Support » Plugin: Contact Form 7 » Google ReCaptcha v3 & Contact Form 7 – Not Working – Inundated with Spam

  • Resolved wpwd2016

    (@mwarbinek)


    Just the same as the others, no sooner when I switched to v3 Google recaptcha, my websites started getting spam.

    WordPress Comment Blacklist
    As I understand Contact Form 7 uses WordPress Discussion settings (Settings > Discussion – Comment Blacklist) to filter out/block spam.

    Blocking IP’s
    I have entered IP’s, keywords and phrases in the Comment Blacklist, but spam is still getting through.

    Since hackers and spammers do not use their real IP’s, instead they proxy through hundreds of different servers, so blocking IP’s can include a lot of work on our side. Some help from WordPress is here when using the Comment Blacklist,

    https://codex.wordpress.org/Combating_Comment_Spam/Denying_Access

    Unfortunately, for the non-tech types using Form 7 will have a tough time working with this issue despite any work-arounds on the Internet simply because they have a tough time working the coding and other technical aspects of website security.

    Spam Email Text
    Also the narrative in spam emails use hundreds of text variations. Spammers don’t care about grammar or proper English, so their imagination goes wild here. Blocking this way is actually very poor and very time consuming on us and certainly only partially successful at best.

    V2 Captcha
    The older version that uses a visible badge below the contact form was best. When using it not once have I got spam and contact message still got through.

    Rolling Form 7 back
    If that is possible (I have not looked into that yet), then use the visible badge type of v2 reCaptcha not the invisible one. I have found many complaints on the Internet about the problems with the invisible version. There are failures of the visible version too on Google search, but in my direct experience, the visible version using a badge worked great.

    Contact Form 7 needs to change
    Sorry to say, but this v3 is not working well and this is a common issue on the Internet when researching it. Contact Form 7 is not the only one suffering this, other online forms are also suffering spam getting through.

    v2 recaptcha seemed to work well, and Google still supports it, so maybe go back to this version until a better solution is found.

    • This topic was modified 3 months ago by  wpwd2016. Reason: more info
Viewing 15 replies - 1 through 15 (of 91 total)
  • I experienced the same.

    I had left the [recaptcha] tag in place but have since removed it.

    On this page, it says, “If [recaptcha] form-tags are found in a form template, Contact Form 7 5.1 or higher ignores them and replaces them with an empty string.”.

    I don’t know what this means but I wonder if leaving it in place renders it useless.

    wpwd2016

    (@mwarbinek)

    @pmycroft

    An empty string output to the page means it results in nothing and does nothing to the form and to the page. It has no value.

    It is the same result of the HTML tags <div></div> on a page, nothing is seen and does nothing. Something has to go between the tags for something to occur. Same with an empty string which looks like this (' '); it has nothing in it and the result is Null (means nothing).

    It is also why you see the [recaptcha] printed on the page, since nothing is accepting the short-code it renders as basic text.

    • This reply was modified 3 months ago by  wpwd2016. Reason: more info

    We have verified this fix works:

    change line ~112 of wp-content/plugins/contact-form-7/modules/recaptcha.php

    from: return $spam;
    to: return true;

    Please note that the next plugin update will overwrite this. I suspect that is acceptable because it will probably be the fix.

    If you revert back, you will need to regenerate the V2 keys and apply them. There are other threads in the forum that address reversion.

    Thanks Andy Locascioa.

    I have implemented this fix.

    Fingers crossed.

    wpwd2016

    (@mwarbinek)

    @ajtruckle

    I have learned that on posting forums as this one, posts get buried very quickly, so by telling us to read other posts to find a free plugin that uses v2 becomes a fruitless venture, very quickly.

    Can you provide a link to this information please?

    ajtruckle

    (@ajtruckle)

    @locascioa I did not mean swap out CF7 at all.

    There is a plugin for the recatchpa v2 that can work with cf7.

    You remove the v3 keys in cf7 and install this plugin. You apply the keys and then change your cf7 form to use its recatchpa shortcode instead.

    All back to normal with cf7.

    Andy

    ajtruckle

    (@ajtruckle)

    wpwd2016

    (@mwarbinek)

    @ajtruckle

    Thanks for the link 🙂

    What I suggest is the following,

    1. Use the PHP modification as suggested by @locascioa above for line 112 in recaptcha.php
    2. Use the “Comment Blacklist” feature of WordPress found in “Settings > Discussions”, and refer to https://codex.wordpress.org/Combating_Comment_Spam/Denying_Access for more refined use of the feature.

