How to view spam form submissions
If you’ve enabled WP Cerber’s anti-spam protection, the engine protects all or selected forms on your WordPress-powered website and denies attempts to submit spam. But how can we see submitted form data if a form submission was identified as spam? It’s possible by using Traffic Inspector logging capabilities.
Enable the logging
First of all, make sure that traffic logging is properly enabled in the Traffic Inspector settings.
- “Logging mode” is not set to “Logging disabled”
- “Save request fields” is enabled
Now, when a form is being submitted, all the form fields are saved to the Traffic Inspector log and can be viewed on the Live Traffic log page by clicking “Details” in an appropriate row.
View submitted forms
To view all submitted forms, go to the Live Traffic log page and click the small “Form submissions” button. To view submitted form fields, hover the mouse over the row and click the “Details” link. Note that it shows you all form submissions, including the WordPress comments form. To view forms denied as spam, use the advanced search.
Viewing submitted form fields in the Traffic Inspector log
Viewing spam form submissions only
To view all denied spam form submissions, click the “Advanced Search” button, select “Spam form submission denied” in the “Activity” field, and click the “Search” button under the search form. You will see all logged and denied spam form submissions.
Filtering out spam form submissions using the advanced search
Prevent saving sensitive data to the log
If a form field is intended to submit sensitive or personal data, you can disable saving data from such a field by adding the name of the form field to the “Mask these form fields” list. Now, before saving form fields to the log, real field values are replaced with asterisks. Hint: field names are shown in the “Form Fields” sections in the Traffic Inspector log.
Please know more on how to handle personal data in the logs from these articles: Deleting personal data from the logs and Exporting personal data from the logs.
Have any questions?
If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.
Spotted a bug or glitch?
We’d love to fix it! Share your bug discoveries with us here: Bug Report.
Cloudflare and WP Cerber
Why reCAPTCHA does not protect WordPress against bots and brute-force attacks
I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.