Ryan

You bet! Will add it to the changes for the next version. Thanks for the reminder.

Visibility:hidden yes. My impression from the article was that he was talking about <input type="hidden">

We don’t use hidden (can’t see why we would, as that’s not something a bot would typically fill in anyway), but the use for display:none is to make it a bit more compliant/useful for accessibility reasons. It may be worth considering changing the default CSS though to using absolute positioning and 0 height/opacity.

You can actual test this out at anytime, as you can customize the CSS in anyway you see fit using simple WP filters. Here’s some sample recipes. The second filter is the one you’d want to change CSS.

The only thing I can think to do would be to maybe change the name (wpcf7-999) to something with “email” in it as well. I think the field name attribute is at least as tasty to spam bots as the ID and classes are.

I’d love to hunt down a repository of the types of spam bots that put out this type of spam and reverse engineer them to understand how they work/learn.

Great tips @jpnl. Let us know how it goes. Your suggestions are pretty much what I would recommend as well — changing up the ID as well as the field name (as the fieldname can help bots figure out what they should fill out, and thus work to trick them with the honeypot).

I like the IP address suggestion.

My guess is that for some reason Safari is auto-completing the honeypot field for some reason. I would load the page in Safari, inspect the form in your browser and see if the value property has a value.

There is a checkbox for disabling this when you generate the honeypot shortcode in the CF7 form editor.

Hey, I’ve added this to be considered more deeply in the next version of the plugin, but I don’t currently have an ETA on when that will happen.

Until then, with a little bit of coding know-how, you can achieve this using the filtering that is in place for the whole HTML output. Read more here: ALTERING THE HONEYPOT OUTPUT HTML [ADVANCED], with code samples here.

Hi @siinex, very glad you got it working, though not sure why there would be a conflict between the Honeypot plugin and KingComposer-Layout. Do you have any idea what might have happened?

I don’t know of any known issues, but maybe try submitting (with a value filled for the honeypot) with Contact Form DB and/or Flamingo disabled and see — as those would be the only two I can see in your list that might be changing how things get sent/validated.

If you’re able to upgrade WordPress and CF7, that would also be the best course of action. There was a recent thread about issues with using the latest CF7 Honeypot and older versions of WordPress and CF7. If you can’t upgrade, I would downgrade the CF7 Honeypot plugin to version 1.12 or 1.11.

Hi @vptsar, I looked at the page and ran some tests. I am also seeing the form being sent despite the honeypot field. I’m really not sure what could be causing this. I’ve tested on another site, and cannot replicate the problem. Some things to check:

1) Are you using the latest versions of both Contact Form 7 (5.1.1) and CF7 Honeypot (1.14)?

2) Do you have any plugins that might be disrupting the validation process for the form?

3) Do you only have “Your message was sent successfully. Thanks.” set for the “success” message in the “Messages” tab?

-RM

Hi, adding those styles is an essential part of how the plugin works. Removing them is not recommended, unless you intend to replace them with other styles that similarly mask/hide the field. The field should not be visible to users.

Check the Installation instructions on how to override that using WordPress filters (in your Functions.php).

Let me know if that’s what you are looking for.

Hi Diana, it looks like you’re using Gravity Forms. This plugin is for Contact Form 7, a different form plugin.

Hi, I’m sorry, I’m not sure what you’re asking exactly. There are no known issues with WP 5.1.1 using the latest versions of CF7 (5.1.1) and CF7 Honeypot (1.14). Can you give more details on what the problem you’re experiencing is?

?? No criticism taken. I think the missing shortcode is due to me removing some legacy code in the latest version. I’ll be sure to make a note to investigate further for the next release.