
 *  Thread Starter [lemurnick](https://wordpress.org/support/users/lemurnick/)
 * (@lemurnick)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18716166)
 * Okay, it got interesting. I decided to connect the plugin, diagnose the problem,
   and found the following:
 * File /build/script.asset.php contains an empty array of dependencies: ‘dependencies’
   => array()
   Because of this, the plugin scripts are not loaded, as WordPress does
   not know that jQuery and Contact Form 7 are needed.For a temporary fix, I had
   to manually register scripts with the correct dependencies.
 * Diagnostic results after correction:
   `=== CF7A SIMPLE DIAGNOSTIC ===DOM Ready:
   interactiveCF7A Scripts found: 1Script 1: script.js?ver=1829dacfa96318b4e905✅
   CF7A Settings: DEFINEDkPrefix: _cf7a_Version: 1829dacfa96318b4e905✅jQuery: LOADED
   ✅CF7: LOADEDCF7 Forms: 1Form 1 CF7A fields: 1=== CF7A DELAYED CHECK ===✅CF7A
   Settings (delayed): DEFINED✅jQuery (delayed): LOADEDDOMContentLoaded
 * Before the fix, it was::
   `=== BUILD ISSUE RESOLVED ===❌Problem: Empty dependencies
   array in script.asset.php✅Solution: Manually added dependencies: jQuery, Contact
   Form 7✅Script loaded: true✅Settings defined: trueependencies loaded:❌jQuery:
   false✅CF7: true
 * After fixing the script download, another problem appeared.:
   The plugin does 
   not add the hidden field `_cf7a_address` to the Contact Form 7 forms.It is possible
   that the CF7 form check on the page is not working correctly.The result is the
   error `"no_ip: Address field empty"` when submitting any form.Forcibly added 
   the IP address field to the forms via JavaScript,but it didn’t help – the data
   is already there, but the verification fails.
 * The logs show:
   `=== CF7A POSTED DATA FILTER ===Checking address field in posted
   data: _cf7a_address❌ CF7A IP FIX (posted_data): Address field is emptyCF7A IP
   FIX (posted_data): Real IP = XX.XX.XXX.XXX✅ CF7A IP FIX (posted_data): Added
   encrypted IP
 * I intercepted the form submission to add the IP address to the data, but it didn’t
   help.
   The data is already there, but the verification fails.
 * There may be a problem with hook priorities.
   Scripts are registered on the wp_footer
   hook, but must be registered on wp_enqueue_scriptsThe checks occur before the
   data can be prepared.
    1. Look at the build system
       Check that the Webpack/importer defines the dependencies
       correctly.In build/script.asset.php must be: ‘dependencies’ => array(‘jquery’,‘
       contact-form-7’)
    2. Fix adding and checking hidden fields
       Check the cf7a_add_hidden_fields() method
       in the CF7_AntiSpam_Frontend class.Make sure that the _cf7a_address field is
       added to all CF7 forms.
    3. Perhaps you need to optimize hook priorities.
       Register scripts on wp_enqueue_scripts,
       not wp_footerCheck the data after it is fully prepared.
 *  Thread Starter [lemurnick](https://wordpress.org/support/users/lemurnick/)
 * (@lemurnick)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18716309)
 * All logs and notes, how I came to this conclusion.
