Spam Prevention with Formalicious

deJaya · February 18, 2021, 2:50pm

Hi all,

I’m wondering what spam-prevention techniques people are using with Formalicious.

I never did get ReCaptcha to work with it - and to be honest - with the trackers it deploys vs GDPR requirements I want to use that less, not more.

I usually just enable the math captcha hook as described in the documentation and this works well to a point. But once a form has been live for a while the spam starts to creep in even with this in place.

So what’s your approach?

Many thanks in advance for any thoughts.

Cheers,

Chris

quentin100 · February 24, 2021, 2:46pm

I do use the ReCaptcha and it works well, albeit a little fiddly to set t up every time.

I use Sepia River’s RecaptchaV2 Extra, although I set it up with v3 Recaptcha API & Keys.

The solution I have is a custom form tpl for Formalicious and I add in the Recptcha code there, so it fires on every form:

FormTpl:

[[!FormIt?
    [[!+FormItParameters]]
    &recaptchav3.token_key=`tk-form-[[!+id]]` 
    &recaptchav3.action_key=`ak-form-[[!+id]]`
]]

<form>
(after submit button) 
[[!recaptchav3_render? 
   &form_id=`form-[[!+id]]` 
   &tpl=`recaptchav3_html` 
   &token_key=`tk-form-[[!+id]]` 
   &action_key=`ak-form-[[!+id]]`
]]
[[!+fi.error.recaptchav3_error]] 
</form>

I then update my formalicious Render Form snippet to use this new Form Tpl:

[[!FormaliciousRenderForm? ... &tplForm=`FormTpl`]]

Finally, you add the recaptchav3 (or recaptchav2) to the PostHooks field in the form.

NB. I am pretty sure I have gotten this working automatically, either by finding the placeholder [[!+FormItParameters]] in the code and adding the recaptchav3 to the hooks, or by adding a &hooks=recaptchav3 to my custom form, but I can’t currently find out which or where I did it!

deJaya · March 1, 2021, 11:54am

Hi @quentin100 ,

Many thanks for the reply and for sharing your approach.

I tried a similar recaptcha fix before but never quite got it to work - I’ll try again tho with the details you’ve shared.

Let us know if you find your shortcut method as that sounds useful!

I’d also be interested to hear about any non-recaptcha methods people might be using successfully.

Cheers for now,

Chris