Someone tried to hack my form

Hi @noxerr

I hope you are doing good today.

Do you use any of those features in your form to protect it from spam:
https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#captcha-field
https://wpmudev.com/docs/wpmu-dev-plugins/forminator/#behavior-forms -> Security

Kind Regards,
Kris

I only have the honeypot or whatever protection. Nevertheless, my concern was more towards the fact that they are trying to inject code (about the spam protection I believe your plugin is very complete and offers a wide variety of options). I’m just guessing and hopping it has been programmed to sanitize any inputs but also I’m wondering if there’s anything I have to be careful with, such as while reading the input of the name from a php sript, or the comment input, since they may try to inject code

Hi @noxerr

This kind of input is sanitized and should cause any issues (apart from flooding the site with spammy submissions).

If you are using only honeypot it would be recommended to also use additional protection such as e.g. reCaptcha or hcaptcha. Some firewall on site/server (and even better a CDN with firewall) could also be a good shot as it always increases security level, including helping to mitigate/limit such injection attempts.

And yes, despite sanitization and any other measures you should be careful if you are reading submitted data directly – never trust the “raw data” and always make your scripts validate data in some way before they use them. Even if injection through form fails, there’s always a chance that somebody/something may be able at some point to inject malicious code directly into DB in some way at some point.

But getting back to the main question – yes, these submissions are sanitized.

Kind regards,
Adam

Hello @noxerr ,

We haven’t heard from you for some time now, so it looks like you don’t have more questions for us.

Feel free to re-open this ticket if needed.

Kind regards
Kasia