This form is receiving a lot of spams and I would like some advice on what I can do to prevent it.
I should not use any plugins nor any Captcha.
function innerpages_form($atts, $content = null)
{
session_start();
// Attributes
extract(
shortcode_atts(
array(
'title' => '',
),
$atts
)
);
// Code
//global $wp_session;
return ' <div class="sell-fast-form">
<form action="/sell-now/" method="post" id="myForm">
<h2 style="color:#f15a29">Need To Sell Your House Fast?</h2><br>
<h2>Property Address</h2>
<input type="text" class="Property_Address" name="Property_Address" id="addr" placeholder="Property Address" value="" required >
<h2>Phone</h2>
<input type="text" class="Phone" name="Phone" placeholder="Phone" id="Phone" pattern="^[(]{0,1}[0-9]{3}[)]{0,1}[-\s\.]{0,1}[0-9]{3}[-\s\.]{0,1}[0-9]{4}$" required title="xxx-xxx-xxxx" >
<h2>Email</h2>
<input type="Email" class="Email" name="Email" placeholder="Email" id="Email" value="" required >
<input style="display:none;" type="text" name="robots" value="" />
<input type="submit" class="click_here" onsubmit="return myFunction();" value=" GET MY FAIR CASH OFFER >>>"/>
<script>
function myFunction() {
document.getElementById("myForm").submit();
return false;
}
</script>
</form>
</div>
';
}
add_shortcode('innerpages_form', 'innerpages_form');
This form is receiving a lot of spams and I would like some advice on what I can do to prevent it.
I should not use any plugins nor any Captcha.
function innerpages_form($atts, $content = null)
{
session_start();
// Attributes
extract(
shortcode_atts(
array(
'title' => '',
),
$atts
)
);
// Code
//global $wp_session;
return ' <div class="sell-fast-form">
<form action="/sell-now/" method="post" id="myForm">
<h2 style="color:#f15a29">Need To Sell Your House Fast?</h2><br>
<h2>Property Address</h2>
<input type="text" class="Property_Address" name="Property_Address" id="addr" placeholder="Property Address" value="" required >
<h2>Phone</h2>
<input type="text" class="Phone" name="Phone" placeholder="Phone" id="Phone" pattern="^[(]{0,1}[0-9]{3}[)]{0,1}[-\s\.]{0,1}[0-9]{3}[-\s\.]{0,1}[0-9]{4}$" required title="xxx-xxx-xxxx" >
<h2>Email</h2>
<input type="Email" class="Email" name="Email" placeholder="Email" id="Email" value="" required >
<input style="display:none;" type="text" name="robots" value="" />
<input type="submit" class="click_here" onsubmit="return myFunction();" value=" GET MY FAIR CASH OFFER >>>"/>
<script>
function myFunction() {
document.getElementById("myForm").submit();
return false;
}
</script>
</form>
</div>
';
}
add_shortcode('innerpages_form', 'innerpages_form');
Share
Improve this question
asked Aug 13, 2019 at 2:10
stemonstemon
1551 silver badge8 bronze badges
1 Answer
Reset to default 1I've been studying (and blocking) automated form spam for years. Most advice relates to hidden fields, CSS tricks, 'stupid' questions ("what is 1+3"), and others.
And the reason that those tricks (and others) don't work with automated spam bots is that they don't 'see' your form, they just post to it. They scrape the form, grab the form fields, and use automated techniques (like CURL) to post to the form. (I wrote a post about how they do it here:
So, you have to hide things. I've developed a process (free) that obfusticates the submit form, using JS delays (among others), and can implement reCAPTCHA (which is a good start, but not complete). The result is a 'contact' form (which can be modified to add other fields) that has not been successfully attacked by spam-bots. (In fact, I challenge anyone to spam-bot the form on that site, and none have after years of using the technique - which I have improved over the years.)
All of the code is free, and available at my FormSpammerTrap site. I send it to anyone that wants it, and don't use (or keep) the emails of those that request it. I think it is quite successful at blocking automated spam. All the details are on the site.
I welcome automated attacks. Always have. Never get any.