-
Posts
-
The contact form sends e-mails without content although a number captcha is installed, the privacy policy is not accepted and an additional honeypot is active in the function.php (https://projoomexperts.com/wordpress/honeypot-spam-protection-for-enfold-themes-avia-builder-form/). Is this really a bot ? This is the case with almost every Enfold website I have.
Hey Franz,
Thank you for the inquiry.
You may need to activate Google ReCAPTCHA in order to protect the site from spam or unwanted emails. Unfortunately, the honeypot and the simple captcha field are not completely secure and there are ways to work around them using a script. Activating the Google ReCAPTCHA option should improve the contact form security and lessen spam emails.
Best regards,
IsmaelHello Ismael,
Thank you very much for your answer.
ReCaptcha is out of question because of the EU GDPR.
I will now implement all Enfold installations with the Contact Form 7 and Contact Form 7 Image Captcha plugins and will no longer use or recommend the Enfold internal Contact Form.Regards
Franz
hey ismael,
i got the same problem on all of my pages like franz. empty mails:
“new message (sent with the contact form at companyname)”
the only information is the privacy policy question:
i have read the privacy policy: No
(checkbox, not to be emty)i cant change the enfold contactform with cf7. i have more then 190 installations. and a few pages have a lot of different contactforms. is there a workaround?
greetz ramon
Hi,
@GROSSfanz @volmering Try to install a security plugin first like Sucuri or Wordfence and observe if it helps lessen the spam mails. And again, enabling Google ReCAPTCHA should also help but if it does not meet your privacy requirements, then you might have to replace the default contact form with another. Unfortunately, you will have to replace the contact forms manually.
Best regards,
Ismaelhey ismael, thank you for the information. but i must quote franz:
ReCaptcha is out of question because of the EU GDPR.
im from germany, and when it comes to data protection in the eu, i’m a little nitpicker. if i use google re-captcha, i have to change on ALL my sites the privacy policy and and the borlabs plugin (manually embedding a script)
another point with google apps is, atm the re-captcha is free. example: the google maps where free too….unfortunally i dont have just one site with enfold…..
greetz ramon
Just by chance I wanted to report this behavior today, too.
I’m seeing these empty Enfold contact form emails since more than a year now and I wonder how they can be created.
I myself can’t send the contact form without filling in all the required fields.Is this caused by technical errors when real customers want to send a contact form, or is this caused by bots which do URL hacking or something like that?
Hi,
@volmering: Do you have security plugins in your sites? This should lessen unwanted traffic and hopefully catch spammers.
@audreyweddingsalon: This is probably caused by bots or scripts. Emails sent by real customers or visitors will not be sent without them toggling the privacy policy checkbox manually, so in the email, the privacy policy should be set to true or “yes”.Best regards,
IsmaelHi Ismael
just an info for Enfold users who have the same problem.
This is the content of an empty email I receive from the contact form despite 3 required fields, 1 numbers captcha, 1 checkbox and 1 honeypot.Ich stimme zu, dass meine Angaben und Daten zur Beantwortung meiner Anfrage elektronisch erhoben und gespeichert werden.
Hinweis: Sie können Ihre Einwilligung jederzeit für die Zukunft per E-Mail an (Email address hidden if logged out) <mailto: (Email address hidden if logged out) > widerrufen. Die Datenschutzerklärung <https://www.domain.de/datenschutz/> habe ich zur Kenntnis genommen.: falseGreetings Franz
Hi,
Thank you for your patience.
As you already know, the default contact form only have two security features, the simple captcha and the Google reCAPTCHA, but you can add a honeypot with a plugin if necessary. If all of these security features have been compromised or bypassed for some reason, then the only option is to use a different contact form. However, using a different one does not mean that bots will not continue to target your sites. Eventually, somehow, they will still find a way to work around the scripts and get through the security features.
Best regards,
Ismael
- You must be logged in to reply to this topic.