Broken plugin
-
Someone got their hands dirty and broke the plugin. After the update, the field data was inaccessible, and it started banning everyone. And rightly so—the bad plugin should be removed. Long live it – $spam = true; $reason[‘no_ip’] = ‘Address field empty’;
IP address field of $remote_ip is empty, this means it has been modified, removed or hacked! (i’m getting the real ip from http header). Broken plugin – solution to remove!
-
Hi @lemurnick,
Please remember that this is not the support forum and that it is possible that the error you are seeing is due to some incompatibility or other issue not strictly related to the plugin (or as you claim, to all installations of the plugin), that I cannot currently identify given the limited information I have. Yesterday, the plugin was downloaded by 3,000 people, and so far, you are the only one reporting this issue.I ask you not to be so disrespectful to those who produce free software.
What else can I tell you? Here’s my answer after the update…
data_mismatch: Version mismatch ” != ‘0.7.1’ bot_fingerprint: timezone, platform, screens, user_agent, app_version, webdriver, session_storage, bot_fingerprint, memory bot_fingerprint_extras: activity 0, mouseclick_activity, mousemove_activity, webgl, webgl_render browser_language: missing browser language language_field: missing language field timestamp: undefined
If you don’t test your code before production, what other relationship can there be? Don’t worry too much, I’ve already removed it and installed another plugin that doesn’t cause any “incompatibility” issues.
Hi @lemurnick,
I don’t understand how you can claim that I don’t test my code before production.
- I personally use every new release for at least a couple of days on my own blog (https://modul-r.codekraft.it/contacts/).
- I also deploy it on 4-5 of my clients’ websites, which receive at least ten form submissions daily (I obviously cannot share these for privacy reasons).
- Furthermore, I have automated End-to-End (E2E) and unit tests running for every pull request to the repository, a practice that, to my knowledge, few plugins—including popular ones like CF7—have.
The specific problem you are describing can happen, and I suspect you have JavaScript issues on your site. This would prevent the script designed to “observe” the form completion from executing correctly.
I remain quite confident that this issue is limited to your specific website. However, if you are right, we will certainly see many more feedback/reports/issues like yours within the next few days.
I am faced with the following problems (Apache 2.4 + PHP 8.4+MySQL 8+WP6.8.3):
JavaScript is working incorrectly to fill in hidden fields.
The JavaScript of the plugin does not fill in the required hidden fields of the form:
_cf7a_address (IP address)
_cf7a_version (plugin version)
_cf7a_timestamp (timestamp)
Fields for bot fingerprinting
As a result, the plugin marks all shipments as spam due to the lack of necessary data.Critical error in the B8 filter database.
A fatal PHP error occurs when submitting the form.:
b8\storage\storage_base: The connected database is not a b8 v3 database
PHP Fatal error: Uncaught Error: Call to a member function classify() on false
The consequences are a complete failure of form processing, the form is not sent.
A temporary solution is to reset B8 via the admin panel, they added it for a reason;)
Although it was possible to add exception handling during B8 initialization and automatic database recovery in case of errors.Lack of graceful degradation in case of errors.
If any component fails (IP detection, b8, etc.), the entire protection system stops working and collapses.
There is no fallback mechanism – if there are errors in individual components, the rest of the checks do not continue.Problems with determining the IP address – the plugin does not take into account various proxy/CDN configurations.
Only $_POST[‘_cf7a_address’] is used, but not the standard methods.
There is no multi-level IP detection with a fallback to standard server methods in case of errors.Caching conflict – static timestamp and other dynamic data values are cached.
When using page caching, time checking becomes ineffective.I didn’t go into much detail, but looking at the code, I can say that this plugin uses a “fragile” architecture.:
- Relies on client-side JavaScript for mission-critical data
- Has no backup processing mechanisms when client data is unavailable
- Ignores server-side methods for determining the same IP, which are standard
…good luck with the development, maybe I’ll come back in a while 🙂
Hi @lemurnick,
I appreciate that you have raised several valid and, in some cases, agreeable points regarding the architecture. However, I still don’t understand the punitive way used, which is not constructive at all.
Aside from the (legitimate) choice not to use this plugin, you have the choice, for example, to disable the entire JS section and use only certain functions of the plugin, like the honeypots. Using JS has its pros and cons; for instance, many bots don’t execute it, making them easily “captured.”
I find it somewhat amusing when you call the plugin’s architecture “fragile,” especially when compared to simple honeypot plugins that rely entirely on using JS to insert fields (which, as I mentioned, a large portion of bots do not execute). Are those plugins reliable? Did you leave a poor feedbacks for them too?
