Form submits return as spam for all non logged in users

  • Resolved geoanderson

    (@geoanderson)


    4 years, 11 months ago

    When I am logged into our sites WordPress admin and submit the form it goes through successfully, but if I view it in the same browser, not logged in I also get the spam response and tracking this with Flamingo the reason is always: “Submitted nonce is invalid.”

    Looking more into it, it looks like I only have a nonce field within the form I am submitting when logged in, when not logged in there is no nonce.

    Would someone be able to advise on how I would go about fixing this issue so non logged in users can submit the forms please.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Takayuki Miyoshi

    (@takayukister)

    Where can we see the website in question?

    Thread Starter geoanderson

    (@geoanderson)

    The site is currently in development, but I can share the link and login credentials. Is there a way I can do it privately so it’s not shared here on the forums? Like an email address I can send to?

    Thanks a lot.

    Plugin Author Takayuki Miyoshi

    (@takayukister)

    Welcome to Support Forum — Please Read Before Posting

    Thread Starter geoanderson

    (@geoanderson)

    Apologies @takayukister I should have read that before posting. I worked out what it was in the end, in case it helps others…

    I had the following code in my functions.php:

    add_filter( ‘wpcf7_verify_nonce’, ‘__return_true’ );

    This was added after a pen test on the site suggested that the contact forms should all contain nonce’s to verify as an extra layer of security, however it seems as though this was looking for a nonce to verify on submit even when one didn’t exist for non logged in users.

    Removing this line of code makes the form work.

    Appreciate you quick responses @takayukister and excellent work on the plugin.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Form submits return as spam for all non logged in users’ is closed to new replies.