Title: jarednel's Replies | WordPress.org --- # jarednel [ ](https://wordpress.org/support/users/jarednel/) * [Profile](https://wordpress.org/support/users/jarednel/) * [Topics Started](https://wordpress.org/support/users/jarednel/topics/) * [Replies Created](https://wordpress.org/support/users/jarednel/replies/) * [Reviews Written](https://wordpress.org/support/users/jarednel/reviews/) * [Topics Replied To](https://wordpress.org/support/users/jarednel/replied-to/) * [Engagements](https://wordpress.org/support/users/jarednel/engagements/) * [Favorites](https://wordpress.org/support/users/jarednel/favorites/) Search replies: ## Forum Replies Created Viewing 5 replies - 1 through 5 (of 5 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Forminator Forms – Contact Form, Payment Form & Custom Form Builder] Major Security Risk with Forminator](https://wordpress.org/support/topic/major-security-risk-with-forminator-2/) * Thread Starter [jarednel](https://wordpress.org/support/users/jarednel/) * (@jarednel) * [4 years, 4 months ago](https://wordpress.org/support/topic/major-security-risk-with-forminator-2/#post-15198428) * Hi Patrick, * I hope you’re well. * Thanks for the info about HTTPS vs HTTP. I’m aware of that particular setting and it’s not a concern for me currently, nor has it anything to do with the particular issue with the contact form. * Yes, I am currently already utilizing security and anti-spam features including reCAPTCHA, Honeypot, and Akismet. This doesn’t change the concern about spammers being able to submit the form while apparently by-passing “required” fields. * Anyway, given the security concerns with Forminator, the lack of any real fix, and the very unprofessional, third-world-standard of support, I’ll be removing Forminator and using a more robust plugin. I should have checked who was behind this plugin. Pity. * Thanks for your time. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Forminator Forms – Contact Form, Payment Form & Custom Form Builder] Major Security Risk with Forminator](https://wordpress.org/support/topic/major-security-risk-with-forminator-2/) * Thread Starter [jarednel](https://wordpress.org/support/users/jarednel/) * (@jarednel) * [4 years, 4 months ago](https://wordpress.org/support/topic/major-security-risk-with-forminator-2/#post-15178189) * Thanks! * When I downloaded the image, it was too small and low quality to read anything on it. Perhaps try a higher resolution? * I also did a quick javascript test. When I disable javascript, the form doesn’t load on the page at all, so that’s not it. I then enabled javascript just to load the form, then disabled it again. The form still worked normally. So that’s not it. * Is form validation in Forminator done with something else like CSS or AJAX or what? * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Forminator Forms – Contact Form, Payment Form & Custom Form Builder] Major Security Risk with Forminator](https://wordpress.org/support/topic/major-security-risk-with-forminator-2/) * Thread Starter [jarednel](https://wordpress.org/support/users/jarednel/) * (@jarednel) * [4 years, 4 months ago](https://wordpress.org/support/topic/major-security-risk-with-forminator-2/#post-15178000) * Thanks for the message. * 1. Nope. All my forms are visible. Some of them are plain forms with no plugin. No spam problems on any of them. * 2. Could you provide a screenshot of the error you’re seeing? I’m on shared hosting with all systems up to date and not seeing that problem. All other plugins work fine. As mentioned, the forms work properly on all the computers I test. The validation and javascript work fine on my end. It seems only the spammers are getting around it. Do you think the Russians are disabling Javascript on their machines and submitting the form? Is that what you mean? * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Forminator Forms – Contact Form, Payment Form & Custom Form Builder] Major Security Risk with Forminator](https://wordpress.org/support/topic/major-security-risk-with-forminator-2/) * Thread Starter [jarednel](https://wordpress.org/support/users/jarednel/) * (@jarednel) * [4 years, 4 months ago](https://wordpress.org/support/topic/major-security-risk-with-forminator-2/#post-15174787) * Hi Pawel, * Thanks for your message. It’s nice to talk to someone with manners and a customer service attitude. I was worried your support department was hacked by rude Russian gangsters! * 1. I’ve used several other form plugins as well as some custom-created forms and NEVER had this problem. The problem only started when I created a form with Forminator. Also, that’s not the only form on my website. I have another form on another page from a different plugin that NEVER gets spam submissions. So far it is ONLY the Forminator form that gets spammed. It’s very suspicious! * 2. I understand that sometimes a bad person might want to post a spam submission, but HOW are they managing to do that without completing all of the *REQUIRED* fields on the form? Is there a bug or vulnerability with Forminator that allows spammers to by-pass the required fields? * Thank you! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[Forminator Forms – Contact Form, Payment Form & Custom Form Builder] Major Security Risk with Forminator](https://wordpress.org/support/topic/major-security-risk-with-forminator-2/) * Thread Starter [jarednel](https://wordpress.org/support/users/jarednel/) * (@jarednel) * [4 years, 4 months ago](https://wordpress.org/support/topic/major-security-risk-with-forminator-2/#post-15174039) * I hit F12, reloaded, got a window with a bunch of code. Not seeing any errors or issues. What should I look for and where? * The page is a basic template with the form embedded. Is the problem with the form or the template or with WordPress itself? * Why does the form function correctly for me as it should with the required fields, and for others that test it, but only seems to malfunction when a Russian somebody manages to submit it and work around the required fields? * The title seems appropriate based on the concerning emails I’m receiving that shouldn’t be possible. Of course, if the issue gets resolved, I’ll amend the title. * Thanks! Viewing 5 replies - 1 through 5 (of 5 total)