I’d like to point out a couple of things:
- PHP 8.4 is currently only in beta support for WordPress, and that could easily be the source of the critical error you experienced with the B8 filter.
- The IP address is checked in a multi-layered way, not only using the frontend method you saw but also using PHP. You can find the server-side detection logic here: https://github.com/wp-blocks/cf7-antispam/blob/main/core/functions.php#L19-L46
You are correct that the plugin doesn’t have a backup mechanism for every component. But tell me: how many anti-spam WordPress plugins do you know that have that level of graceful degradation?
Ideally, you are perfectly right about the architecture. If you feel strongly about these architectural issues, you are more than welcome to contribute to the development. I have never rejected a sensible pull request from anyone.
Anyway, thanks, you’ve given me a couple of ideas in the end.Okay, it got interesting. I decided to connect the plugin, diagnose the problem, and found the following:
File /build/script.asset.php contains an empty array of dependencies: ‘dependencies’ => array()
Because of this, the plugin scripts are not loaded, as WordPress does not know that jQuery and Contact Form 7 are needed.
For a temporary fix, I had to manually register scripts with the correct dependencies.Diagnostic results after correction:
=== CF7A SIMPLE DIAGNOSTIC ===
DOM Ready: interactive
CF7A Scripts found: 1
Script 1: script.js?ver=1829dacfa96318b4e905
✅CF7A Settings: DEFINED
kPrefix: cf7a
Version: 1829dacfa96318b4e905
✅jQuery: LOADED
✅CF7: LOADED
CF7 Forms: 1
Form 1 CF7A fields: 1
=== CF7A DELAYED CHECK ===
✅CF7A Settings (delayed): DEFINED
✅jQuery (delayed): LOADED
DOMContentLoadedBefore the fix, it was::
=== BUILD ISSUE RESOLVED ===
❌Problem: Empty dependencies array in script.asset.php
✅Solution: Manually added dependencies: jQuery, Contact Form 7
✅Script loaded: true
✅Settings defined: true
ependencies loaded:
❌jQuery: false
✅CF7: trueAfter fixing the script download, another problem appeared.:
The plugin does not add the hidden field_cf7a_addressto the Contact Form 7 forms.
It is possible that the CF7 form check on the page is not working correctly.
The result is the error"no_ip: Address field empty"when submitting any form.
Forcibly added the IP address field to the forms via JavaScript,
but it didn’t help – the data is already there, but the verification fails.The logs show:
=== CF7A POSTED DATA FILTER ===
Checking address field in posted data: _cf7a_address
❌ CF7A IP FIX (posted_data): Address field is empty
CF7A IP FIX (posted_data): Real IP = XX.XX.XXX.XXX
✅ CF7A IP FIX (posted_data): Added encrypted IPI intercepted the form submission to add the IP address to the data, but it didn’t help.
The data is already there, but the verification fails.There may be a problem with hook priorities.
Scripts are registered on the wp_footer hook, but must be registered on wp_enqueue_scripts
The checks occur before the data can be prepared.- Look at the build system
Check that the Webpack/importer defines the dependencies correctly.
In build/script.asset.php must be: ‘dependencies’ => array(‘jquery’, ‘contact-form-7’) - Fix adding and checking hidden fields
Check the cf7a_add_hidden_fields() method in the CF7_AntiSpam_Frontend class.
Make sure that the _cf7a_address field is added to all CF7 forms. - Perhaps you need to optimize hook priorities.
Register scripts on wp_enqueue_scripts, not wp_footer
Check the data after it is fully prepared.
All logs and notes, how I came to this conclusion.
=== CF7 ANTISPAM ADVANCED ROOT CAUSE ANALYSIS ===
1. DETAILED SCRIPT LOADING ANALYSIS:
Total scripts on page: 92
CF7-related scripts: 6
Script 1: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'YES', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "YES"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"
↳ Inline content preview: // Passing PHP diagnostics to JavaScript
window.cf7a_php_diagnostics = {plugin_active: true,registered_scripts: 0,options_prefix: '_cf7a_'
};...
Script 2: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'YES', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "YES"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"
Script 3: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'YES', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "YES"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"
↳ Inline content preview: // Updating the debug panel based on the results
setTimeout(() => {const panel = document.querySelector('.cf7a-debug-panel');if (panel) {const status = panel.querySelector('.status');if (typeof cf7a_settings =...