 *     ```wp-block-code
        === CF7 ANTISPAM ADVANCED ROOT CAUSE ANALYSIS ===1. DETAILED SCRIPT LOADING ANALYSIS: Total scripts on page: 92 CF7-related scripts: 6    Script 1: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'YES', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "YES"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"      ↳ Inline content preview: // Passing PHP diagnostics to JavaScriptwindow.cf7a_php_diagnostics = {plugin_active: true,registered_scripts: 0,options_prefix: '_cf7a_'};...    Script 2: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'YES', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "YES"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"    Script 3: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'YES', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "YES"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"      ↳ Inline content preview: // Updating the debug panel based on the resultssetTimeout(() => {const panel = document.querySelector('.cf7a-debug-panel');if (panel) {const status = panel.querySelector('.status');if (typeof cf7a_settings =...    Script 4: {src: 'https://mysite.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.3', isCF7AntiSpam: 'NO', async: false, defer: true, readyState: undefined, …}async: falsedefer: trueisCF7AntiSpam: "NO"loaded: "LOADING/ERROR"readyState: undefinedsrc: "https://mysite.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.3"    Script 5: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'NO', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "NO"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"    Script 6: {src: 'https://mysite.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.3', isCF7AntiSpam: 'NO', async: false, defer: true, readyState: undefined, …}async: falsedefer: trueisCF7AntiSpam: "NO"loaded: "LOADING/ERROR"readyState: undefinedsrc: "https://mysite.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.3"2. WORDPRESS HOOKS AND INITIALIZATION:    WordPress JS object: EXISTS    wp.hooks: EXISTS    wp.domReady: MISSING3. CONTACT FORM 7 INITIALIZATION:    wpcf7 version: UNKNOWN    wpcf7 cached: 1    wpcf7 api settings: {root: 'https://mysite.com/wp-json/', namespace: 'contact-form-7/v1'}namespace: "contact-form-7/v1"root: "https://mysite.com/wp-json/"[[Prototype]]: Object    CF7 forms found: 1    Form 1 classes: wpcf7-form init    Form 1 init state: INITIALIZED4. CF7 ANTISPAM PLUGIN DETECTION:      true5. SCRIPT LOADING ERRORS:    Potentially failed scripts: 06. PLUGIN CONFLICT DETECTION:    ✅ No obvious plugin conflicts detected7. CF7 ANTISPAM STYLES DETECTION:    CF7A style sheets: 08. DYNAMIC INITIALIZATION CHECK:9. SCRIPT PATH ANALYSIS:       CF7A REST routes detected: 13      /cf7-antispam/v1      /cf7-antispam/v1/force-geoip-download      /cf7-antispam/v1/status      /cf7-antispam/v1/resend_message      /cf7-antispam/v1/force-update      /cf7-antispam/v1/reset-blacklist      /cf7-antispam/v1/reset-dictionary      /cf7-antispam/v1/full-reset      /cf7-antispam/v1/rebuild-dictionary      /cf7-antispam/v1/unban-ip      /cf7-antispam/v1/ban-forever      /cf7-antispam/v1/get-blacklist      /cf7-antispam/v1/export-blacklist10. ROOT CAUSE ANALYSIS SUMMARY:      IDENTIFIED ISSUES:      1. CF7 AntiSpam scripts not enqueued by WordPress      2. CF7A settings not localized - plugin PHP code not running  DELAYED WP SCRIPT ANALYSIS (after DOM ready):    WP scripts object status: NOT AVAILABLEEAL-TIME ENQUEUE STATUS CHECK:    CF7A script elements in DOM: 0=== CF7 ANTISPAM ADVANCED SCRIPT REGISTRATION ANALYSIS ===PHP SCRIPT REGISTRY ANALYSIS:    PHP Registered CF7A Scripts: 0    PHP Enqueued CF7A Scripts: 0DYNAMIC WP SCRIPT OBJECT ANALYSIS:    WP.scripts object not available for analysisACTUALLY ENQUEUED/LOADED SCRIPTS ANALYSIS:    Total enqueued scripts: 44    Enqueued CF7A scripts: 0CF7A PHP diagnostics script executed    === CF7A SUPER DEBUG - START === 1. Environment check:    DOM Ready: loading    jQuery: MISSING    WordPress: LOADED 2. CF7A Scripts in DOM:    