I got spam emails using PHP on WordPress

_console.log(’’)-contact.php <?php /** * Template Name: CONTACT */ ?> <?php get_header(); ?> <main> <section class="sec-t" id=""> <div class="cnt"> <p class="t-icon">CONTACT</p> <h2 class="t1">CONTACT</h2> <form action="<?php theme(); ?>/submit.php" method="post"> <label for="name">Name<span>*</span></label> <input type="text" id="name" name="name" required> <br><br> <label for="company">Conpamy</label> <input type="text" id="company" name="company"> <br><br> <label for="phone">Phone<span>*</span></label> <input type="tel" id="phone" name="phone" pattern="^\d{2,4}-?\d{3,4}-?\d{3,4}$" required> <br><br> <label for="email">Email<span>*</span></label> <input type="email" id="email" name="email" required> <br><br> <label for="notes" required>Message<span>*</span></label> <textarea id="notes" name="notes" required></textarea><br> <br><br> <label for="terms" class="terms-label"> <input type="checkbox" id="terms" name="terms" required> <a href="/terms" target="_blank">Terms</a> </label> <br><br> <div style="display:none;"> <input type="text" name="honeypot" value=""> </div> <input type="submit" value="Submmit"> </form> </div> </section> </main> <?php get_footer(); ?> subumit.php <?php if ($_SERVER["REQUEST_METHOD"] == "POST") { $topic = htmlspecialchars($_POST['topic']); $name = htmlspecialchars($_POST['name']); $company = htmlspecialchars($_POST['company']); $phone = htmlspecialchars($_POST['phone']); $email = htmlspecialchars($_POST['email']); $notes = htmlspecialchars($_POST['notes']); $honeypot = htmlspecialchars($_POST['honeypot']); date_default_timezone_set('Asia/Tokyo'); $currentDateTime = date('Y-m-d H:i'); $apiToken = 'xxx'; $roomId = 'xxx'; $chatworkMessage = "[To:xxx]Mr, XXX CC:[To:xxx]Mr, XXX[info][title]Contact[/title] Time: {$currentDateTime} Topic: {$topic} Name: {$name} Company: {$company} Phone: {$phone} Email: {$email} Message: {$notes}[/info]"; $mailMessage = "Time: {$currentDateTime} ー Topic: {$topic} Name: {$name} Company: {$company} Phone: {$phone} Email: {$email} ー Message: {$notes}"; $mailAddress = "{$email}"; $mailName = "{$name}"; // Send message to Chatwork with cURL $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://api.chatwork.com/v2/rooms/{$roomId}/messages"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(['body' => $chatworkMessage])); curl_setopt($ch, CURLOPT_HTTPHEADER, [ "X-ChatWorkToken: {$apiToken}", "Content-Type: application/x-www-form-urlencoded" ]); $response = curl_exec($ch); curl_close($ch); if ($_SERVER["REQUEST_METHOD"] == "POST") { $to = "xxx"; $subject = "Contact(".$mailName.")"; $message = $mailMessage; $headers = "From: ".$mailAddress."\r\n" . "CC: xxx"; // Send email if (mail($to, $subject, $message, $headers)) { header("Location:/contact/success"); exit; } else { header("Location:/contact/success"); exit; } } else { header("Location:/register-campaign?code=failed"); exit; } // Response if ($response) { header("Location:/register-campaign?code=sucess"); exit; echo "sucessed"; } else { echo "failed"; } } else { echo "Invalid request."; } ?> I'm currently developing a contact form using PHP on a WordPress site. The code I've implemented so far is functioning as expected, and the form is working well overall. However, I've been facing an issue with receiving a significant amount of spam submissions. This is becoming quite troublesome, and I’m looking for effective ways to reduce or block the spam. I would prefer not to rely on plugins for this purpose, as I want to keep the form lightweight and maintain full control over the code. I’ve already implemented a Honeypot technique in an attempt to mitigate the spam, but unfortunately, I’m still getting a substantial number of spam submissions. Are there any other methods or best practices I can use to further reduce or eliminate the spam? Any suggestions that don’t involve using plugins would be greatly appreciated.

Comment (0)

You’ll be in good company