Honeypot failure

  • Resolved thueske

    (@thueske)


    2 years, 4 months ago

    Hello,

    we have problems with the honeypot integrated in Forminator on some of our sites. Sometimes pages with few visitors (under 500 per month) get quite a lot of spam, almost daily. And this even though the honeypot is integrated.

    I suspect that the problem is that bots check for the hidden input field. Another alternative would be something more dynamic, like WP Armour does. They always put a different ID in the input depending on the installation.

    As a workaround I implemented the following code:

    PHP

    function custom_honeypot($submit_errors, $form_id, $field_data_array)
{
    $valid = true;
    if (!empty($_POST['text-1'])) {
        $valid = false;
    }
    if (!$valid) {
        $submit_errors[]['checkbox-1'] = 'SPAM.';
    }

    return $submit_errors;
}

    CSS

    .honeypot {
	display: none;
	width: 0;
	height: 0;
}

    Since the change (1 month ago) the website owner doesn’t get any spam at all.

    Would it be possible to adjust the honeypot a bit directly in Forminator? It would be nice if more people could benefit from it.

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Support Imran – WPMU DEV Support

    (@wpmudev-support9)

    Hello @thueske !

    I hope you’re doing well!

    Interesting solution! I will share your ticket with the Forminator team to check further.

    Regarding the Honeypot feature – yes, some more advanced bots will do some checks and they may be able to work around the protection. Unfortunately, as we’re all aware, there is no way to permanently stop spammers once and for all, but the Honeypot will deal with the simpler bots which are the majority.

    For this reason we suggest adding the Captcha field, especially hCaptcha seems to be working well. Actually hCaptcha seems to be better than reCaptcha now as it seems maybe some bots are also able to solve reCaptcha nowadays.

    I’ll check with the team and we’ll update you here as soon as we hear from them.

    Warm regards,
    Pawel

    Thread Starter thueske

    (@thueske)

    Hey,

    thanks for your answer.

    I understand that not all bots can be filtered. However, the above method works much better than Forminator’s built-in honeypot. Maybe it makes sense to use both variants.

    WP Armour (https://plugins.trac.www.ads-software.com/browser/honeypot/trunk/includes/js/wpa.js#L9) does it similar to me. It works great.

    The captchas integrated in Forminator are out of question for me, because the scripts are loaded from servers in the USA. This is a bit problematic regarding the GDPR.

    Glad to hear from you and hope for an even better honeypot feature.

    Tobias

    Plugin Support Imran – WPMU DEV Support

    (@wpmudev-support9)

    Hello @thueske !

    Got some good news on this – we have plans for improvements along similar lines as you’ve shared actually. I’ve added your suggestion to that task already so the Forminator team will take those into account when preparing the update.

    There’s no ETA for this improvement available, but I can tell you that the priority of the task is high at the moment.

    Best regards,
    Pawel

    Plugin Support Amin – WPMU DEV Support

    (@wpmudev-support2)

    Hello @thueske ,

    We haven’t heard from you for several days now, so it looks like you don’t have more questions for us.

    Feel free to re-open this ticket if needed.

    Kind regards
    Kasia

    @thueske how you implemented this code on forminator?

    Regards

    P.S. Forminator honeypot is very bad and Captcha is a problem in UE for GDPR, I hope Forminator pay more attention to this feature because I’ve already migrated many website forms…

    Thread Starter thueske

    (@thueske)

    My provided code should be used within an functions.php of a child theme or a simple custom developed plugin.

    Then give the forms one Input (e.g. text-1 in my code) and add the css class honeypot (or however do you name the class) there.

    Thanks @thueske
    how you trigger function? With a Forminator hook?

    Regards

    • This reply was modified 1 year, 11 months ago by kgmservizi.
    Thread Starter thueske

    (@thueske)

    You only need to load the code above and set the correct css classes.

    Thanks @thueske

    I’ve developed a very simple plugin based on the WPArmour concept, if I have time to improve the fields with a random name I will release it in the directory.

    Regards

    Hi @thueske,

    I’ve released plugin on directory -> Honeypot for Forminator Forms – WordPress plugin | www.ads-software.com
    If you want try and report me your opinion it is a great thing for me.

    Best regards

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Honeypot failure’ is closed to new replies.