Captcha Free Anti Spam for Contact Form 7 (Simple No-Bot)

Description

Simple No-Bot uses a combination of WordPress nonces and Javascript to verify Contact Form 7 is not being submitted by a spam bot instead of captcha.

We wrote this when clients were reporting hundreds of bogus contact forms were getting past Honeypot, but did not want to add a captcha that would impact conversions.

This lightweight script has been extremely effective for eliminating Contact Form 7 spam messages. It does not pretend to be a complete anti spam solution.

If there is demand we might extend it to work with other forms, including comment forms. Please report any feedback and false negatives/positives on our support form at http://www.lilaeamedia.com/contact/

Support

Please report any feedback and false negatives/positives on our support form at http://www.lilaeamedia.com/contact/

Installation

  1. To install from the Plugins repository:

    • In the WordPress Admin, go to “Plugins > Add New.”
    • Type “simple no-bot” in the “Search” box and click “Search Plugins.”
    • Locate “Simple No-Bot Captcha Alternative for Contact Form 7” in the list and click “Install Now.”
  2. To install manually:

    • Download the IntelliWidget plugin from https://wordpress.org/plugins/simple-no-bot/
    • In the WordPress Admin, go to “Plugins > Add New.”
    • Click the “Upload” link at the top of the page.
    • Browse for the zip file, select and click “Install.”
  3. In the WordPress Admin, go to “Plugins > Installed Plugins.” Locate “Simple No-Bot Captcha Alternative for Contact Form 7” in the list and click “Activate.”

FAQ

How does it work?

The browser automatically generates an arbitrary string based on user input events and passes it to the server via XHR. The server generates a unique token, stores a session in a transient record and returns token to the browser. The browser then injects a new input field to WPCF7 form that contains token and hashed event string. When form is submitted, server compares hashed string to stored event string and rejects form if it does not match or if no corresponding session exists.

The plugin relies on WordPress nonces so there are no guarantees. So far, however, it has been extremely effective.

Does it work without Javascript

No. Contact forms will fail if Javascript is not enabled.

Does it require cookies?

It uses the default WordPress session token validate nonces.

Reviews

21 Верасень, 2017
After I installed this, no test message I tried to send myself would go through. Every attempt was met with the orange-border error message, indicating a spam fail. My comment blacklist was empty, so that couldn't have been the cause. Plus, the same message worked fine after disabling this plugin. Besides, Contact Form 7 added nonce verification in version 3.1, so I guess I shouldn't need this anyway.
9 май, 2017
At some point, honeypot stopped filtering spam on our client sites. We installed this and the bogus emails stopped. Highly recommended. Thanks Lilaea Media!
Read all 3 reviews

Contributors & Developers

“Captcha Free Anti Spam for Contact Form 7 (Simple No-Bot)” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.0.5 Simplified validation
1.0.2 Change wp nonce functions to wpcf7 nonce functions
1.0 Initial release