Form Protection¶
This provides various ways to help protect forms from spammers:
Honeypot¶
Based on https://github.com/elisseck/com.elisseck.civihoneypot
Supports legacy forms (Quickform) and FormBuilder
Testing¶
Identify the honeypot field in the form. Then you run in browser console eg.
CRM.$('input#url-home-2').val('My Home URL');
CRM.$('input#url-home-2').trigger('input'); // required to trigger angular
Flood control¶
Based on https://lab.civicrm.org/extensions/floodcontrol
Supports legacy forms (Quickform) and FormBuilder
ReCAPTCHA¶
- v2 "I'm not a robot" (replaces the one shipped with CiviCRM core).
- v3.
- Cloudflare Turnstile -- Setup Turnstyle keys.
If you are using the Stripe payment processor ReCAPTCHA will also be used to help mitigate card testing attacks if it is enabled.
Note: v2 and Turnstile are support for legacy forms (Quickform) and FormBuilder. v3 is only supported for Quickform.
Setup¶
Configure via Administer->System Settings->Form Protection Settings
Integration with Firewall¶
When using Firewall v1.6.0+, this extension will log FormprotectionEvents in
the Firewall, which will block a user's IP address after too many failed attempts. See the Firewall documentation for more
information.
Support and Maintenance¶
This extension is supported and maintained with the help and support of the CiviCRM community by MJW.
We offer paid support and development as well as a troubleshooting/investigation service.