-
-
Save rosswintle/0f65bea09a59b19d4486f190c46198bb to your computer and use it in GitHub Desktop.
<?php | |
/** | |
* Plugin Name: Spam Pixel | |
* Description: This simple plugin integrates Ross's spam pixel idea with WP Forms | |
* Author: Ross Wintle | |
* Author URI: https://rosswintle.uk | |
* Text Domain: spam-pixel | |
* Domain Path: /languages | |
* Version: 0.1.0 | |
* | |
* @package Spam_Pixel | |
*/ | |
// Add field and CSS | |
add_action('wpforms_display_submit_before', 'spx_add_field'); | |
function spx_add_field($form_data) { | |
$ajax_url = admin_url('admin-ajax.php') . '?action=spx_pixel'; | |
echo '<div class="spx-captcha"></div>'; | |
echo <<<EOT | |
<style> | |
.spx-captcha { | |
width: 1px; | |
height: 1px; | |
} | |
form:focus-within .spx-captcha { | |
background-image: url($ajax_url); | |
} | |
</style> | |
EOT; | |
} | |
// Add admin-ajax endpoint | |
add_action('wp_ajax_spx_pixel', 'spx_pixel_submit'); | |
add_action('wp_ajax_nopriv_spx_pixel', 'spx_pixel_submit'); | |
function spx_pixel_submit() { | |
$ip_address = $_SERVER['REMOTE_ADDR']; | |
set_transient('spx_allow_' . $ip_address, '1', DAY_IN_SECONDS); | |
wp_die(); | |
} | |
// Check form submission | |
add_action('wpforms_process_before', 'spx_wpforms_process_before', 10, 2); | |
function spx_wpforms_process_before( $entry, $form_data ) { | |
$ip_address = $_SERVER['REMOTE_ADDR']; | |
if (false === get_transient('spx_allow_' . $ip_address)) { | |
wp_die('I don\'t think so!'); | |
} | |
} |
What do you mean?
set_transient('spx_allow_' . $ip_address, '1', DAY_IN_SECONDS);
That allowed IP-s are cached.
Wait! They are not really cached.
- Transients need to be checked in top of
spx_add_field
(or when hooking that function) - And maybe adding
- HTTP body: https://png-pixel.com/
- HTTP headers for images
- HTTP cache headers
Oh, so when you're already on the allow-list you don't need to add the hidden field.
Hmm...I would probably keep that check in and extend the transient's expiry.
And yes, need to work on the response from the pixel! But it worked as a prototype.
Thanks - useful stuff!
You're welcome.
Hey, looks fantastic!
can you explain to me please what exactly this code doing?
I didn't understand this way of blocking spam
what exactly this code doing?
Do not accept form submission from who has not loaded our CSS background image.
Thanks for your answer!
Ho, I see, and how is it block spam?
If the user didn't focus on the form so basically it means that's a robot?
From your experience, how safe is that?
Have a read of this. It should answer your questions.
https://rosswintle.uk/2021/03/css-only-spam-prevention-allow-list-captcha/
Thank you!!!
Even caching!!