I get a ton of Spam via my contact form, so I decided to get rid of it. I deleted it from the menu, but did not delete the template in case I want to use it again.
Now I still got spam mails and realized that the URL for the contact form still works even though a visitor can’t access it.
I changed the name of the template from “contact” to something else, but it still can be accessed.
How can I get rid of people being able to access that link without needing to delete the template?
Did you change the name of the page itself (where the contact form was added) or a page template?
Your contact form is separate from the page you’ve inserted it into. You can safely delete the page named “Contact” while the form itself remains available to insert into another page whenever you need it?
I completely forgot that they are nested in the page. Happens when you do not do any work in Backlight for a few months🙈
I tried the same trick, changing the page name thinking it would take time for spammers to find the new page, but even though I did actually change the page name, and not just the form, the spam kept coming, making me think that spammers are spoofing the old page. Is that how they work ? Or are there real people going to my top page and navigating down ?
Back in CE days I used to embed a hidden element that I checked for when processing the form, and when spam built up I just changed the hidden word in the form and the processing script, which kept me safe for a while, confirming the spoofing theory.
Maybe Backlight could be given the option of a hidden element that is checked for, and which users can change every few months as necessary ?
Are you using ReCaptcha in your contact forms?
Yes, currently V2, but have also tried V3.
I’m using v2 and I’m getting some spam too, probably 5or 6 a day.
It appears to be real people because the “I’m not a robot” box is checked.
I guess that the o.p., like me, was hoping that it was the url to the contact page that was in some spammers list, and so changing names would fix it, but it sounds more like they actually go into the main page and select the contact form and then go through all the compulsory sections and the recaptcha. Amazing that it’s worthwhile. But impossible to distinguish from real clients, so I guess we’re stuck.