Support » Plugin: Honeypot for Contact Form 7 » not working

  • Resolved delawaregrad


    I’ve added this to 6 websites that get a lot of spam. This has worked on a couple, but most of them it hasn’t.

    I have a contact form database that collects submissions and the hidden field is actually being completed by the bot – how can that be? What’s confusing me is that the older submissions, before the honeypot field was installed, now has data in them. How is that possible?!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Ryan


    Could the functionality that is collecting submissions be bypassing form validation? Form validation is an internal function of CF7 that confirms the submitted field meets some requirement — i.e. if a field is *required, it makes sure that field has a value or returns a validation error, if the email is not properly formatted, it can return an error… or in the case of a honeypot, if the field has a value, it returns an error.

    I would test this using your form, setup a required field and intentionally submit invalid data and see if sends the form and/or captures it in your database. I would then do the same thing, but add a value to the hidden honeypot field (just use the Inspector to remove the styles that visually hide it) and see if it sends/captures.



    Thanks for the quick response. I tried your suggestion. I have a quiz on the form and am unable to submit the wrong answer. I then removed the styles in the browser for the honeypot field so that I could see the field, added some text to the field, and the form would not submit (which is what should happen). It did NOT send the data to the database and I did not get a notification email (since it didn’t submit). I am using Contact Form 7 to Database Extension (was on WP, but now on GitHub).

    In other words, the honeypot is working fine and there is proper validation on the form, but somehow it’s being submitted – and the data for that field is not only stored in the database, but that ‘honeypot’ field in the database has answers from all previous spam.

    So weird.

    Plugin Author Ryan


    Hi @delawaregrad, just wondering if you ever resolved this. I just released a new version of the plugin that explicitly sets CF7’s “do-not-store” flag, which if plugins respect it means that the Honeypot field should not be stored in the database.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘not working’ is closed to new replies.