Script 4: {src: 'https://mysite.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.3', isCF7AntiSpam: 'NO', async: false, defer: true, readyState: undefined, …}async: falsedefer: trueisCF7AntiSpam: "NO"loaded: "LOADING/ERROR"readyState: undefinedsrc: "https://mysite.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.3"
Script 5: {src: 'INLINE SCRIPT', isCF7AntiSpam: 'NO', async: false, defer: false, readyState: undefined, …}async: falsedefer: falseisCF7AntiSpam: "NO"loaded: "LOADING/ERROR"readyState: undefinedsrc: "INLINE SCRIPT"
Script 6: {src: 'https://mysite.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.3', isCF7AntiSpam: 'NO', async: false, defer: true, readyState: undefined, …}async: falsedefer: trueisCF7AntiSpam: "NO"loaded: "LOADING/ERROR"readyState: undefinedsrc: "https://mysite.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.3"
2. WORDPRESS HOOKS AND INITIALIZATION:
WordPress JS object: EXISTS
wp.hooks: EXISTS
wp.domReady: MISSING
3. CONTACT FORM 7 INITIALIZATION:
wpcf7 version: UNKNOWN
wpcf7 cached: 1
wpcf7 api settings: {root: 'https://mysite.com/wp-json/', namespace: 'contact-form-7/v1'}namespace: "contact-form-7/v1"root: "https://mysite.com/wp-json/"[[Prototype]]: Object
CF7 forms found: 1
Form 1 classes: wpcf7-form init
Form 1 init state: INITIALIZED
4. CF7 ANTISPAM PLUGIN DETECTION:
true
5. SCRIPT LOADING ERRORS:
Potentially failed scripts: 0
6. PLUGIN CONFLICT DETECTION:
✅ No obvious plugin conflicts detected
7. CF7 ANTISPAM STYLES DETECTION:
CF7A style sheets: 0
8. DYNAMIC INITIALIZATION CHECK:
9. SCRIPT PATH ANALYSIS:
CF7A REST routes detected: 13
/cf7-antispam/v1
/cf7-antispam/v1/force-geoip-download
/cf7-antispam/v1/status
/cf7-antispam/v1/resend_message
/cf7-antispam/v1/force-update
/cf7-antispam/v1/reset-blacklist
/cf7-antispam/v1/reset-dictionary
/cf7-antispam/v1/full-reset
/cf7-antispam/v1/rebuild-dictionary
/cf7-antispam/v1/unban-ip
/cf7-antispam/v1/ban-forever
/cf7-antispam/v1/get-blacklist
/cf7-antispam/v1/export-blacklist
10. ROOT CAUSE ANALYSIS SUMMARY:
IDENTIFIED ISSUES:
1. CF7 AntiSpam scripts not enqueued by WordPress
2. CF7A settings not localized - plugin PHP code not running
DELAYED WP SCRIPT ANALYSIS (after DOM ready):
WP scripts object status: NOT AVAILABLE
EAL-TIME ENQUEUE STATUS CHECK:
CF7A script elements in DOM: 0
=== CF7 ANTISPAM ADVANCED SCRIPT REGISTRATION ANALYSIS ===
PHP SCRIPT REGISTRY ANALYSIS:
PHP Registered CF7A Scripts: 0
PHP Enqueued CF7A Scripts: 0
DYNAMIC WP SCRIPT OBJECT ANALYSIS:
WP.scripts object not available for analysis
ACTUALLY ENQUEUED/LOADED SCRIPTS ANALYSIS:
Total enqueued scripts: 44
Enqueued CF7A scripts: 0
CF7A PHP diagnostics script executed
=== CF7A SUPER DEBUG - START ===
1. Environment check:
DOM Ready: loading
jQuery: MISSING
WordPress: LOADED
2. CF7A Scripts in DOM:
Found scripts: 0
3. PHP Variables check:
cf7a_php_diagnostics: {plugin_active: true, plugin_path: 'cf7-antispam/cf7-antispam.php', debug_time: '2025-11-12 03:51:08', memory_usage: '93.25855255127 MB'}
cf7a_script_analysis: NOT SET
cf7a_settings: NOT SET
4. Page context check:
Current URL: https://mysite.com/contacts/
Page contains CF7 forms: YES
Page contains "contacts": YES
5. Error check:
PHP diagnostics: {plugin_active: true, plugin_path: 'cf7-antispam/cf7-antispam.php', debug_time: '2025-11-12 03:51:08', memory_usage: '93.25855255127 MB'}
=== CF7A SUPER DEBUG - END ===
DIAGNOSTIC RESULTS:
WHAT WORKS:
PHP code is running - diagnostics are working
The plugin is active (plugin_active: true)
The right way (cf7-antispam/cf7-antispam.php )
CF7 forms are on the page - YES
WordPress JS loaded - LOADED
PROBLEM:
CF7A scripts are not loaded - Found scripts: 0
CF7A settings are not set - cf7a_settings: NOT SET
jQuery is not loaded at the time of diagnosis (but this is normal for early execution)
DETAILED CF7 ANTISPAM DIAGNOSTIC REPORT
THE OVERALL PICTURE
The CF7 AntiSpam plugin is installed and activated, but its JavaScript files are not loaded on the frontend.
This is a critical issue that completely disables the antispam functionality.
WHAT IS WORKING CORRECTLY
1. ACTIVATION OF THE PLUGIN
The plugin is activated in WordPress
Path:
cf7-antispam/cf7-antispam.php , The PHP part of the plugin is running
2. REST API FUNCTIONALITY
13 REST endpoints registered
API routes available:
/cf7-antispam/v1/status
/cf7-antispam/v1/force-update
/cf7-antispam/v1/reset-blacklist
and the other 10 endpoints
3. CONTACT FORM 7
CF7 is initialized correctly
A form has been found on the contact page
The form is in the init state (initialized)
The wpcf7 object is available in JavaScript
4. WORDPRESS ENVIRONMENT
WordPress JavaScript object loaded
jQuery is loaded (but later in the download process)
44 scripts have been successfully loaded on the page
There are no conflicts with other anti-spam plugins
WHAT DOESN 'T WORK
1. CF7 ANTISPAM SCRIPTS
0 CF7A scripts uploaded to DOM
0 scripts registered in WordPress
0 scripts queued up
2. SETTINGS AND CONFIGURATION
The cf7a_settings object is not defined
Localization of settings is not performed
3. STYLES
CF7 AntiSpam styles are not loaded
DETAILED ANALYSIS OF THE CAUSES
THE MAIN REASON: SCRIPTS ARE NOT REGISTERED IN WORDPRESS
Proofs:
PHP has registered CF7A scripts: 0
PHP has queued CF7A scripts: 0
CF7A script elements in DOM: 0
The CF7 anti-spam plugin does not call wp_register_script() for its JS files
The plugin does not call wp_enqueue_script() to add scripts to the queue.
WordPress knows nothing about plugin scripts
SECONDARY CAUSE: THERE IS NO LOCALIZATION OF SETTINGS
Proofreading:
cf7a_settings: NOT INSTALLED
There is no wp_localize_script() call to transfer settings from PHP to JS
TECHNICAL ANALYSIS
PROBLEM STRUCTURE:
php
CORRECT FLOW (missing):
wp_register_script('cf7a-script', $url, $deps, $ver); // ❌ NOT CALLED
wp_enqueue_script('cf7a-script'); // ❌ wp_localize_script IS NOT CALLED
('cf7a-script', 'cf7a_settings', $data); // ❌ NOT CALLED
RESULT:
Scripts are not loaded into the browser.
The settings are not transmitted in JavaScript
Anti-spam functionality does not work
POTENTIAL CAUSES OF FAILURE:
An error in the main plugin file (cf7-antispam.php )
Script loading conditions are not met
Priority conflict of hooks (wp_enqueue_scripts is called too early/late)
PHP errors in the plugin code that interrupt execution
FINAL ANALYSIS OF THE PROBLEM:
ROOT CAUSE:
File build/script.asset.php it contains an empty array of dependencies, although the CF7 AntiSpam script requires:
jQuery - for basic functionality
of contact-form-7 - for integration with CF7 forms
WHY THIS HAPPENS:
The plugin uses Webpack or another build system
The dependencies were not correctly identified during the build.
As a result, the script is registered without dependencies.
WordPress does not download the necessary libraries before the CF7A script.
CF7A SUCCESS DIAGNOSTIC:
=== BUILD ISSUE RESOLVED ===
Problem: Empty dependencies array in script.asset.php
Solution: Manually added dependencies: jQuery, Contact Form 7
Script loaded: true
Settings defined: true
Dependencies loaded:
- jQuery: false
- CF7: true
=== CF7A SIMPLE DIAGNOSTIC ===
DOM Ready: interactive
CF7A Scripts found: 1
Script 1: script.js?ver=1829dacfa96318b4e905
CF7A Settings: DEFINED
Prefix: _cf7a_
Version: 1829dacfa96318b4e905
jQuery: LOADED
CF7: LOADED
CF7 Forms: 1
Form 1 CF7A fields: 1
=== CF7A DELAYED CHECK ===
CF7A Settings (delayed): DEFINED
jQuery (delayed): LOADED
DOMContentLoaded
The problem b8 (fixed via the admin panel)
b8\b8::classify(): Implicitly marking parameter $text as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 125
b8\b8::learn(): Implicitly marking parameter $text as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 328
b8\b8::learn(): Implicitly marking parameter $category as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 328
b8\b8::unlearn(): Implicitly marking parameter $text as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 349
b8\b8::unlearn(): Implicitly marking parameter $category as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/b8.php on line 349
b8\lexer\standard::add_token(): Implicitly marking parameter $word_to_remove as nullable is deprecated, the explicit nullable type must be used instead in /home/n/nizazabrgm/public_html/wp-content/plugins/cf7-antispam/core/b8/b8/lexer/standard.php on line 168
[12-Nov-2025 05:32:48 UTC] 🔄 CF7A FALLBACK: Script not loaded by main fix, loading in footer
[12-Nov-2025 05:32:48 UTC] ✅ CF7A FALLBACK: Script loaded directly in footer
[12-Nov-2025 05:32:48 UTC] === CF7A IP DEBUG ===
[12-Nov-2025 05:32:48 UTC] REMOTE_ADDR: XX.XX.XXX.XXX
[12-Nov-2025 05:32:48 UTC] HTTP_X_FORWARDED_FOR: NOT SET
[12-Nov-2025 05:32:48 UTC] HTTP_X_REAL_IP: NOT SET
[12-Nov-2025 05:32:48 UTC] HTTP_CLIENT_IP: NOT SET
[12-Nov-2025 05:32:48 UTC] CF7A Detected IP: XX.XX.XXX.XXX
CF7A HIDDEN FIELDS DEBUG:
CF7 Forms found: 1
Form 1:
CF7A hidden fields: 1
_cf7a_processed: HAS VALUE
Value: 1...
❌ Address field not found in form
[12-Nov-2025 06:04:02 UTC] === CF7A POSTED DATA FILTER ===
[12-Nov-2025 06:04:02 UTC] Checking address field in posted data: _cf7a_address
[12-Nov-2025 06:04:02 UTC] ❌ CF7A IP FIX (posted_data): Address field is empty
[12-Nov-2025 06:04:02 UTC] CF7A IP FIX (posted_data): Real IP = XX.XX.XXX.XXX
[12-Nov-2025 06:04:02 UTC] ✅ CF7A IP FIX (posted_data): Added encrypted IPHi @lemurnick,
Thank you very much for taking the time to provide such a detailed analysis and for sharing the extensive logs. This level of detail is genuinely helpful for debugging.
I need to address a couple of technical points regarding your findings:1. Script Dependencies in
script.asset.phpYou correctly pointed out the empty dependencies array:
'dependencies' => array().However, this array being empty is intentional and correct for this plugin.
- The file is autogenerated by WordPress’s build tools (like
wp-scripts) based on theimportstatements in the script. - CF7 AntiSpam is written in plain ECMAscript and has NO dependencies on jQuery or Contact Form 7’s core JS. I personally aim to avoid loading jQuery on the frontend for anti-spam purposes, as it introduces unnecessary weight.
- An empty dependency array means the script does not require any other script to function. If jQuery or CF7 were required, they would appear here.
Your manual fix to add these dependencies forced the script to load, but it indicates the original issue was likely deeper than just the dependency array itself.2. WordPress Environment and PHP 8.4
You are using PHP 8.4, which is currently only in beta support for WordPress and many of its plugins. This is a very slippery slope and is likely the source of instability, particularly with the B8 library errors you mentioned (like the implicit nullable type deprecation warnings).
The most telling sign from your advanced analysis is in the Environment Check:
DOM Ready: loadingwp.domReady: MISSING
This indicates that something on your site is blocking or severely delaying the DOM from completing its load, and is preventing the standard WordPress and theme scripts (like those setting up
wp.domReady) from running correctly. This is usually due to a critical JavaScript error from another source that halts execution across the entire page.If the DOM is stuck in a
loadingstate, my plugin’s script—which requires the DOM to be ready to inject fields—will inevitably fail to execute its logic properly, regardless of how it’s enqueued.Next Steps- I am currently working to recreate your specific environment (Apache 2.4 + PHP 8.4 + WP 6.8.3) to debug the B8 filter and general stability with PHP 8.4.
- In the meantime, I strongly urge you to open your browser console (Developer Tools) and look for any JavaScript errors that appear when the page loads. I suspect you will find errors from a source other than CF7 AntiSpam, and those errors are the root cause of the “DOM Ready: loading” state and the subsequent failure of many client-side scripts, including mine, to execute.
Thank you again for the detailed report; I will let you know once I have found something on my end.
I checked for JavaScript errors and others that occur when loading the page through the browser console (developer tools) first of all and monitored them constantly during tests (network, cache disabled) – zero errors. If there were mistakes, it would probably be easier to determine the cause.
@lemurnick,
I have tried various methods and environments, but I am unable to identify your problem, which I believe is related to a conflict with some plugin at this point. You can see the blueprint of the plugin running nicely with php 8.4 with cf7 and flamingo without any errors (obviously it does not send emails, but the frontend js works).Could you tell me which plugins you have installed on your website? This could help me understand the problem. Thank you again for your cooperation.
All in One SEO
Asset CleanUp: Page Speed Booster
Async JavaScript
Autoptimize
Code Snippets
Contact Form 7
Deep Core
Elementor
Email Encoder - Protect Email Addresses
Flamingo
Head & Footer Code
ImageMagick Engine
Object Cache 4 everyone
ReCrawler
Smart Custom 404 Error Page
UpdraftPlus - Backup/Restore
WP Crontrol
WP Super Cache
WP-OptimizeMy plugins. If I can’t find the problem, it’s not a big deal. I’ll be checking this thread, and if there’s any news, I’ll install the plugin and test it for you.
Hi @lemurnick,
I’ve been investigating the root cause and I believe your problem, where the hidden fields are not being added, leading to theno_ip: Address field emptyerror, is related to a PHP hook not executing correctly on your site. This hook is responsible for adding the hidden fields to every form.I suspect you might be experiencing the exact same issue as this user (last message of the thread): https://wordpress.org/support/topic/form-no-longer-works-2/
Regarding your suggestions, I want to say that I take your input as good ideas for incoming improvements:
- Caching Check: The
_cf7a_versionfield, which currently helps verify spam, could certainly be used to check if the version displayed to users is cached. If a version mismatch is detected, we could detect it and ask the administrator (via mail) to refresh the website cache. - Update default options: I plan to activate only the most stable and “critical” checks by default. Users can then choose to activate higher protection levels if needed enabling, for example, advanced js fingerprinting only if needed.
I was also working in parallel on another free plugin that allows using an external SMTP service for sending emails with Contact Form 7. In that plugin, I added a hook that CF7 AntiSpam will also use to send you a daily/weekly spam report.
All these improvements (like others published in v0.7.x) were aimed at increasing stability and reliability. I sincerely apologize for the trouble you have experienced. Your detailed feedback is invaluable in making the plugin more robust for all users. I will keep you posted on any developments.
I figured out where the issue lies… this feature, which was actually introduced in version 0.7.0 and used to avoid loading all the frontend hooks if there is not at least one Contact Form 7 form on the page didn’t fire.
And that’s why everything is missing, scripts and fields that are created by PHP before the form. I’ll try to find a solution, but as you know, I also have to deal with a fix to the system I use for updates.
Ciao, Signore Erik.
Grazie mille per il lavoro svolto sulle correzioni.
I noticed the plugin had been updated to version 0.7.2 and tested it.
With the “Optimize scripts loading” checkbox unchecked, everything works correctly, and no errors occur.Grazie mille a te @lemurnick 🙂
I tried to implement some of the things we discussed, for example, if I find that the contact form page is cached (using the cf7a version field), after a few failed emails the plugin sends you an email.
Additionally, I have completely reworked the spam filters and now you can hook into the chain to add and remove filters, including add your own custom ones (examples here https://modul-r.codekraft.it/2025/11/developer-guide-customizing-cf7-antispam-filters/).
Also other minor changes for example a better debug section with the current website installed plugin list and some info about the system,
I hope everything is working fine now. But if that’s not the case, please open a support thread and usually I’ll try to fix it quickly. I try to keep the plugin up to date, but sometimes some changes have “unpredictable” effects on some installations, even though I try to test the plugin in every way possible.
ErikPS. FYI, I discovered another bug affecting 0.7.1 (fixed in 0.7.2), about encrypted fields (this). Anyhow I believe it wasn’t your case.
You must be logged in to reply to this review.
