I get a lot of spam mails through the public available forms. I use the honypot field but looks like spam-bots are too clever to get trapped.
Also I want to avoid using google captcha as long as there are other autmated solutons.
After some search for best-practice I came across two ideas for detecting form spam:
The first one uses a hidden field with a timestamp and and compares the submitted timestamp with the current time. if the delta is below a certain time it´s likley that there was no human involved. I guess this is something which has to be implemented in the plugin itself.
Spam-bots want to share URLs. All of the spam-mails i have in the inbox contain an URL in the message-field. But it doesn´t make sense to write about URLs in my forms, so I thought about adding a
validation.patternthat checks for URL-strings. Basically checking for “http://” would be enough.
For this approach I need some help. How would a validation pattern look like, that is falsey when a URL is included?
And does it work to have
and also a functional
Thanks and all the best