Menu
Track tasks and feature requests
Join 36 million developers who use GitHub issues to help identify, assign, and keep track of the features and bug fixes your projects need.
Sign up for free See pricing for teams and enterprises Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
commented Mar 1, 2016
This has been working great for a while, across a number of sites. Recently, all WordPress sites using:
Have been marking most form submissions as spam, and therefore not sending. If I empty the blacklist, it works fine. I haven't investigated any further than that yet |
commented Mar 1, 2016
FWIW I think 'youre' should be removed. It's an easy typo for a genuine user to make |
commented Mar 1, 2016
As an experiment, I wiped the blacklist then ran the manual update to repopulate the blacklist. Fails again:
We have 'WP reCaptcha Integration' and 'honeypot' on this form too |
commented Mar 1, 2016
Contact Form 7 Spam Issues
There are far too many variables here to begin determine what the source of the issue might be. My guess is that one of other plugins affecting the submissions is choking (or improperly parsing) some string in the blacklist. The fact that the issue disappears when the blacklist is cleared is a good indicator of this. One thing to try is whittling down the blacklist, adding chunks of it back into the mix, to pinpoint where the failure might be occurring. Also, have you tried disabling Contact Form 7, Honeypot or WP reCaptcha Integration independently to see if one or more of those plugins is at fault? |
commented Mar 1, 2016
Perhaps. But it’s also a very common, deliberate misspelling used by spammers. Let me think about that one. |
commented Mar 2, 2016
My rule would be: if genuine users are likely to type it at some point, it shouldn't be on the list I thought the same about the blacklist trimming and plugin conflicts. Just didn't have time to do that. If I get time I will try. |
commented Mar 2, 2016
Good point. I’ll remove it from the next release.
I may be able to set up a test environment for this. Would you be able to post an example of the type of comment you have been posting? |
commented Mar 2, 2016
Thanks. Here's an example your-subject: A test from eth website conatct form your-message: There are a couple of typos in the subject, but neither are in the blacklist |
commented Mar 2, 2016
![How to remove spam in wordpress contact forms online How to remove spam in wordpress contact forms online](/uploads/1/2/3/7/123701326/122626855.jpg)
ps this exact message failed with the blacklist populated (fresh manual update) and was successful when the blacklist was empty |
commented Mar 2, 2016
Even though my WordPress install doesn’t have the “subject” field for comments (I’m assuming that is part of Contact Form 7, I tested this exact text and the comment went through. What email address and URL are you using when you post? The next step is to install those other plugins on my test site and see what happens. |
commented Mar 2, 2016
To duplicate my set up, can you send me a copy of your contact form settings, including the honeypot and recaptcha code? Thanks. |
commented Mar 2, 2016
According to the plugin’s support page, there appear to be plenty of issues with WP-reCaptcha and recent versions of WordPress. My guess is that it’s a combination of something contained in the blacklist and an incompatibility between WP-reCaptcha and the WordPress core. |
referenced this issue Mar 4, 2016
Keyword additions and optimizations — 20160302
commented Mar 22, 2017
I'm still having issues with this blacklist and Contact Form 7. The issue goes away when I clear the blacklist, so to me at least that points to a match. It would be very useful for debugging if the reason (eg specific keyword match) was logged when a comment was marked as spam. Looking through the blacklist, I see many terms that could be false positives. Whilst these could be spammers, IMO there are also reasons why a genuine user/enquirer might use these terms: This is not an exhaustive list |
commented Mar 23, 2017
I cannot find any specific section (terms, words, phrases, or otherwise) in the blacklist which is causing the Contact Form 7 failure. In my opinion, it is a programmatic issue with Contact Form 7 related to parsing a relativity large blacklist. Have you tried posting a question about this issue to the Contact Form 7 support forum? This may be something that they need to investigate independently. As for the terms that could potentially result in false positives, I’ll definitely take a look at these again. You’re right, some of these are probably common enough to warrant removal from the blacklist. How does avast protect sensitive documents. It is a full package for your computer protection and as well as giving you a variety of other tools. |
commented Mar 23, 2017 • edited
edited
Hi @bradydan … I have reviewed your list of potential false positive terms above and removed several of them (along with a few others) from the blacklist. I’m going to closely monitor how this affects the flagging of comments across several of my sites. If I notice any increase in missed spam, I will likely add them back. |
