I don’t know a fix but I can point you in the direction to begin debugging.
First, in your wp-config.php file, add these three lines (or overwrite them if they’re already in the file):
define('WP_DEBUG', true); // Enable debug mode
define('WP_DEBUG_LOG', true); // Allow logging
define('WP_DEBUG_DISPLAY', false); // Don't display errors to site visitors
If you’re a dev and know where to stick this code, go ahead, otherwise, I suggest using the code snippets plugin, but add this:
/**
* Log Spam Submissions from Contact Form 7
*
* This hook is applied after metadata, posted data, and field
* validation runs. It executes before the before_send_mail hook.
*
* @hook wpcf7_spam
*
* @param bool $spam True if identified as spam, false otherwise.
* @param WPCF7_Submission $submission The submission object being validated.
*
* @return bool Returns true if identified as spam, false otherwise.
*/
function au_log_spam_submissions($spam, $submission) {
if(!$spam) {
return $spam; // Not identified as spam, so not something to worry about
}
// Get the reason and log it
$log = $submission->get_spam_log();
error_log('Spam form submission: ' . PHP_EOL . print_r(array(
'reason' => $log,
'submission' => $submission
), true));
// Return the original value
return $spam;
}
add_filter('wpcf7_spam', 'au_log_spam_submissions', 1000, 2); // Prioritize late
Then you’ll want to check your website’s source files where this file should now exist once a new form submission is made and detected as spam: https://your-website.com/wp-content/debug.log (if your environment is configured properly, you should see a forbidden page instead of the log and be forced to view the log file via FTP or SSH, but alas, that’s a security concern for another time).
When you’ve figured out the reason, let me know and I can help further. Or maybe you can figure it out from there ??
When it’s all solved, remember to turn off debug mode and you can remove the code snippet too.
