Extending functionalities

  • Resolved mg_scr

    (@mgelly)


    1 year, 9 months ago

    Hi, first, well done for this plugin. I would like to say this is the most efficient honeypot I tried so far.

    But I would like to know if you had forseen the possibility of extending parts of your code, from the theme folder for example.
    To explain myself, there is 2 thing we would like to change to add more security in the “la_sentinelle_check_honeypot()” function :

    if ( isset($post_data["$field_name"]) && strlen($post_data["$field_name"]) > 0 ) {

    We want to remove the isset(), because if the field was removed from the form we want it to be considered as spam.

    Secondly we want to change the input’s type of the field “honeypot” (which has to stay empty) to a “text” type with a style=”display:none”. Bots tends to avoid more and more hidden fields and an obfuscated text field is more efficient on this part.

    Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Marcel Pol

    (@mpol)

    Hi, thank you for the feedback.

    Both changes have been added. Mostly I just test with the whole div removed, but removing one input element is a good additional check too.

    I never thought much about using hidden fields or text fields that are invisible, I guess both are fine ?? Did you see anything happen in the wild?
    I only run small websites that haven’t been a manual target, only bots go there.

    Thread Starter mg_scr

    (@mgelly)

    Hi, thank you for the changes.

    About the hidden fields / text field not displayed, we had the issue on some websites with another technology (custom CMS / Symfony). And we saw that some automatic bots were clever enough to ignore type=hidden fields, after changing the system with text field (not displayed for users comfort), we had more success.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Extending functionalities’ is closed to new replies.