One word spam and possible honeypot bug

Resolved Benjamin
(@benjaminvandenberg)

2 weeks, 6 days ago

Hi Erik,

A client has reported a significant amount of spam coming through multiple forms. I’ve checked, and the plugin is up to date.

I performed a test by submitting the form using data from a spam message, including filling in the honeypot. It seems that the honeypot is not working when it is filled in.

Additionally, many spammers are submitting one-word “jibberish” messages, essentially random strings of letters.

Do you have any suggestions on how to address this issue?

As always, thank you very much for your time and for maintaining this plugin.

Kind regards,
Benjamin van den Berg

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author Erik
(@codekraft)

2 weeks, 3 days ago
Hi Benjamin,

It is always a pleasure to hear from you! Thank you so much for your continued support and for taking the time to report this; users like you really help me improve the plugin.

Yes, there is actually a quick way to solve this immediately.

I believe the reason the honeypot seems to “pass” is likely because this specific form has very few text or number inputs (fewer than 3). Currently, the validation logic relies on a cumulative “spam score.” If there are very few fields, the total score might not reach the threshold required to trigger the spam flag.

Here is how to fix it:
1. Adjust the Spam Score: You should adjust the spam test value settings. Try setting it to 0.5 if you have two text inputs, or even 1 if you only have one. As a reminder, an email is flagged as spam if the score is greater than or equal to 1.
2. Filter “Gibberish” (One-word messages): To stop the random one-word strings, we can use a custom filter in your functions.php file. We can set a rule where if the message body contains fewer than X words (e.g., 3 words), it is marked as invalid.
Here is a snippet you can use:
```
// Example logic for your functions.php
add_filter( 'cf7a_spam_check_chain', 'filter_short_messages', 20 );

function filter_short_messages( $spam_data ) {
    // If explicitly whitelisted by previous filters, skip.
    if ( $spam_data['is_whitelisted'] ) {
        return $spam_data;
    }

    // Count words in the message body
    $word_count = str_word_count( $spam_data['message'] );
    
    // If less than 3 words, treat as spam
    if ( $word_count < 3 ) {
        $spam_data['spam_score'] += 5; // Add points to ensure it fails
        $spam_data['is_spam'] = true;  // Flag as spam
        $spam_data['reasons']['short_message'] = "Message too short (less than 3 words).";
    }

    return $spam_data;
}
```
For additional information please refer to: https://modul-r.codekraft.it/2025/11/developer-guide-customizing-cf7-antispam-filters/

I am currently planning to implement a “proportional spam rank” in a future update to handle cases with few inputs automatically, so manual adjustments won’t be necessary down the road.

Let me know if this solves the issue for your client! (and sorry for the late reply)

Best regards, Erik! 🙂
Thread Starter Benjamin
(@benjaminvandenberg)

2 weeks, 1 day ago

Hi Erik,

Thank you so much for your continued support and fast replies in this forum. I really appreciate this. I will check out the solutions you offered and report back to you.

Best wishes for the New Year ahead!

Kind regards, Benjamin

Thread Starter Benjamin
(@benjaminvandenberg)

3 hours ago

Hi Erik,

Sorry for the delay in responding to this ticket.

I managed to solve the problem. Your tips were very helpfull in debugging the problem. Adjusting the spamscore and adding the custom snippet helped a lot!

As always, thank you very much for creating this awesome plugin!

Kind regards,
Benjamin

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.