Wordpress Captcha?

Bed & Breakfast / Short Term Rental Host Forum

Help Support Bed & Breakfast / Short Term Rental Host Forum:

Arks

Well-known member
Joined
May 22, 2010
Messages
6,402
Reaction score
493
For years, for my website Contact form, I've successfully used the Google captcha that requires you to, for example, select every image that contains a traffic light, or whatever.

Starting last week I receive about 30 contact form emails/day bragging that they beat my captcha and offering to sell me a better one.

Obviously, I'd close down my website before I'd do business with them! Honestly, I'd have them shot if it was within my power.

Can anyone recommend a better Wordpress captcha plugin than the Google one?
 

Generic

Well-known member
Joined
Feb 24, 2011
Messages
7,706
Reaction score
248
We use the newer one from Google... but we also have added a drop down for arrival and departure date and an optional one for booking reference number that requires 7 digits or none. It's stopped the nonsense.
 

dumitru

Well-known member
Joined
Oct 7, 2013
Messages
359
Reaction score
57
Location
Dortmund, Germany
It really depends on the Contact Form plugin that you are using.
Many of them include an anti-spam technique called "honeypot", that also reduces a good amount of spam.
Captchas are generally considered too disruptive, so the world is trying to move on to behind-the-scenes anti-spam.
 

Generic

Well-known member
Joined
Feb 24, 2011
Messages
7,706
Reaction score
248
We moved to Ninja
The reservation number is set as 7 digits and specifically digits (mask 9999999) so they have to fill in a number, no letter. The date is a date picker. All of which has cut down on the spam. And the captcha only appears when needed (google has an algorithm for it. ) It's under reCaptcha 3.0. Been working great since we switched.
 

Arks

Well-known member
Joined
May 22, 2010
Messages
6,402
Reaction score
493
Many of them include an anti-spam technique called "honeypot", that also reduces a good amount of spam.
Honeypot is a really imaginative solution. No captcha appears on the form. Instead, Honeypot puts an invisible field on the form, so real people don't fill it in. But the hidden field IS visible to the bots, which think it's a required field so the bot fills it in.

The webform doesn't get submitted if that invisible field has data entered, because it knows it came from a bot. I'm trying it with the Contact Form 7 plugin. We'll see!
 

dumitru

Well-known member
Joined
Oct 7, 2013
Messages
359
Reaction score
57
Location
Dortmund, Germany
If you're using CF7, I have an article (and a video) with instructions about integrating Akismet (usually used for comment spam).

While you're at it, I also recommend pairing up CF7 with Flamingo (a tutorial and video on the same website).
 

Arks

Well-known member
Joined
May 22, 2010
Messages
6,402
Reaction score
493
I'm trying it with the Contact Form 7 plugin. We'll see!
So far, 24 hours after the changes, I've gone from 7 contact form spams/hour (all from the same "person") to 0 spams in 24 hours! So it fixed things for now. For now.

I'll sure be taking a look at Akismet and Flamingo is problems return. And I'm sure they will return, from one spammer or another. Semper vigilantes. Must remain ever vigilant.
 

dumitru

Well-known member
Joined
Oct 7, 2013
Messages
359
Reaction score
57
Location
Dortmund, Germany
Flamingo is not an anti-spam tool, rather a way to save form entries to the database (even the ones marked as spam).
This way, if something is wrong with your mail server, entries would still be available in the back-end (in the WP dashboard).
A few times a year I find some important messages that didn't reach me for one reason or another.
 

Arks

Well-known member
Joined
May 22, 2010
Messages
6,402
Reaction score
493
I'll give a recap and update on this topic.
  • My contact form captcha was working quite well for a couple of years, then I started getting multiple spams/day bragging that they beat my captcha and offering to sell me a better one.
  • I switched my webform to Contact Form 7 and installed Honeypot for Contact Form 7, which hides a field on the webform that humans can't see, but web bots see as a required field, so they fill it in and the form knows it's a bot filling it in, so it's not forwarded to me.
  • This eliminated the "I beat your captcha" spam, but after a couple of days I started getting sex website spam that apparently can beat Honeypot.
  • So now in addition to Honeypot, my form also uses ReCaptcha v2 for Contact Form 7 which adds the standard "click on the boxes that contain a taxi" captcha, and this combo has eliminated 100% of the spam since last weekend.
So I'm good...for now!
 

Generic

Well-known member
Joined
Feb 24, 2011
Messages
7,706
Reaction score
248
I'll give a recap and update on this topic.
  • My contact form captcha was working quite well for a couple of years, then I started getting multiple spams/day bragging that they beat my captcha and offering to sell me a better one.
  • I switched my webform to Contact Form 7 and installed Honeypot for Contact Form 7, which hides a field on the webform that humans can't see, but web bots see as a required field, so they fill it in and the form knows it's a bot filling it in, so it's not forwarded to me.
  • This eliminated the "I beat your captcha" spam, but after a couple of days I started getting sex website spam that apparently can beat Honeypot.
  • So now in addition to Honeypot, my form also uses ReCaptcha v2 for Contact Form 7 which adds the standard "click on the boxes that contain a taxi" captcha, and this combo has eliminated 100% of the spam since last weekend.
So I'm good...for now!
For the longest while, I beat them by putting in two date pull downs... arrival and departure as a required field and a test to see that they were at least 1 day in the future and at least a 2 day stay. The bots love to set it as both the same day and it just won't accept it :)
 

dumitru

Well-known member
Joined
Oct 7, 2013
Messages
359
Reaction score
57
Location
Dortmund, Germany
I'll give a recap and update on this topic.
  • So now in addition to Honeypot, my form also uses ReCaptcha v2 for Contact Form 7 which adds the standard "click on the boxes that contain a taxi" captcha, and this combo has eliminated 100% of the spam since last weekend.
So I'm good...for now!

I recommend extra care when implementing difficult captchas. You don't want to lose potential customers because they fail the captcha once or twice.
That's why I would rather take a few spam entries than risk losing legit leads.
Food for thought :)
 

Arks

Well-known member
Joined
May 22, 2010
Messages
6,402
Reaction score
493
I recommend extra care when implementing difficult captchas. You don't want to lose potential customers because they fail the captcha once or twice.
That's why I would rather take a few spam entries than risk losing legit leads.
Food for thought :)
Excellent point, but in my case, I get about 1 legitimate contact/month through my contact form, and I was getting about 15 spams/day until I cracked down. It's hard to be sure what to do, but at most I'd be losing 1 potential customer/month if they can't select the photos with a traffic light in them. I think I'll risk it.

Another way of looking at it: My place is somewhat unique in that nobody is there, and I very very rarely even see my guests. They have to be savvy enough to make an online reservation, then find and enter their suite on their own, from detailed instructions I e-mail to them.

If they are not able to do that, and handle a captcha, I don't want them, because I'm not there to hold their hand and work the TV remote for them. I can only take guests who are fairly competent in managing on their own!
 
Last edited:

Generic

Well-known member
Joined
Feb 24, 2011
Messages
7,706
Reaction score
248
Please... send me guests who are competent enough to be able to remember to press ✔️ after they enter their code.... please!
 

Arks

Well-known member
Joined
May 22, 2010
Messages
6,402
Reaction score
493
Please... send me guests who are competent enough to be able to remember to press ✔️ after they enter their code.... please!
One of my favorites was a post from years ago about a helpless guest who entered their key code then stepped back, thinking the door would swing open on its own, without having to turn the handle and push.
 
Top