![Form Form](/uploads/1/2/3/7/123701326/427590873.jpg)
![How To Remove Spam In Wordpress Contact Forms How To Remove Spam In Wordpress Contact Forms](/uploads/1/2/3/7/123701326/626679404.jpg)
added a commit that referenced this issue Mar 23, 2017
commented Mar 23, 2017
Thanks @splorp I guess it depends where you draw the line. For me, and for my clients, it is far worse to miss genuine enquiries, than to allow a very occasional spam message to appear. But I am using this in the context of contact form 7 enquiries, where a false positive can mean a lost sale. If you find an increase in spam messages, rather than re-adding the recently removed phrases, I suggest finding alternative patterns that are less likely to be used by genuine users. |
commented Mar 23, 2017
I suppose another option is to have a separate list which is less strict, and allow web admins to choose in the admin screens |
commented Mar 23, 2017
I completely understand your concern. Separate lists are an interesting idea, but they’re not something that I plan on maintaining. The reason I provided the blacklist as an open source project is so people like yourself can fork the master list and create your own custom or simplified set of terms, while still grabbing relevant updates going forward. When I have a bit more time, I’ll try to do some more testing with Contact Form 7. But as I mentioned above, it seems like more of a compatibility issue with their code, than with my static list of terms. |
commented Mar 23, 2017
Thanks, I did consider forking it, and may do just that. I'll also raise the issue with CF7 Thanks for your help |
commented Mar 23, 2017
Please let me know how that goes. Happy to work with them on a solution, if it’s something that can be mitigated. |
commented Mar 24, 2017
FYI I've raised this on the CF7 support here: https://wordpress.org/support/topic/conflict-with-very-long-comment-blacklist/ |
commented Mar 24, 2017
Hey Dan. I’ve added a little bit of background to that support thread regarding my investigation into the issue. |
commented Feb 22, 2019
I have the same problem with C7 but do not use a blacklist plug-in. I've made sure the comments blacklist in Settings>Discussion is empty. The settings in CF7 are correct - uses existing email address on same server. Tried using Easy WP SMTP plugin and any other tweaks mentioned on help sites - I've disabled Aksimet.. Any ideas before I ditch CF7? |
commented Feb 23, 2019
Hmmm … it’s interesting that you’re experiencing an similar issue without the blacklist components. I don’t use CF7 on any of my sites, so I really don’t have any additional suggestions regarding the problem. Also, since the author of CF7 never responded to the support thread posted two nearly years ago, it seems that they don‘t think it’s a problem worth investigating. I wish I had a solution for you. |
commented Feb 26, 2019
Having gone through umpteen fixes from various forums, no. 2 on here worked. https://wordpress.org/support/topic/3-spam-fixes-contact-form-7-v5-1/ |
commented Mar 13, 2019
Thanks for the pointer. |
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
- There are many who do not read the other posts to find the fix, so before too many post the same issue, here are the fixes that work.Use only 1 of these workarounds until the developer fixes the issue.Fix 1
Using CF7 5.1 & Google v3 recapatcha keysGo via FTP or CPanel at your hosting service accessing using their file manager, go to: “/wp-content/plugins/contact-form-7/modules/recaptcha.php”Go to line 112,Find: “return $spam;”
Change it to: “return true;”Save changes.This one worked for me, spam has stopped and messages sent successfully.Fix 2
Remove any v3 Google keys from CF7 Integration and remove the CF7 shortcode[recaptcha]
from the form settings , then save.Install/Activate plugin “Advanced-nocaptcha-recaptcha”Go to settings of this plugin, insert Google v2 reCaptcha keys, choose any of the other settings.Use the plugin’s shortcode –[anr_nocaptcha g-recaptcha-response]
, insert that shortcode into CF7 Form settings where you previously inserted the shortcode for reCaptcha.Save.The brand new model is basically 4X extra sooner then the earlier caught model. Parallels Desktop 14.1.2.45479 Crack & KeygenParallels Desktop 14.1.2.45479 Crack for MAC not too long ago launched by the official data. Parallels desktop 14.1.2-45479 download. The most recent model now permits consumer to extra then 20 GB for a digital machine.Fix 3
Remove any v3 Google keys from CF7 Integration and remove the CF7 shortcode[recaptcha]
from the form settings , then save.Install/Activate Plugin “Math Recpatcha”.Go to the settings for Math ReCaptcha and check “Contact For 7”Go to Contact Form 7 settings and there is a button to insert the Math ReCaptcha.(this math captcha plugin/add-on does not need Google reCaptcha keys and it works)Save.Any one of the above fixes the spam issues and you can still use Contact Form 7 (CF7)- This topic was modified 6 months, 3 weeks ago by wpwd2016. Reason: more info
12…4→
- This may be of help for others,I was able to get Fix 2 to work. A couple of mistakes I made.I installed the Plugin but forgot to remove old plugins.
