Hello everyone. I started to receive a lot of spam in an old contact form on my page so I decided to just delete the form. Unfortunately this did not solve the problem and I am receiving more and more spam through the same form that no longer exists on the site. The form sends an email from my email address and now gmail is blocking me from sending any emails because the spammer has reached the send limit.

After having tried many solutions, I have finally found a solution to block, remove, and eliminate WordPress comment spam for good. Wordpress comment spam, block comment spam, wordpress comments.

What is happening here!?!?! Any suggestions on how I can fix this problem is greatly appreciated!The page I need help with: to see the link. The spammer (probably only one, even though he’s using several IP addresses) isn’t using your form, which is why you’re still getting spam even though you’ve removed it. He’s using his own version of your form, identical to the one he’s used to spam hundreds of other sites with the same form, and what you’re getting is the submitted output from the form. Once you’ve got your head round that distinction, dealing with it becomes easy – because a genuine visitor can’t access the form, as it isn’t physically there for him to fill in, any form responses you get must be spam. So, set your mail server to automatically dump any form responses you get.In other words, not really getting spam through your Web site form, you’re just seeing the output from the form.

I often refer to this as “direct posting.” At some point a spam bot indexed your form page and just kept the link that’s part of the action=”” attribute in the element. As long as the form-to-email script in that page still exists, future bots can just blow by your form and go straight to the page that does all the work, and spam you that much faster.Since you’ve already dumped the form itself (and if you want to keep that email address instead of losing it), another way to handle this would be to also delete the script or page that actually processes your old Contact Us form. For most contact forms, the form-to-email scripting can usually be found in the thank you page for the form.This reply was modified 2 years, 4 months ago. DO not place form confirmations on same pageSure, that’ll make it easier for non-coders to kill the form handling scripts by simply deleting the page, but it does require user intervention to suppress “direct posting” of spam.

There are some valid reasons to handle confirmations on the same form page. This does not need to be a problem because all forms should incorporate a scheme to prove the POSTed data comes from a legitimately served form and not from some spammer script.With a nonce scheme, users do not need to manage the disabling of form handling script, the script provides its own security to make disabling unnecessary. Do make note though that the nonce scheme implemented by WP is not a true nonce scheme. WP “nonces” can be used any number of times within 24 hours, giving spammers a sizable time frame in which to work. A true nonce that can only be used once is highly desirable to automatically prevent direct post spam.The OP might be looking for a better form building plugin. I’m unable to recommend any form building plugin that uses true nonces, but it would be a feature to look for.

Even utilizing the WP nonce scheme would be much better than nothing. I would walk away from any form plugin that does not utilize some sort of nonce scheme. Forms typically manage nonce values in a hidden field, so checking the form’s source HTML will generally demonstrate that a nonce is being used.Also realize that nonces alone will not prevent spam, they merely guarantee that a form from your server submitted the data. Redline rumble 4 ignitro city.

Spammers can still spam by using your form (assuming it still exists). Removing forms that use true nonces will definitely stop spam even when the handling script remains.