WordPress.org

Support

Support » Plugins and Hacks » [Resolved] Getting spammed a ton lately

[Resolved] Getting spammed a ton lately

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Ryan

    @daobydesign

    I’d start by updating WP and CF7, you’re a few versions behind on both. Next, I’d rename my honeypot fields to something more tantalizing to a bot (ie. “website”, “url”, “email” or something along those lines).

    i renamed it to e.g. “age” and i use it with latest WP and CF7.
    But in deed i got some SpamMails (perhaps filled out by hand) but i guess they are bot replies. (All E-Mails came from ???@gmail.com)
    I think for bots the display:none and visibility:hidden infos are bad.
    Perhaps you can use the text-indent option and define a column height of 1px.
    If i deleted your css rules of display and visibility there is
    a text under the column: “Please leave this field empty”?
    Is this realy good?
    Thanks

    e.g.

    .age-777-wrap input.wpcf7-form-control.wpcf7-text {
        border: medium none !important;
        height: 0;
        margin: -20px 0 !important;
        padding: 0 !important;
        text-indent: -999999px;
    }

    and the advice in <small>Please leave this field empty</small>
    get rid of that.

    Plugin Author Ryan

    @daobydesign

    Hi Guenni007, all good suggestions that for now I cannot implement*.

    You’re right that hidden elements are a flag for bots, and a potential way around a honeypot. The challenge with your CSS proposition is that while common, it’s a hackish way of hiding elements with potential for failure on older browsers as well as the performance issues with forcing a user’s browser to render a box 999999px wide.

    The “please leave this field empty” text is an accessibility feature so that if the field does happen to get displayed (ie., CSS doesn’t load, screen readers, etc.) there are human-readable instructions and the form is still operational.

    On a single site, both of your suggestions are totally viable solutions for stopping spam, but to assure the widest-level of compatibility (currently 82,000+ downloads of this plugin), I need to consider how to best weigh usability/accessibility with spam protection.

    * That said, you’ve got me thinking that maybe I should variable-ize some of these things and thus allow the user to adjust via the form creator interface if they’d like. Look for these features in v1.7. Until then, you might want to look into the Altering the Honeypot Output HTML section on the Installation tab.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Resolved] Getting spammed a ton lately’ is closed to new replies.