Ryan

Love to hear it! Thx!

Hi Mike, nope, the Honeypot plugin doesn’t create any folders outside its own. Very odd that you cannot delete the folder. Perhaps your server/hosting is running some sort of backup software that creates these types of folders?

Tested with 5.9.1, working fine. I’ve updated the plugin’s readme to reflect.

H @thedyke – apologies for the slow reply. Honeypot doesn’t change anything in relation to WordPress’ internal template hierarchy or redirection — it simply checks a value and returns a Boolean value to the Contact Form 7 plugin. I wonder if maybe there is another conflict, but it isn’t obvious unless Honeypot is installed for some reason.

Hi @joycegrace – apologies for the slow reply. No it is not for Woocommerce forms. Only CF7 forms.

Hi @wjh – I just checked your site and it looks like you’re using a different form plugin? Maybe you changed since you posted?

There aren’t any issues with LiteSpeed that I’m aware of and all the logic for the plugin is standard CF7 stuff. Just to confirm, the forms were sending but in Flamingo you can see the fields are filled in?

Hi Fabio, did you try any of the more advanced options? Enabling time-check would be the first thing I’d try. Also try making the honeypot more appealing to bots can work, and I’ve heard people have had success with adding multiple honeypot fields.

Hi, sorry about the delay — Happy Holidays. “YourWebsite” in this case is just the name you’re giving to the field. This is what bots will “see” and try to fill in. “YourWebsite” might be too abstract though. You could just try “website” or “email” or something like that.

This plugin is specifically for CF7, so there are no plans to expand it to the wider WP/Woocommerce forms.

Hi Thomas, I replied on the Nocean website, but only just saw this. Yes, you can absolutely add two fields, they just require different names. Great suggestion adding that to the FAQ, which I’ve just done.

Hi @reinsle – is this showing a regular Flamingo submission, or one that was in the “spam” tab?

If the regular, this is expected behaviour, as the honeypot field should be empty, unless it’s a spammer.

If this is in the spam tab, check the right-hand side Status box. There is a field there called Spam Log. It is possible (even likely) that the Time Check is what caught the spammer, and not the honeypot field — in which case, the honeypot field would be blank, but the Spam Log will say “Spam log: Honeypot detected form submitted too fast (X seconds). Field ID = XXXXXX”

Caching would likely be a problem with the time check, as the time is set (as a field) when the form loads, and then is checked when the form is submitted. If the form is cached, that value will always be quite old, and thus could register as a false negative (i.e. let bot submissions through).

It is on my dev roadmap to switch this value to a session value, but this would also have problems with caching, as session values wouldn’t be set on a cached page.

It could be stored using Javascript, but would be easily circumvented by bots not using javascript.

It’s a tough use case to solve for, but I definitely agree, using with caching on the page is pretty essential. I’ll keep working on a solution.

Hi @spookd – the field itself shouldn’t show visibly on the front end, but are you seeing it when you inspect the HTML of the form?

Also, I recommend installing the Flamingo plugin and making sure “Store Honeypot Value” is checked in the Honeypot settings (Contact->Honeypot in the admin). This will give you a better sense of what is getting caught and what isn’t.

From there try enabling Time Check (also on the Honeypot settings page) and see if that helps.

Hi @thomasjarvisdesign – the honeypot doesn’t use any JS, and it’s core mechanics are all quite quick. I haven’t done any specific load or stress tests with it, but I would be surprised if it added any load time at all to a page with a form on it.

Hi @tomgardner – I just tested the “Time Check” setting using the 60 second value you mentioned and it stopped the sending of the message as expected.

The reviews section isn’t really the right place to address support/bug issues. That’s better handled in the Support form where an issue can be set as resolved once fixed and is more likely to be seen by others who experience a similar problem.

That said, are you sure that you completely refreshed your browser tab that has the form in it after changing the Time Check setting? The time check (currently) uses a field in the HTML and if the page wasn’t properly refreshed you might see the result you’re seeing. I would recommend trying again with a completely fresh (un-cached) loading of the form page.