WordPress Security How To
Posted By Gregory

How to view spam form submissions

If you’ve enabled WP Cerber’s anti-spam protection, the engine protects all or selected forms on your WordPress-powered website and denies attempts to submit spam. But how can we see submitted form data if a form submission was identified as spam? It’s possible by using Traffic Inspector logging capabilities.

Enable the logging

First of all, make sure that traffic logging is properly enabled in the Traffic Inspector settings.

  1. “Logging mode” is not set to “Logging disabled”
  2. “Save request fields” is enabled

Now, when a form is being submitted, all the form fields are saved to the Traffic Inspector log and can be viewed on the Live Traffic log page by clicking “Details” in an appropriate row.

View submitted forms

To view all submitted forms, go to the Live Traffic log page and click the small “Form submissions” button. To view submitted form fields, hover the mouse over the row and click the “Details” link. Note that it shows you all form submissions, including the WordPress comments form. To view forms denied as spam, use the advanced search.

Viewing submitted form fields in the WordPress traffic log

Viewing submitted form fields in the Traffic Inspector log

Viewing spam form submissions only

To view all denied spam form submissions, click the “Advanced Search” button, select “Spam form submission denied” in the “Activity” field, and click the “Search” button under the search form. You will see all logged and denied spam form submissions.

Viewing spam form submissions

Filtering out spam form submissions using the advanced search

Prevent saving sensitive data to the log

If a form field is intended to submit sensitive or personal data, you can disable saving data from such a field by adding the name of the form field to the “Mask these form fields” list. Now, before saving form fields to the log, real field values are replaced with asterisks. Hint: field names are shown in the “Form Fields” sections in the Traffic Inspector log.

Please know more on how to handle personal data in the logs from these articles: Deleting personal data from the logs and Exporting personal data from the logs.

Have any questions?

If you have a question regarding WordPress security or WP Cerber, leave them in the comments section below or get them answered on the community forum.

Spotted a bug or glitch?

We’d love to fix it! Share your bug discoveries with us here: Bug Report.

I'm a software engineer and team lead at Cerber Tech. I started coding in 1993 on IBM System/370 and today software engineering at Cerber Tech is how I make my living.

View Comments
There are currently no comments.