    When combining the above, that may hopefully put a block against spam.

    Stay or Not Stay with CF7?
    I vote to stay instead of jumping around to other plugins. CF7 has been reliable and it provides recaptcha with a complete form for free compared to other form plugins that want you to pay for it.

    Over time, as I develop websites for clients, nothing is permanent and certainly never always 100% successful. Changing to something else is when it is necessary and in this case, it is not yet necessary, albeit an annoyance.

    For those who are not technical as some of us, they may vote to move to something else, but be aware, other plugins that are not yet established and the developer’s reputation not known, even with low end user numbers, you could be getting into more problems than just annoying spam.

    Thanks for others posting here
    Your posts have helped, even me. 🙂

    • This reply was modified 3 months ago by  wpwd2016. Reason: more info
    Tim Derouin

    (@tderouindesign)

    But using https://wordpress.org/plugins/advanced-nocaptcha-recaptcha/ isn’t moving from CF7. It simply replaces the reCaptcha integration in CF7. Isn’t that the simplest option?

    wpwd2016

    (@mwarbinek)

    @tderouindesign

    Yes, but other factors have to be taken into account, and for some websites, they are important as page speed & compatibility issues.

    Too many plugins can cause performance issues. For a website with a few plugins, adding another to work with CF7 is fine so long as it does not negatively impact page speed loads which is already a factor if CF7 scripts have to load to every page, even when there is no CF7 form on them.

    Compatibility between the recaptcha plugin suggested and CF7 and other plugins. Time will tell if all works fine on any one site.

    So, depending on the website setup, it may not always be simple. Let us know if all works on your site.

    We have verified that this works. It appears to be the simplest option at this time.

    wpwd2016

    (@mwarbinek)

    @locascioa

    Appreciate the confirmation, but unfortunately, it is not working with CF7 5.1 and the theme developer for “recaptcha v2” has not updated his plugin for WordPress 5.1 yet since 4 months now. Kinda wonder about this developer since WordPress 5.1 was a huge update that he was not on top of it to ensure his plugin was compatible.

    Forced to use v3 recaptcha
    This link here,
    https://wordpress.org/support/topic/will-cf7-version-5-1-work-with-recaptcha-v2/

    It was said that since CF7 5.1, we cannot use v2 reCaptcha, even with the “recaptcha v2” plugin, we have to use v3 recaptcha. So that plugin has not worked, at least for me using v2, and v3 is already invisible so I have no idea if it is working until a few days of waiting for spam.

    • This reply was modified 3 months ago by  wpwd2016. Reason: more info
    • This reply was modified 3 months ago by  wpwd2016. Reason: more info
    • This reply was modified 3 months ago by  wpwd2016. Reason: grammar fix
    intowernet

    (@intowernet)

    I just went in and added reCAPTCHA ver3 including getting API keys to 150 websites only to find out now that it is not working. If there is a Contact Form 7 update that can fix this please do it quickly.

    wpwd2016

    (@mwarbinek)

    @intowernet

    Unfortunately, this is a manual fix.

    @locascioa gave the following fix info:

    Go to the CF7 PHP file here: wp-content/plugins/contact-form-7/modules/recaptcha.php
    Go to line 112
    Find the following,

    return $spam;

    Change it to:

    return true;

    It seems to work, I have done it and the spam has stopped. I tested my contact form and it does send the messages.

    Math Captcha Plugin
    The other option is to install the plugin named, “Math Captcha”. It adds a simple math test question to CF7 and to other common forms in WordPress. I have used that on a clients site that has no Google account and it works well too. The downside is the red #1 icon will constantly show for CF7 “Integration” menu item since this CF7 add-on does not use Google keys.

    • This reply was modified 3 months ago by  wpwd2016. Reason: More Info
    • This reply was modified 3 months ago by  wpwd2016. Reason: fixed info
    • This reply was modified 3 months ago by  wpwd2016. Reason: grammar fix

    I have tested https://wordpress.org/plugins/advanced-nocaptcha-recaptcha/ with CF7 v5.1 and found it working.
    Disclaimer: I am author of that plugin.

Viewing 15 replies - 1 through 15 (of 91 total)
  • You must be logged in to reply to this topic.