Skip Navigation
Buy Now

Home Toolset Professional Support [Resolved] Recaptcha not stopping bulk form attack

[Resolved] Recaptcha not stopping bulk form attack

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Sun Mon Tue Wed Thu Fri Sat
- 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 10:00 – 13:00 -
- 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 14:00 – 18:00 -

Supporter timezone: Asia/Kolkata (GMT+05:30)

This topic contains 2 replies, has 2 voices.

Last updated by Minesh 7 months, 3 weeks ago.

Assisted by: Minesh.

Author
Posts
#2690142

Robert Campbell

Ref my site page
hidden link
I am using the cred_field 'recaptcha' to prevent automated bulk form submissions but it seems to have stopped working.
Code I am using is:
<div class="form-group">[cred_field field='recaptcha' value='' urlparam='' class='form-control' output='bootstrap']</div>
I am now getting large volumes of form submissions which appear to be automated bot submissions.
Is the code above still correct?
Any way to strengthen the protection?
Regards
Robert

#2690207

Robert Campbell

I had to take the cred form out of the page template due to the large number of bot form submissions.
I need to put the form back on as soon as possible but first I need to strengthen the protection against these bots submissions.

The automated form submissions all have similar text e.g.

> From: Enquiry Form <hello@aboutdereham.org>
> Date: 30 March 2024 at 09:20:45 GMT
> To: Hello@aboutdereham.org
> Subject: Enquiry to the About Dereham Partnership
>
> 
>
> You have received a new enquiry. Details follow:-
> RobertBlalt
>
>
> help@registry.godaddy
>
> Hi, I wanted to know your price.

As first steps:
1. Could you tell me if the code I am using:
<div class="form-group">[cred_field field='recaptcha' value='' urlparam='' class='form-control' output='bootstrap']</div>
is still current and correct?
2. Suggestions as to why the cred form has recently become prone to this type of attack (we are getting hundreds of automated form submissions)?
3. What I can do to strengthen the protection against these type of attacks.

Regards
Robert

#2690265

Minesh
Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

Hello. Thank you for contacting the Toolset support.

To strengthen the protection - what if you try to use the "honeypot" plugin this will help you to protect your site from spamming and the thing is that as per the information I see on the following plugins page - there is no extra settings you will have to do for Toolset Forms as its integrated with Toolset Forms:
- https://wordpress.org/plugins/honeypot/

I hope this will help you to resolve your issue.

#2690484

Robert Campbell

Thanks Minesh, I've installed the "WP Armour - Honeypot Anti Spam" plugin and its now working with my contact form after a small update to the plugin by the very helpful plugin author.

Known issues and solutions

Frequently asked support questions

Support tickets archive

Get help from experienced contractors

Meet Toolset support team

Toolset Customer Support Policy

Need to tell us something about the quality of support

How to remove personal information from your database for support