Found scripts: 0 3. PHP Variables check:    cf7a_php_diagnostics: {plugin_active: true, plugin_path: 'cf7-antispam/cf7-antispam.php', debug_time: '2025-11-12 03:51:08', memory_usage: '93.25855255127 MB'}    cf7a_script_analysis: NOT SET    cf7a_settings: NOT SET 4. Page context check:    Current URL: https://mysite.com/contacts/    Page contains CF7 forms: YES    Page contains "contacts": YES 5. Error check:    PHP diagnostics: {plugin_active: true, plugin_path: 'cf7-antispam/cf7-antispam.php', debug_time: '2025-11-12 03:51:08', memory_usage: '93.25855255127 MB'}    === CF7A SUPER DEBUG - END ===DIAGNOSTIC RESULTS:WHAT WORKS:PHP code is running - diagnostics are workingThe plugin is active (plugin_active: true)The right way (cf7-antispam/cf7-antispam.php )CF7 forms are on the page - YESWordPress JS loaded - LOADEDPROBLEM:CF7A scripts are not loaded - Found scripts: 0CF7A settings are not set - cf7a_settings: NOT SETjQuery is not loaded at the time of diagnosis (but this is normal for early execution)DETAILED CF7 ANTISPAM DIAGNOSTIC REPORTTHE OVERALL PICTUREThe CF7 AntiSpam plugin is installed and activated, but its JavaScript files are not loaded on the frontend.This is a critical issue that completely disables the antispam functionality.WHAT IS WORKING CORRECTLY1. ACTIVATION OF THE PLUGINThe plugin is activated in WordPressPath:cf7-antispam/cf7-antispam.php , The PHP part of the plugin is running2. REST API FUNCTIONALITY13 REST endpoints registered API routes available:/cf7-antispam/v1/status/cf7-antispam/v1/force-update/cf7-antispam/v1/reset-blacklistand the other 10 endpoints3. CONTACT FORM 7CF7 is initialized correctlyA form has been found on the contact pageThe form is in the init state (initialized)The wpcf7 object is available in JavaScript4. WORDPRESS ENVIRONMENTWordPress JavaScript object loadedjQuery is loaded (but later in the download process)44 scripts have been successfully loaded on the page There are no conflicts with other anti-spam plugins WHAT DOESN 'T WORK1. CF7 ANTISPAM SCRIPTS   0 CF7A scripts uploaded to DOM   0 scripts registered in WordPress   0 scripts queued up2. SETTINGS AND CONFIGURATION   The cf7a_settings object is not defined   Localization of settings is not performed3. STYLES   CF7 AntiSpam styles are not loadedDETAILED ANALYSIS OF THE CAUSESTHE MAIN REASON: SCRIPTS ARE NOT REGISTERED IN WORDPRESSProofs:PHP has registered CF7A scripts: 0PHP has queued CF7A scripts: 0CF7A script elements in DOM: 0The CF7 anti-spam plugin does not call wp_register_script() for its JS filesThe plugin does not call wp_enqueue_script() to add scripts to the queue.WordPress knows nothing about plugin scriptsSECONDARY CAUSE: THERE IS NO LOCALIZATION OF SETTINGSProofreading:cf7a_settings: NOT INSTALLEDThere is no wp_localize_script() call to transfer settings from PHP to JSTECHNICAL ANALYSISPROBLEM STRUCTURE:phpCORRECT FLOW (missing):wp_register_script('cf7a-script', $url, $deps, $ver); // ❌ NOT CALLEDwp_enqueue_script('cf7a-script');                      // ❌ wp_localize_script IS NOT CALLED('cf7a-script', 'cf7a_settings', $data); // ❌ NOT CALLEDRESULT:Scripts are not loaded into the browser.The settings are not transmitted in JavaScriptAnti-spam functionality does not workPOTENTIAL CAUSES OF FAILURE:An error in the main plugin file (cf7-antispam.php )Script loading conditions are not metPriority conflict of hooks (wp_enqueue_scripts is called too early/late)PHP errors in the plugin code that interrupt executionFINAL ANALYSIS OF THE PROBLEM:ROOT CAUSE:File build/script.asset.php it contains an empty array of dependencies, although the CF7 AntiSpam script requires:jQuery - for basic functionalityof contact-form-7 - for integration with CF7 formsWHY THIS HAPPENS:The plugin uses Webpack or another build systemThe dependencies were not correctly identified during the build.As a result, the script is registered without dependencies.WordPress does not download the necessary libraries before the CF7A script.CF7A SUCCESS DIAGNOSTIC: === BUILD ISSUE RESOLVED === Problem: Empty dependencies