Looking to Increase Revenue From Your Website?

Schedule a FREE 30-minute power consultation now.

Eliminate SPAM in Modx eForm Without CAPTCHA

We all hate spam. Whether it's bot-generated spam or human-generated spam, it seems like there is no way around it. Since I build all my sites using Modx and I also use eForm for basic contact forms, I had become accustomed to just deleting spam as it arrived in my inbox and moving on with my day.

Until one particular Saturday.

The Problem

On the Saturday in question, I woke up to about 12 spam emails that were submitted through my website contact form overnight. All were bot-generated spam, with incoherent gibberish in all the fields. Throughout the day, I received several more spam emails through my contact form.

Enough was enough.

I had to come up with a solution that would kill the bot-generated spam WITHOUT using a CAPTCHA. I hate CAPTCHAs and I didn't want my potential customers to have to fiddle with them - they look horrible from a design perspective and they are completely unusable.

The Solution

After a bit of research, I had found a couple of tutorials that use only CSS (along with some PHP validation - which is built into eForm) to eliminate spam so I figured I'd give it a try. It worked perfectly. I have not received a single bot-generated spam email since then - and I never will again. Here's how it works:

Add the following code to your contact form HTML:

<div class="special">
    <label for="cfSpecial">
        <p>Special<br /><input value="" name="special" id="cfSpecial" class="text" type="text" eform="Special:date:0"  /></p>

The code above generates a basic text field input but is validated to accept a date format only. It is not a required field. So in order for this form to successfully validate and be processed, IF a user (or dirty little spam-bot) inputs anything in the "special" field, it must formatted as a date or it won't validate. We must make this field optional because the next step is to hide the field using CSS:

.special { display: none; }

Since spam-bots don't read CSS, the bot races through the form, filling in every field it comes across (including the hidden field). It sees the special field and reads the class="text" thinking it only needs to input a string of text to validate it. But it really needs a date format to validate and so the form does not submit. It's that easy!

A human will not even see this field because it is hidden via CSS. So when they fill out the form, nothing goes in that field and the form validates and submits perfectly.

Looking to Increase Revenue From Your Website?

Schedule a FREE 30-minute power consultation now.