Announcing One-Time Password 4.0

We’re pleased to announce the recent release of One-Time Password for Gravity Forms version 4.0.

This latest version adds an exciting new feature, the Cooldown setting, which takes spam protection to another level by setting a limit on how often a verification code can be sent.

One-Time Password’s Cooldown Setting

The Cooldown setting in a One-Time Password (OTP) field prevents spam by blocking repeated, rapid requests for new codes within a short time window, forcing a delay before each attempt. This restriction makes automated attacks or mass submissions impractical, dramatically reducing the ability for bots or malicious users to flood forms with fake or repeated requests.

In the Cooldown section of the OTP field, you simply set the minimum time, in seconds, that must pass before another One-Time Password can be requested. The maximum cooldown time is 60 seconds.

How OTP with Cooldown works on the front end

Rate Limiting: After a user requests an OTP, the cooldown timer starts; any further requests for a code during this period are denied, which blocks automated scripts from spamming the request endpoint

User Notification: The system informs users how long they must wait before requesting another code, discouraging both accidental repeat submissions and malicious attack attempts.

Support for Multiple One-Time Password Fields

You can now add multiple One-Time Password fields to the same form, perfect for workflows that need both email and phone verification.

As long as your form includes at least one Email field and one Phone field, you’re free to add up to two One-Time Password fields. Each OTP field must be linked to a different type of source: one can be configured to send codes via email, and the other via SMS. This setup gives you even more flexibility to build robust, user-friendly verification flows. No custom code required.

One-Time Password stops spam in its tracks

When you need an easy, no-code method for preventing spam in your Gravity Forms entries, then One-Time Password is your friend.

You can implement easy verification on your forms and stop spam submissions before they happen. No more sorting through bogus entries to get to the actual data you need to process.

One-Time Password sends a verification code via email to the user attempting to submit the form. Once they enter the code, they can then click the Submit button. OTP is super easy to set up and unobtrusive for your visitors.

Release Notes

  • Added a field setting to limit how often a One-Time Password can be requested.
  • Added support for multiple One-Time Password fields on a form.
  • Fixed One-Time Password field not running when embedding multiple forms containing a One-Time Password field on a page.

Stay in our orbit.

Subscribe to our newsletter.