array in script.asset.php Solution: Manually added dependencies: jQuery, Contact Form 7 Script loaded: true Settings defined: true Dependencies loaded:  - jQuery: false  - CF7: true === CF7A SIMPLE DIAGNOSTIC === DOM Ready: interactive CF7A Scripts found: 1   Script 1: script.js?ver=1829dacfa96318b4e905 CF7A Settings: DEFINED   Prefix: _cf7a_   Version: 1829dacfa96318b4e905 jQuery: LOADED CF7: LOADED CF7 Forms: 1   Form 1 CF7A fields: 1 === CF7A DELAYED CHECK === CF7A Settings (delayed): DEFINED jQuery (delayed): LOADED DOMContentLoadedThe problem b8 (fixed via the admin panel)b8\b8::classify(): Implicitly marking parameter $text as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 125b8\b8::learn(): Implicitly marking parameter $text as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 328b8\b8::learn(): Implicitly marking parameter $category as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 328b8\b8::unlearn(): Implicitly marking parameter $text as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 349b8\b8::unlearn(): Implicitly marking parameter $category as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 349b8\lexer\standard::add_token(): Implicitly marking parameter $word_to_remove as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/lexer/standard.php on line 168[12-Nov-2025 05:32:48 UTC] 🔄 CF7A FALLBACK: Script not loaded by main fix, loading in footer[12-Nov-2025 05:32:48 UTC] ✅ CF7A FALLBACK: Script loaded directly in footer[12-Nov-2025 05:32:48 UTC] === CF7A IP DEBUG ===[12-Nov-2025 05:32:48 UTC] REMOTE_ADDR: XX.XX.XXX.XXX[12-Nov-2025 05:32:48 UTC] HTTP_X_FORWARDED_FOR: NOT SET[12-Nov-2025 05:32:48 UTC] HTTP_X_REAL_IP: NOT SET[12-Nov-2025 05:32:48 UTC] HTTP_CLIENT_IP: NOT SET[12-Nov-2025 05:32:48 UTC] CF7A Detected IP: XX.XX.XXX.XXXCF7A HIDDEN FIELDS DEBUG: CF7 Forms found: 1 Form 1: CF7A hidden fields: 1 _cf7a_processed: HAS VALUE Value: 1... ❌ Address field not found in form[12-Nov-2025 06:04:02 UTC] === CF7A POSTED DATA FILTER ===[12-Nov-2025 06:04:02 UTC] Checking address field in posted data: _cf7a_address[12-Nov-2025 06:04:02 UTC] ❌ CF7A IP FIX (posted_data): Address field is empty[12-Nov-2025 06:04:02 UTC] CF7A IP FIX (posted_data): Real IP = XX.XX.XXX.XXX[12-Nov-2025 06:04:02 UTC] ✅ CF7A IP FIX (posted_data): Added encrypted IP
       ```
   
 *  Plugin Author [Erik](https://wordpress.org/support/users/codekraft/)
 * (@codekraft)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18716658)
 * Hi [@lemurnick](https://wordpress.org/support/users/lemurnick/),
 * Thank you very much for taking the time to provide such a detailed analysis and
   for sharing the extensive logs. This level of detail is genuinely helpful for
   debugging.
 * I need to address a couple of technical points regarding your findings:1. Script
   Dependencies in `script.asset.php`
 * You correctly pointed out the empty dependencies array: `'dependencies' => array()`.
 * However, this array being empty is **intentional and correct for this plugin**.
    - The file is autogenerated by WordPress’s build tools (like `wp-scripts`) based
      on the `import` statements in the script.
    - **CF7 AntiSpam is written in plain ECMAscript and has NO dependencies on jQuery
      or Contact Form 7’s core JS.** I personally aim to avoid loading jQuery on
      the frontend for anti-spam purposes, as it introduces unnecessary weight.
    - An empty dependency array means the script does not require any other script
      to function. If jQuery or CF7 were required, they would appear here.
 * Your manual fix to add these dependencies forced the script to load, but it indicates
   the original issue was likely deeper than just the dependency array itself.2.
   WordPress Environment and PHP 8.4
 * You are using **PHP 8.4**, which is currently only in **beta support** for WordPress
   and many of its plugins. This is a very slippery slope and is likely the source
   of instability, particularly with the B8 library errors you mentioned (like the
   implicit nullable type deprecation warnings).
