Protection from spam in webforms Vtiger module

Protection from spam in webforms Vtiger module

There is an interesting module in vtiger called Webforms. It can generate special html forms, which you can then easely insert into your site and receive leads directly to vtiger. Forms can be integrated with various modules - leads, contacts, counterparties, deals.

But this tool has one drawback - the possibility of spam hitting. Vtiger has developed an integration with ReCaptcha for this. But it does not always work out of the box and it does not suit everyone. If a client wants to leave a request on the site, then the presence of captcha may just scare him away.

I see several ways to protect the form from bots.

One option is to use a honeypot.

This is done as follows. You add a hidden field to the form, for example:

<input type="text" class="hot" value="">

And through the class "hot", you adjust the visibility of the field, hiding it from the page. I do not recommend using hidden, it is better to do it through styles.

Thus, an additional hidden field will appear on your screen, but which will be available to bots. Bots will think that this is some important field associated with the name and will insert values ​​into it.

Now it remains for us at the Vtiger level to check whether this field is filled or not. And if it is not empty, we will consider the request as spam. To do this, we need to edit the file:


And after these lines:

$moduleLanguageStrings = Vtiger_Language_Handler::getModuleStringsFromFile($currentLanguage);

vglobal('app_strings', $moduleLanguageStrings['languageStrings']);


Insert your code for field checking:

//honey pot field

        $honeypot = $request['unname'];

$returnURL = false;

try {

            //check if the honeypot field is filled out. If not, send a mail.

            if( $honeypot != '' ){

                throw new Exception ('Sorry, but we blocked your request due to antispam policy');

                return; //you may add code here to echo an error etc.



This way we can protect our form from software bots. And this is over 60% of spam. For more reliable protection, I recommend using a captcha.

Popular Posts

My most popular posts

Maximum productivity on remote job

Maximum productivity on remote job

I started my own business and intentionally did my best to work from anywhere in the world. Sometimes I sit with my office with a large 27-inch monitor in my apartment in Cheboksary. Sometimes I’m in the office or in some cafe in another city.

Hello! I am Sergey Emelyanov and I am hardworker
Business PHP

Hello! I am Sergey Emelyanov and I am hardworker

I am a programmer. I am an entrepreneur in my heart. I started making money from the age of 11, in the harsh 90s, handing over glassware to a local store and exchanging it for sweets. I earned so much that was enough for various snacks.

Hire Professional CRM developer for $25 per hour

I will make time for your project. Knowledge of Vtiger CRM, SuiteCRM, Laravel, and Vue.js. I offer cooperation options that will help you take advantage of external experience, optimize costs and reduce risks. Full transparency of all stages of work and accounting for time costs. Pay only development working hours after accepting the task. Accept PayPal and Payoneer payment systems. How to hire professional developer? Just fill in the form