Protected Forms

Successor of Protected Permissions module. See #3281497: Protected Submissions has been renamed as Protected Forms

Description

Protected Forms is a light-weight, non-intrusive spam protection module that enables rejection of node, comment, webform, user profile, contact form, private message and revision log submissions which contain undesired language characters or preset patterns.

How it works

If a user attempts to add a content with a trigger pattern in the name, subject or any other textarea or textfield type fields, then the submission is rejected giving a preset error message.

Admins can configure any role's permission to Bypass Protected Forms validation.

The statistics for rejected submissions can be tracked on the Status Report page.

The rejected submissions can be viewed on the Recent log messages page.

Installation

Download and place the recommended version of the module in your website's modules directory, go to the Extend page (/admin/modules) and enable the Protected Forms module.

Alternatively, just run on CLI:

composer require drupal/protected_forms
drush -y en protected_forms

Configuration

Go to the Protected Forms configuration page on /admin/config/content/protected_forms, set the allowed language scripts, reject message text and the trigger patterns for rejection.

If you want to protect form submissions from only anonymous users, then make sure to go to Permissions page (/admin/people/permissions#module-protected_forms) and put a check mark for authenticated user role next to the Bypass Protected Forms validation option.

Troubleshooting

Report all issues on https://www.drupal.org/project/issues/search/protected_forms.