 * The most telling sign from your advanced analysis is in the Environment Check:
    - `DOM Ready: loading`
    - `wp.domReady: MISSING`
 * This indicates that something on your site is **blocking or severely delaying
   the DOM from completing its load**, and is preventing the standard WordPress 
   and theme scripts (like those setting up `wp.domReady`) from running correctly.
   This is usually due to a **critical JavaScript error** from another source that
   halts execution across the entire page.
 * If the DOM is stuck in a `loading` state, my plugin’s script—which requires the
   DOM to be ready to inject fields—will inevitably fail to execute its logic properly,
   regardless of how it’s enqueued.Next Steps
    1. I am currently working to **recreate your specific environment (Apache 2.4 +
       PHP 8.4 + WP 6.8.3)** to debug the B8 filter and general stability with PHP 
       8.4.
    2. In the meantime, I strongly urge you to **open your browser console** (Developer
       Tools) and **look for any JavaScript errors** that appear when the page loads.
       I suspect you will find errors from a source other than CF7 AntiSpam, and those
       errors are the root cause of the “DOM Ready: loading” state and the subsequent
       failure of many client-side scripts, including mine, to execute.
 * Thank you again for the detailed report; I will let you know once I have found
   something on my end.
 *  Thread Starter [lemurnick](https://wordpress.org/support/users/lemurnick/)
 * (@lemurnick)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18716681)
 * I checked for JavaScript errors and others that occur when loading the page through
   the browser console (developer tools) first of all and monitored them constantly
   during tests (network, cache disabled) – zero errors. If there were mistakes,
   it would probably be easier to determine the cause.
 *  Plugin Author [Erik](https://wordpress.org/support/users/codekraft/)
 * (@codekraft)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18717882)
 * [@lemurnick](https://wordpress.org/support/users/lemurnick/), 
   I have tried various
   methods and environments, but I am unable to identify your problem, which I believe
   is related to a conflict with some plugin at this point. You can see the blueprint
   of the plugin running nicely with php 8.4 with cf7 and flamingo without any errors(
   obviously it does not send emails, but the frontend js works).
 * Could you tell me which plugins you have installed on your website? This could
   help me understand the problem. Thank you again for your cooperation.
 *  Thread Starter [lemurnick](https://wordpress.org/support/users/lemurnick/)
 * (@lemurnick)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18718216)
 *     ```wp-block-code
       All in One SEOAsset CleanUp: Page Speed BoosterAsync JavaScriptAutoptimizeCode SnippetsContact Form 7Deep CoreElementorEmail Encoder - Protect Email AddressesFlamingoHead & Footer CodeImageMagick EngineObject Cache 4 everyoneReCrawlerSmart Custom 404 Error PageUpdraftPlus - Backup/RestoreWP CrontrolWP Super CacheWP-Optimize
       ```
   
 * My plugins. If I can’t find the problem, it’s not a big deal. I’ll be checking
   this thread, and if there’s any news, I’ll install the plugin and test it for
   you.
 *  Plugin Author [Erik](https://wordpress.org/support/users/codekraft/)
 * (@codekraft)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18718518)
 * Hi [@lemurnick](https://wordpress.org/support/users/lemurnick/),
   I’ve been investigating
   the root cause and I believe your problem, where the hidden fields are not being
   added, leading to the `no_ip: Address field empty` error, is related to a PHP
   hook not executing correctly on your site. This hook is responsible for adding
   the hidden fields to every form.
 * I suspect you might be experiencing the exact same issue as this user (last message
   of the thread): [https://wordpress.org/support/topic/form-no-longer-works-2/](https://wordpress.org/support/topic/form-no-longer-works-2/)
 * Regarding your suggestions, I want to say that I take your input as good ideas
   for incoming improvements:
    - Caching Check: The `_cf7a_version` field, which currently helps verify spam,
      could certainly be used to check if the version displayed to users is cached.
      If a version mismatch is detected, we could detect it and ask the administrator(
      via mail) to refresh the website cache.
    - Update default options: I plan to activate only the most stable and “critical”
      checks by default. Users can then choose to activate higher protection levels
      if needed enabling, for example, advanced js fingerprinting only if needed.
