Support » Plugin: Contact Form 7 » Google ReCaptcha v3 & Contact Form 7 – Not Working – Inundated with Spam

  • Resolved wpwd2016

    (@mwarbinek)


    Just the same as the others, no sooner when I switched to v3 Google recaptcha, my websites started getting spam.

    WordPress Comment Blacklist
    As I understand Contact Form 7 uses WordPress Discussion settings (Settings > Discussion – Comment Blacklist) to filter out/block spam.

    Blocking IP’s
    I have entered IP’s, keywords and phrases in the Comment Blacklist, but spam is still getting through.

    Since hackers and spammers do not use their real IP’s, instead they proxy through hundreds of different servers, so blocking IP’s can include a lot of work on our side. Some help from WordPress is here when using the Comment Blacklist,

    https://codex.wordpress.org/Combating_Comment_Spam/Denying_Access

    Unfortunately, for the non-tech types using Form 7 will have a tough time working with this issue despite any work-arounds on the Internet simply because they have a tough time working the coding and other technical aspects of website security.

    Spam Email Text
    Also the narrative in spam emails use hundreds of text variations. Spammers don’t care about grammar or proper English, so their imagination goes wild here. Blocking this way is actually very poor and very time consuming on us and certainly only partially successful at best.

    V2 Captcha
    The older version that uses a visible badge below the contact form was best. When using it not once have I got spam and contact message still got through.

    Rolling Form 7 back
    If that is possible (I have not looked into that yet), then use the visible badge type of v2 reCaptcha not the invisible one. I have found many complaints on the Internet about the problems with the invisible version. There are failures of the visible version too on Google search, but in my direct experience, the visible version using a badge worked great.

    Contact Form 7 needs to change
    Sorry to say, but this v3 is not working well and this is a common issue on the Internet when researching it. Contact Form 7 is not the only one suffering this, other online forms are also suffering spam getting through.

    v2 recaptcha seemed to work well, and Google still supports it, so maybe go back to this version until a better solution is found.

    • This topic was modified 5 months, 1 week ago by  wpwd2016. Reason: more info
Viewing 14 replies - 91 through 104 (of 104 total)
  • or you could have done this much simpler and you just remove the plugin when V3 works again
    Go back to using Google captcha V2 by adding the following plugin “Contact Form 7 – reCaptcha v2” this re-add’s the ability to go back V2 using a toggle option of default or V2 and by re-applying the V2 keys and the reCAPTCHA tag to the form everything starts working again

    I’m getting legitimate submissions identified as spam.

    For example, after I setup v3 keys the owner of the site tested and their submission was identified as spam as they received the default msg. “There was an error trying to send your message. Please try again later.”

    Is there a way to tweak the threshold/score it uses to identify spam?

    @locascioa I believe that your given solution is working for @wpwd2016 but i am not sure because when i went to ~112 in recaptcha.php there is only } but in line number 111 there is a code
    return ! $service->verify( $token );,
    i am not a developer and don’t know what to do, so i search for return $spam;
    it is there on ~99 with

    function wpcf7_recaptcha_verify_response( $spam ) {
    	if ( $spam ) {
    		return $spam;
    	}

    and also on ~105 with this

    $service = WPCF7_RECAPTCHA::get_instance();
    
    	if ( ! $service->is_active() ) {
    		return $spam;
    	}

    now please guide me what to replace on which line???

    Wow…this is a very old thread. More recent versions of the pluign have addressed this. Please make sure you are using the most recent version.

    Don’t use any fixes listed here. They were for a previous version of Contact Form 7 (CF7) and the updates to it have resolved the issue.

    So yes, make sure you are using the newest version of CF7 and the newest version uses only v3 of Google reCaptcha, which says make sure you have a v3 version key from Google for the spam filter to work.

    Latest version of WP and CF7 5.1.1 doesn’t allow any submissions on 2 different landing pages/sites. It categorizes all submissions as spam. I even updated recaptcha.php to set threshold to 0 and it still doesn’t allow any submissions. v3 reCaptcha needs more work.

    Anybody know if the developer plans to release an update to CF7 that allows us to use v2 or v3 so we have a choice?

    KS2 Problema

    (@ks2-problema)

    Recaptcha 3 is slow and less effective. It’s another bad move by Google as that once great company continues its rapid spiral down. The inflexibility and lack of responsiveness of Google in recent years has made them very poor ‘development partners.’

    simonlacey1

    (@simonlacey1)

    Hey mwarbinek,

    My reCaptcha seems to work for 2 days and then it disappears and I have to re enter my site and secret keys. Do you know why this is happening?

    Thanks,
    Simon

    wpwd2016

    (@mwarbinek)

    @simonlacey1

    No, not specifically to your website and circumstances. Could be a lot of things interfering with reCaptcha. Some of these are,

    • A plugin installed on your site
    • The theme you are using
    • Connections between your site and Google servers are intermittent
    • Bad reCaptcha account settings
    • Custom scripts installed on your site (if any) that interfere

    Your Google reCaptcha account will show stats for your v3 install from your site. If there are no results showing since you installed v3 keys to CF7, then redo the v3 keys, delete the old ones and wait again to see any stats results. Id still no results, then there is something blocking the connection between your site and your Google reCaptcha account

    Best Way To Test
    The best way to test these things is create a WordPress test site on the same server your using. This means create a subdirectory to your domain and install a copy of your site there and set it to be invisible to Google bots.

    Example: https://yourdomain.com/wordpress-test-folder/

    There, you can switch themes for a few days, turn off plugins, re-generate new v3 reCaptcha keys (delete old ones in your Google account) and if you are using custom scripts, remove them one by one for each test.

    During testing, for your live site, turn off v3 Integration and use a Math quiz method plugin for CF7 in place of the reCaptcha until you figure out what is interfering with your reCaptcha v3.

    Worst comes to worst, keep the Math quiz one instead or use a reCaptcha v2 plugin for CF7 which requires v2 keys instead.

    Note: There are a lot of complaints about the Google’s v3 reCaptcha across the Internet, not just here and I am beginning to wonder if I should revert back to the v2 reCaptcha myself, even though it appears all works well on my site.

    funsail

    (@funsail)

    Worst thing is you can’t even debug what’s wrong. Just the uselss error msg. But I’m sure it’s not even trying, there’s nothing in recaptcha analytics.

    TropolisGroup

    (@tropolisgroup)

    Does anyone know if CF7 developers plan to support reCaptcha v2 in a future release, i.e. give us the option?

    wpwd2016

    (@mwarbinek)

    @tropolisgroup

    Suggest you create a new post asking that same question and direct it to the plugin developer.

    I am having the same issue with CF7+reCAPTCHA V3: as soon as it went from V2 to V3 nobody can send in any contact forms, as they are all refused for being spam.

    Any update of CF7 I try again: enable V3 keys on my account, send myself a message (multiple websites I manage) and none come through (they are flagged as spam and refused).

    I would really hope CF7 will give the option to use V2 or V3 as this would solve the issue for a lot of CF7 users I imagine.

    Tim Derouin

    (@tderouindesign)

    I am not sure what version of the plugin you are using @fritsje but since May 18th there have been two updates. One included: reCAPTCHA: Introduces the wpcf7_recaptcha_actions and wpcf7_recaptcha_threshold filter hooks.

    I am not sure if that would help with the messages all seen as spam but it is worth trying if you haven’t already.

Viewing 14 replies - 91 through 104 (of 104 total)
  • You must be logged in to reply to this topic.