Extend the built-in anti-spam system with custom rules.
Block Specific Email Domains
php
add_action( 'formforge_before_submit', function( $form_id, $data, $form ) {
$blocked_domains = [ 'tempmail.com', 'throwaway.email', 'mailinator.com' ];
foreach ( $data as $field_id => $field ) {
if ( ( $field['type'] ?? '' ) !== 'email' ) continue;
$domain = substr( strrchr( $field['value'], '@' ), 1 );
if ( in_array( strtolower( $domain ), $blocked_domains, true ) ) {
wp_send_json_error( [
'message' => 'Please use a real email address.',
'errors' => [ $field_id => 'Disposable email addresses are not allowed.' ],
] );
}
}
}, 5, 3 );Rate Limiting by IP
php
add_action( 'formforge_before_submit', function( $form_id, $data, $form ) {
$ip = $_SERVER['REMOTE_ADDR'] ?? '';
$transient_key = 'ff_ratelimit_' . md5( $ip );
$count = (int) get_transient( $transient_key );
if ( $count >= 5 ) {
wp_send_json_error( [
'message' => 'Too many submissions. Please try again later.',
] );
}
set_transient( $transient_key, $count + 1, 300 ); // 5-minute window
}, 1, 3 );Keyword Blacklist
php
add_action( 'formforge_before_submit', function( $form_id, $data, $form ) {
$blacklist = [ 'buy now', 'click here', 'free money', 'casino' ];
foreach ( $data as $field_id => $field ) {
$value = strtolower( $field['value'] ?? '' );
foreach ( $blacklist as $keyword ) {
if ( strpos( $value, $keyword ) !== false ) {
wp_send_json_error( [ 'message' => 'Submission rejected.' ] );
}
}
}
}, 5, 3 );—