Contact form spam is an annoyance every website owner deals with. No matter how big or small your site is, the spambots will target you anyways, flooding your inbox with useless messages.
It wastes your time as you have to sift through hundreds and thousands of entries to mark or delete the obvious spam and then determine if the others are actual people or bots disguised as them.
This blog discusses the methods to protect your WordPress site from contact form spam, from using the best WordPress security plugins to blocking traffic by IP addresses.
- What’s With Contact Form Spam Anyways?
- How to Stop Contact Form Spam – 7 Proven Tips
- 1. Use reCAPTCHA
- 2. Use a Custom CAPTCHA
- 3. Use Invisible reCAPTCHA (Aka No CAPTCHA)
- 4. Use the Honeypot Antispam Method
- 5. Use WordPress Antispam Plugins
- 6. Block Copy and Paste in Your Forms
- 7. Block Traffic by IP Address
- Protect Your Site Without Blocking Your Contact Form Completely
What’s With Contact Form Spam Anyways?
But before we start with the protection techniques, let’s first understand what contact form spams are and how exactly they can harm you and your business.
Spambots are automated computer programs built to submit false information to your contact form or email signup form. They look for ways they can take over your site, server, or email address to help them send out spam emails. Worse, they might even steal your email list, so they have a fresh batch of people to spam.
You may choose a secure WordPress hosting platform to drastically reduce the risks of such malicious activities. But by implementing other measures, you can reduce the risks of contact form spams to a minimum.
A contact form plugin can help you protect your site from hackers and make it a little harder for them to spam it. And there are several ways you can stop contact form spam with a WordPress plugin.
Managed WordPress Hosting Starting From $10/Month
Experience Cloudways optimized hosting and get instant speed & performance boosts.
So, let’s take a closer look at how you can protect your contact forms from spam.
How to Stop Contact Form Spam – 7 Proven Tips
There are some proven ways to stop spam in contact forms. This article will discuss the seven ways that will help your site from spamming. Let’s see them one by one.
1. Use reCAPTCHA
The reCAPTCHA part of your contact form is where site visitors click to prove they’re human when submitting your form. It will block spam submissions by verifying that a human is filling out your forms and blocks most spam attempts. Visitors tend to feel better when they see it because they see you’re serious about security for your site, and it can increase form conversions.
It’s also easy for people to use too. The original CAPTCHA security measures were sometimes hard for even people to get right, so Google changed it up in v2. Instead of typing a word or string of text, people can mouse over the checkbox, and the tool understands that it’s not an automated spam bot. If you use the v2 Invisible version, visitors are presented with an image-based question to make sure they’re not a spambot.
Here, visitors are asked to select all the squares in the picture with traffic lights. When they do, the Skip button turns into a Submit one and the contact form is submitted.
There’s also a reCAPTCHA v3 available, which uses a behind-the-scenes scoring system to track user behavior on your site and detect abusive traffic without asking visitors to do anything. Every user to your website is assigned a “spam score” based on what the tool considers suspicious activity (such as the user only navigating to the contact form and not looking at any other part of your website).
While using v3, there’s a chance you’ll prevent legitimate visitors from filling out your contact form, so you may want to use reCAPTCHA v2 instead to stop contact form spam.
If you don’t want to use Google’s anti-spam service, you can also add a custom CAPTCHA to your forms, where visitors will answer word-based or math questions before submitting their information.
2. Use a Custom CAPTCHA
With a custom CAPTCHA, you add custom word-based or random maths questions to your form to fight spam form submissions. Visitors must answer your custom questions correctly to submit their forms. Here, visitors are asked for the answer to 2 + 8 before they can submit their form information.
With WPForms, a WordPress contact form plugin, you can add several custom word questions that are cycled through randomly on the form with each page load. The random math questions might work a little better to stop spam, so you may want to consider changing these on a semi-regular basis, such as monthly (if your site is high-traffic) or quarterly (if it’s not). It’s up to you.
3. Use Invisible reCAPTCHA (Aka No CAPTCHA)
Some people call this the “no CAPTCHA” method since humans don’t have to see it at all, but in reality, it’s just an invisible reCAPTCHA method.
With invisible reCAPTCHA v2, visitors don’t see any extra fields like a challenge word or math question on your contact form before they submit it. Invisible reCAPTCHA v2 works when visitors try to submit the form.
- If it thinks you’re human, based on your behavior, it’ll complete the submission right away.
- If it suspects you’re a bot, it’ll ask you the challenge questions, either a checkbox you have to select or the image-based question.
4. Use the Honeypot Antispam Method
The honeypot method is another invisible way to protect your contact forms from spam. It hides a field in the code of your form that’s invisible to human visitors but is visible to spambots because they’re usually looking at the code of your form. These spambots are tricked into thinking it’s a valid form and so they fill it out. But your form knows that this particular field is the honeypot and rejects any submissions with it filled out (or when they’re filled out incorrectly, depending on how you’ve set it up).
Site visitors love it because it removes some of the friction they might feel when they see a challenge question, and it increases your form submission rates. There’s also the warm, secure feeling they get when they see the Google terms of service badge, which is the only thing they see when you enable this method on your form.
WPForms enables the honeypot method by default, so check your specific form builder’s settings in WordPress to make sure it’s enabled.
5. Use WordPress Antispam Plugins
You can also use antispam plugins like Akismet, WordPress Zero Spam, Antispam Bee, and JetPack that protect your entire site from spam entries.
These often work independently from your forms, protecting your website from spam comments and contact form submissions. (typically your comments and contact forms). They compare submissions to blacklists of words, names, and email addresses while some antispam plugins also let you add a CAPTCHA or other antispam method to your contact form. So before you start using any of these plugins, it is a good idea to go through their instructions and details,
6. Block Copy and Paste in Your Forms
Another way to protect your contact forms from spam is to disable right-click functionality on your WordPress site. This method will only protect your contact forms from human spammers who are copying and pasting their information into your forms. Also, you’ll have the added benefit of preventing others from stealing content from anywhere on your site.
7. Block Traffic by IP Address
If you’re noticing a lot of spambot action on your site, you can also block traffic from the IP addresses they’re coming from to protect your content form. While it also adds an extra layer of security to your site, it can block legitimate traffic from these IPs, so use this one at your own risk.
Add the IPs you want to block to the Comment Blacklist field on the Discussion settings page of your WordPress admin panel. Advanced site owners can do this through their web host cPanel or security plugin like Sucuri.
Protect Your Site Without Blocking Your Contact Form Completely
There you go, seven ways you can protect your WordPress site from contact form spam. You want to be able to hear from your site visitors, but not at the high time and energy cost of spambots. Choose your method wisely and add it to your site today.
Q: How do I stop spam from contact form in WordPress?
A: How to Stop Contact Form Spam on WordPress in 2021
- Use reCAPTCHA
- Use a Custom CAPTCHA
- Use Invisible reCAPTCHA (Aka No CAPTCHA)
- Use the Honeypot Antispam Method
- Use WordPress Antispam Plugins
- Block Copy and Paste in Your Forms
- Block Traffic by IP Address
Q: What is form spam?
A: Unwanted content by some bad actors into your website forms consider as spam. Automated bot traffic hit your contact forms with phishing messages or advertising links.
Danish Naseer is a WordPress Community Manager at Cloudways. He is passionate about designing, developing, and engaging with people to help them. He also actively participates in the community to share his knowledge. Besides that, he loves to watch documentaries, traveling and spending time with family. You can contact him at [email protected]