Created
March 26, 2021 10:23
-
-
Save rosswintle/0f65bea09a59b19d4486f190c46198bb to your computer and use it in GitHub Desktop.
WordPress Spam Pixel code for WP Forms
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Plugin Name: Spam Pixel | |
| * Description: This simple plugin integrates Ross's spam pixel idea with WP Forms | |
| * Author: Ross Wintle | |
| * Author URI: https://rosswintle.uk | |
| * Text Domain: spam-pixel | |
| * Domain Path: /languages | |
| * Version: 0.1.0 | |
| * | |
| * @package Spam_Pixel | |
| */ | |
| // Add field and CSS | |
| add_action('wpforms_display_submit_before', 'spx_add_field'); | |
| function spx_add_field($form_data) { | |
| $ajax_url = admin_url('admin-ajax.php') . '?action=spx_pixel'; | |
| echo '<div class="spx-captcha"></div>'; | |
| echo <<<EOT | |
| <style> | |
| .spx-captcha { | |
| width: 1px; | |
| height: 1px; | |
| } | |
| form:focus-within .spx-captcha { | |
| background-image: url($ajax_url); | |
| } | |
| </style> | |
| EOT; | |
| } | |
| // Add admin-ajax endpoint | |
| add_action('wp_ajax_spx_pixel', 'spx_pixel_submit'); | |
| add_action('wp_ajax_nopriv_spx_pixel', 'spx_pixel_submit'); | |
| function spx_pixel_submit() { | |
| $ip_address = $_SERVER['REMOTE_ADDR']; | |
| set_transient('spx_allow_' . $ip_address, '1', DAY_IN_SECONDS); | |
| wp_die(); | |
| } | |
| // Check form submission | |
| add_action('wpforms_process_before', 'spx_wpforms_process_before', 10, 2); | |
| function spx_wpforms_process_before( $entry, $form_data ) { | |
| $ip_address = $_SERVER['REMOTE_ADDR']; | |
| if (false === get_transient('spx_allow_' . $ip_address)) { | |
| wp_die('I don\'t think so!'); | |
| } | |
| } |
You're welcome.
Hey, looks fantastic!
can you explain to me please what exactly this code doing?
I didn't understand this way of blocking spam
what exactly this code doing?
Do not accept form submission from who has not loaded our CSS background image.
Thanks for your answer!
Ho, I see, and how is it block spam?
If the user didn't focus on the form so basically it means that's a robot?
From your experience, how safe is that?
Have a read of this. It should answer your questions.
https://rosswintle.uk/2021/03/css-only-spam-prevention-allow-list-captcha/
Thank you!!!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Oh, so when you're already on the allow-list you don't need to add the hidden field.
Hmm...I would probably keep that check in and extend the transient's expiry.
And yes, need to work on the response from the pixel! But it worked as a prototype.
Thanks - useful stuff!