diff --git a/routes/contactRoutes.js b/routes/contactRoutes.js
index 2ef28f8..b5bbc2d 100644
--- a/routes/contactRoutes.js
+++ b/routes/contactRoutes.js
@@ -1,5 +1,5 @@
-// The entire module is now a function that accepts 'contactController' as an argument.
-module.exports = (contactController) => {
+// The entire module is now a function that accepts 'contactController' and security middleware as an argument.
+module.exports = (contactController, securityMw) => {
     const express = require('express');
     const router = express.Router();
     const rateLimit = require('express-rate-limit');
@@ -12,17 +12,12 @@ module.exports = (contactController) => {
         message: "Too many requests from this IP, please try again after 15 minutes."
     });
 
-    // Define the route for form submissions
+    // Define the route for form submissions with all middleware
     router.post('/submit-form',
         apiLimiter,
-        // In-line honeypot check
-        (req, res, next) => {
-            if (req.body.url) {
-                console.warn('Bot detected! Honeypot field was filled.');
-                return res.status(200).json({ success: true, message: 'Thank you for your submission.' });
-            }
-            next();
-        },
+        // The security middleware is now a separate step,
+        // containing both the honeypot check and hCaptcha verification.
+        securityMw.formSecurityCheck,
         [
             // express-validator: sanitation and validation
             body('firstName').trim().escape(),
@@ -47,4 +42,4 @@ module.exports = (contactController) => {
 
     // Return the configured router
     return router;
-};
\ No newline at end of file
+};