I put the short code into the form but did not realize the new plug in had settings.
I forgot to remove the keys in the google integration page.Once I went back and carefully read and followed the instructions for Fix2 it worked. My forms are back the way they were and working.Thank you!!!Hi @mwarbinek,Thanks for the post… I have try the fix 1 but did you really know that this stopping spam any more? The true is interpreted as „is human“ in the caller code and so, if no recapture response is coming it’s always a human….?
I have not debug this but it’s look like.And what about the programmer? He not response at any post, or?Thanks, Alexwpwd2016,Thanks for the fix. I used fix 2.Though I have a checkbox now, it is far better than wondering if reCAPTCHA version 3 is working or not.Until I know a definitive way to prove that version 3 is working, I will stick with the checkbox.I know it is lame. But it is far better than risking your site getting slammed with SPAM postings at some unexpected time.Regards,FredI have try the fix 1 but did you really know that this stopping spam any more?I manage 200+ sites with CF7 forms on them. I applied fix 1 to all of them and spam, which was at a level of 2000+ messages a day across all sites disappeared.I have try the fix 1 but did you really know that this stopping spam any more?The function is added as a filter to the “spam” function in submission.php, which expects a true return to mark it as spam.I use fix 1, and also added some <noscript> code to my form to warn those with Javascript disabled that their submission will not work.@bev: Interesting approach. I also considered whether JavaScript being disabled would allow bots to bypass the reCAPTCHA check entirely. I conducted a test and found I *was* able to send a test form with JavaScript disabled.In any event, I like your approach and like the way you think. ?Peace…I cannot get fix 2 to work. The new plugin displays reCAPTCHA on the login page but not on the CF7 form. Opened a support thread at the plugin’s support forum.I had done a fix similar to 2 and was waiting a day to see before to post, thus far it has worked, the difference is that I have used the plugin Invisible recaptcha https://wordpress.org/plugins/invisible-recaptcha/ which uses V3 so nothing to add to the form, just enter the settings.
I have done it on about 12 sites about 24 hours ago and thus far no more spam on any, I have done further site today and see one got one spam thus far, possibly the captcha does not be 100% or possibly hand filled.Another point about fix 1 is that if you use a firewall such as wordfence you will get a modified file warning and when contact form 7 updates you will be overwritten, if the bug is not fixed the issue will be back.@mwarbinek I’m trying fix 1 (aware of the limitations as noted by @oliflorence above) on a site before I roll it out to others, but I did wonder…Is it better just to roll back to CF7 V5 (or whatever the last rcV2 is) and not update for now?Thanks for providing the fixes. I am still hoping the plugin dev willl allow for v2 to be used directly as this would be the simplest solution.@wpwd2016Yes I followed all the steps. My form isWhen I access the form, it does not show reCAPTCHA (it doesn’t show the “[anr_nocaptcha g-recaptcha-response]” string before the send button either). However — that’s weird — when testing the form, after clicking the send button the form displays two error messages:“Please solve Captcha correctly.” <– in red font before the send button, and“Validation errors occurred. Please confirm the fields and submit it again.” <– in yellow frame after the send button.Fix 1 worked for me. Instant relief from hundreds of spams on about thirty websites. Thank you!!!!!!
12…4→