/wp-content/plugins/
directory.The blocking function is implemented by JavaScript(AJAX) and invisible 2 input fields.
The first input-form is input token-code by JavaScript.When submit button was pushed, AJAX goes to have token-code. This fields is hidden by JavaScript. The spam-bots can not set valid token-code. - the message will be blocked because it is spam-bots.
The second input-form is honeypot fields.this fields is hidden by css-define. This field is hidden for the user and user will not input to it.so it's empty everytime. But spam-bots is tricked, and something is input - the message will be rejected because it is spam-bots.
When you choose 'Contact Forms' in the admin menu, it's shown report. it is displayed count of blocked. and show the rejected post-data.(The latest 10 cases)
the log data are max 10 records.It's overwritten from old data.
The visiter can post message without JavaScript.when must be enter token-code manualy.