 * I was also working in parallel on another free plugin that allows using an external
   SMTP service for sending emails with Contact Form 7. In that plugin, I added 
   a hook that CF7 AntiSpam will also use to send you a daily/weekly spam report.
 * All these improvements (like others published in v0.7.x) were aimed at increasing
   stability and reliability. I sincerely apologize for the trouble you have experienced.
   Your detailed feedback is invaluable in making the plugin more robust for all
   users. I will keep you posted on any developments.
 *  Plugin Author [Erik](https://wordpress.org/support/users/codekraft/)
 * (@codekraft)
 * [5 months ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18718803)
 * I figured out where the issue lies… [this feature](http://I figured out where the problem was. The fault lies with this feature, which was actually introduced in version 0.7.0 and is used to avoid loading all the frontend hooks if there is not at least one Contact Form 7 form on the page.),
   which was actually introduced in version 0.7.0 and used to avoid loading [all the frontend hooks](https://github.com/wp-blocks/cf7-antispam/blob/4ee0f83464692e591f2b46c5914dbcc94ada308f/core/CF7_AntiSpam_Frontend.php#L65-L67)
   if there is not at least one Contact Form 7 form on the page didn’t fire.
 * And that’s why everything is missing, scripts and fields that are created by 
   PHP before the form. I’ll try to find a solution, but as you know, I also have
   to deal with a fix to the system I use for updates.
 *  Thread Starter [lemurnick](https://wordpress.org/support/users/lemurnick/)
 * (@lemurnick)
 * [4 months, 2 weeks ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18733177)
 * Ciao, Signore Erik.
   Grazie mille per il lavoro svolto sulle correzioni.I noticed
   the plugin had been updated to version 0.7.2 and tested it.With the “Optimize
   scripts loading” checkbox unchecked, everything works correctly, and no errors
   occur.
 *  Plugin Author [Erik](https://wordpress.org/support/users/codekraft/)
 * (@codekraft)
 * [4 months, 2 weeks ago](https://wordpress.org/support/topic/broken-plugin-82/#post-18733718)
 * Grazie mille a te [@lemurnick](https://wordpress.org/support/users/lemurnick/)
   🙂
 * I tried to implement some of the things we discussed, for example, if I find 
   that the contact form page is cached (using the cf7a version field), after a 
   few failed emails the plugin sends you an email.
 * Additionally, I have completely reworked the spam filters and now you can hook
   into the chain to add and remove filters, including add your own custom ones (
   examples here [https://modul-r.codekraft.it/2025/11/developer-guide-customizing-cf7-antispam-filters/](https://modul-r.codekraft.it/2025/11/developer-guide-customizing-cf7-antispam-filters/)).
   
   Also other minor changes for example a better debug section with the current 
   website installed plugin list and some info about the system, I hope everything
   is working fine now. But if that’s not the case, please open a support thread
   and usually I’ll try to fix it quickly. I try to keep the plugin up to date, 
   but sometimes some changes have “unpredictable” effects on some installations,
   even though I try to test the plugin in every way possible.Erik
 * PS. FYI, I discovered another bug affecting 0.7.1 (fixed in 0.7.2), about encrypted
   fields ([this)](https://wordpress.org/support/topic/false-positive-because-of-address-field-empty-b8-0-95-in-0-7-1/#post-18732769).
   Anyhow I believe it wasn’t your case.

Viewing 15 replies - 1 through 15 (of 17 total)

1 [2](https://wordpress.org/support/topic/broken-plugin-82/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/broken-plugin-82/page/2/?output_format=md)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fbroken-plugin-82%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this review.

 * ![](https://ps.w.org/cf7-antispam/assets/icon.svg?rev=2536700)
 * [AntiSpam for Contact Form 7](https://wordpress.org/plugins/cf7-antispam/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/cf7-antispam/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/cf7-antispam/)
 * [Active Topics](https://wordpress.org/support/plugin/cf7-antispam/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/cf7-antispam/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/cf7-antispam/reviews/)

 * 17 replies
 * 2 participants
 * Last reply from: [Erik](https://wordpress.org/support/users/codekraft/)
 * Last activity: [4 months, 2 weeks ago](https://wordpress.org/support/topic/broken-plugin-82/page/2/#post-18736970)