WP Armour is simple by design – most of the time it just works. But a handful of specific issues come up regularly. Here is how to diagnose and fix them.
Legitimate Form Submissions Being Blocked
The most common issue. A user reports their contact form submission was not received. Possible causes:
Browser autofill – some browsers fill all form fields including hidden ones, triggering the honeypot. Verify by asking the user which browser they used and whether they used autofill. The fix is to ensure WP Armour is updated to the latest version (which adds autocomplete="off" to honeypot fields) and to add the following to your theme’s functions.php if the issue persists:
add_filter('wp_armour_honeypot_field_attrs', function($attrs) {
$attrs['autocomplete'] = 'new-password'; // stronger hint to browsers
return $attrs;
});Password manager interference – some password managers (especially in fill-all-fields mode) trigger honeypots. Same fix as above.
JavaScript disabled – some WP Armour configurations use JavaScript to manipulate the honeypot field. Users with JavaScript disabled may have legitimate submissions blocked. Check whether your WP Armour version uses JS-based honeypots and whether this affects your specific audience.
Spam Still Getting Through
WP Armour is blocking nothing and spam keeps arriving. Check:
Is the honeypot field present? View page source on the form page and search for hp_ or wp_armour. If not present, WP Armour may not support that specific form plugin in the free version.
Is the spam from bots or humans? Check whether the submissions have realistic timing (humans take minutes to fill forms, bots take milliseconds). If timing is realistic, you may be dealing with human-operated spam that honeypots cannot catch.
Still getting spam through? Explain the situation and get a free estimate — a developer can usually fix this in under an hour.
WP Armour Not Working With a Specific Form Plugin
Check the WP Armour compatibility list. Free WP Armour supports Contact Form 7, WPForms, Gravity Forms, Ninja Forms, and WooCommerce. Other plugins may need WP Armour Extended. If your form plugin is not supported:
- Use your form plugin’s native honeypot option (most have this built in)
- Or add a custom honeypot field using your form plugin’s custom field options
- Or use a different anti-spam approach (Antispam Bee, CleanTalk) for that specific form type
Conflict With Caching Plugins
If your caching plugin serves fully cached HTML and the cached page includes a static honeypot field, all visitors get the same field name. Sophisticated bots that have seen this site before may learn to skip that specific field. More critically, some caching configurations strip custom form fields entirely.
Fix: exclude form pages from caching, or configure your caching plugin to serve dynamic content for form elements. In WP Rocket: add form page URLs to the “Never Cache” list. In LiteSpeed Cache: enable “Cache Vary” for pages with forms.