Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
WordPress Spam Pixel code for WP Forms
<?php
/**
* Plugin Name: Spam Pixel
* Description: This simple plugin integrates Ross's spam pixel idea with WP Forms
* Author: Ross Wintle
* Author URI: https://rosswintle.uk
* Text Domain: spam-pixel
* Domain Path: /languages
* Version: 0.1.0
*
* @package Spam_Pixel
*/
// Add field and CSS
add_action('wpforms_display_submit_before', 'spx_add_field');
function spx_add_field($form_data) {
$ajax_url = admin_url('admin-ajax.php') . '?action=spx_pixel';
echo '<div class="spx-captcha"></div>';
echo <<<EOT
<style>
.spx-captcha {
width: 1px;
height: 1px;
}
form:focus-within .spx-captcha {
background-image: url($ajax_url);
}
</style>
EOT;
}
// Add admin-ajax endpoint
add_action('wp_ajax_spx_pixel', 'spx_pixel_submit');
add_action('wp_ajax_nopriv_spx_pixel', 'spx_pixel_submit');
function spx_pixel_submit() {
$ip_address = $_SERVER['REMOTE_ADDR'];
set_transient('spx_allow_' . $ip_address, '1', DAY_IN_SECONDS);
wp_die();
}
// Check form submission
add_action('wpforms_process_before', 'spx_wpforms_process_before', 10, 2);
function spx_wpforms_process_before( $entry, $form_data ) {
$ip_address = $_SERVER['REMOTE_ADDR'];
if (false === get_transient('spx_allow_' . $ip_address)) {
wp_die('I don\'t think so!');
}
}
@szepeviktor

This comment has been minimized.

Copy link

@szepeviktor szepeviktor commented Mar 26, 2021

Even caching!!

@rosswintle

This comment has been minimized.

Copy link
Owner Author

@rosswintle rosswintle commented Mar 26, 2021

What do you mean?

@szepeviktor

This comment has been minimized.

Copy link

@szepeviktor szepeviktor commented Mar 26, 2021

set_transient('spx_allow_' . $ip_address, '1', DAY_IN_SECONDS);

That allowed IP-s are cached.

Wait! They are not really cached.

  1. Transients need to be checked in top of spx_add_field (or when hooking that function)
  2. And maybe adding
@rosswintle

This comment has been minimized.

Copy link
Owner Author

@rosswintle rosswintle commented Mar 26, 2021

Oh, so when you're already on the allow-list you don't need to add the hidden field.

Hmm...I would probably keep that check in and extend the transient's expiry.

And yes, need to work on the response from the pixel! But it worked as a prototype.

Thanks - useful stuff!

@szepeviktor

This comment has been minimized.

Copy link

@szepeviktor szepeviktor commented Mar 26, 2021

You're welcome.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment