contact-form-7-recaptcha

This plugin is great! However, there’s currently a pretty major flaw with how it is implemented. The wpcf7_validate() function, which essentially checks to make sure the CAPTCHA check passed, only actually validates the CAPTCHA response if the ”contact_form_7_recaptcha” POST parameter is present. So, all a malicious user would need to do would be to simply omit ”contact_form_7_recaptcha” from the POST data… An alternative approach that isn’t vulnerable to this weakness would be to load the form itself from the DB and check to see if the recaptcha shortcode is present. If it is, then the validation would proceed. If it isn’t, then validation is unnecessary. Also, in its current form, the plugin doesn’t show any sort of feedback if the user fails to check the box. I modified script.js so that an error message (”Please check the box.”) is shown in this case.

Worked just fine, only tried/used regular Google Captcha, thank you!

This plugin causes Contact Form 7 (v4.7) to show the ’Sender’s message failed to send’, the fields don’t get cleared, and Flamingo puts the form data into spam. Please advise.

No problems so far, works.

Took a little time understanding the Google keys thingy but then was quite easy to integrate in Contact Forms 7.