Spam gateway – do not use "as-is"

The plugin includes recaptcha support….

The recaptcha does nothing whatsoever to mitigate the problem. CCF is still a Spam gateway.

Sadly even with version 5.1.0.3 I can still route spam through anyone else’s Custom Contact Forms. No login required.

I added the reCaptcha keys but there is no option in the dropdown to add the reCaptcha. All I get is the poor “captcha” option.

The Google reCaptcha doesn’t work because there is no entry in the wp_customcontactforms_fields SQL table for it. So no it doesn’t have “reCaptcha” but only a simple “captcha” which all spam bots can get around.

The captcha, recaptcha, whatever is completely irrelevant. The HTML code that is generated by the form makes it trivial for a third party to send email through your mailer. This completely bypasses the validation.

Want an example? Let me know your WordPress contact page and an (obfuscated) target email address I should hit, and I’ll demonstrate.

Sigh.

@roaima: I completely believe you. No worries. I’ve already looked at the code and can see it.

@roaima: I am interesting fixing this problem- globally if I can, or at least locking down an installation if I cannot.

Unfortunately, I do not see a way to email you directly. Please send me your contact info at M8R-im95d4(at)mailinator.com and I will email you back from a proper address for details.