Stop SPAM from custom form

This form is receiving a lot of spams and I would like some advice on what I can do to prevent it.

I should not use any plugins nor any Captcha.

 function innerpages_form($atts, $content = null)
{
    session_start();
    // Attributes
    extract(
        shortcode_atts(
            array(
                'title' = '',
            ),
            $atts
        )
    );
    // Code
    //global $wp_session;

    return ' div class="sell-fast-form"


    form action="/sell-now/" method="post" id="myForm"

    h2 style="color:#f15a29"Need To Sell Your House Fast?/h2br

      h2Property Address/h2
                input type="text" class="Property_Address" name="Property_Address" id="addr" placeholder="Property Address" value="" required 

                h2Phone/h2
                input type="text" class="Phone" name="Phone" placeholder="Phone" id="Phone" pattern="^[(]{0,1}[0-9]{3}[)]{0,1}[-\s\.]{0,1}[0-9]{3}[-\s\.]{0,1}[0-9]{4}$" required title="xxx-xxx-xxxx" 
                h2Email/h2
                input type="Email"  class="Email" name="Email"  placeholder="Email" id="Email" value="" required 
                input style="display:none;" type="text" name="robots" value="" /
                input type="submit" class="click_here" onsubmit="return myFunction();" value="nbsp; nbsp; nbsp; nbsp; GET MY FAIR CASH OFFER nbsp; gt;gt;gt;"/





  script
        function myFunction() {
            document.getElementById("myForm").submit();
            return false;
        }
        /script
/form

        /div

      ';
}
add_shortcode('innerpages_form', 'innerpages_form');

Topic spam forms Wordpress

Category Web

1
answered at

I've been studying (and blocking) automated form spam for years. Most advice relates to hidden fields, CSS tricks, 'stupid' questions ("what is 1+3"), and others.

And the reason that those tricks (and others) don't work with automated spam bots is that they don't 'see' your form, they just post to it. They scrape the form, grab the form fields, and use automated techniques (like CURL) to post to the form. (I wrote a post about how they do it here:

So, you have to hide things. I've developed a process (free) that obfusticates the submit form, using JS delays (among others), and can implement reCAPTCHA (which is a good start, but not complete). The result is a 'contact' form (which can be modified to add other fields) that has not been successfully attacked by spam-bots. (In fact, I challenge anyone to spam-bot the form on that site, and none have after years of using the technique - which I have improved over the years.)

All of the code is free, and available at my FormSpammerTrap site. I send it to anyone that wants it, and don't use (or keep) the emails of those that request it. I think it is quite successful at blocking automated spam. All the details are on the site.

I welcome automated attacks. Always have. Never get any.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.