Plugin Author
Ryan
(@nocean)
Please review the official blog post: https://www.nocean.ca/blog/honeypot-for-contact-form-7-v2-1/
Let me know if you have any questions.
Thank you.
For anyone else looking, here’s that text:
Aside from a couple of minor bug fixes, the main addition in v2.1 is the inclusion of a new (optional, and disabled by default) form submission time check. This new time check records the time when the form is loaded and checks again when the form is submitted. If the form is submitted in under a user-defined number of seconds, the form is rejected as spam. This works on the principle that bot-submitted forms are submitted in a very short period of time (usually 1 or 2 seconds), where as us humans are slow beasts that like to take our time.
The problem is, there is nothing stopping the bot from modifying the values in the source to set the load time to be at the time of submission. Could this be changed to a session variable instead? Bot’s have already worked around this feature.
Plugin Author
Ryan
(@nocean)
@joec002 – Storing it as a session variable is a good idea. I’ll look at implementing that in the next version. Thanks for the suggestion.
