Want to block contact form spam in WordPress? Here are 7 anti-spam techniques to help prevent spam emails in form submissions.
The events of 2020 sent global digitalization through the roof. That's good news for everybody with a website. It means expanding their online business could be easier. But with the good comes the bad...
Spam. It just seems to be everywhere. Considering that 30% of pages run on WordPress, the users of this platform can expect a lot of spam. And much of the spam email comes from simple contact forms.
In this post, we will go over a few ways to stop spam in WordPress contact forms. Unless you enjoy sifting through spam submissions manually!
Let’s get to it!
1. Completely block the IP address
Seems like the most obvious solution right? If only it were this simple!
If you see a repeat offender, you can block the whole IP address in the WordPress comment blocklist. With services like Cloudflare, you can even block whole countries.
Usually, you do not receive a spam contact form submission from an actual individual. Most spam comes from bots (programs that automatically post spam messages on every WordPress contact form that they can find). And to add to the fun - spammers use proxies (a wide range of fake IP addresses).
As you can see, blocking the IP address may protect you from an individual spammer, but not from bots. Blocking an IP is easy, but will not help you solve the problem easily. This will only work if you are constantly tracking spam IP addresses, but who has time for that?
This way, you can protect your contact forms and message field without ever lifting a finger.
3. Block spam with the honeypot method
The honeypot method is a 'sweet' form of contact form spam protection on WordPress sites. Here is how the honeypot method blocks spam. It creates a hidden field on your contact form page which is invisible to the visitors but is visible to the bot.
Hiding the field in plain sight from the human eye is easy - and will not disturb your visitors. But the bot scans the code of your page, so it sees the field anyway. As we discussed, bots submit the spam messages automatically, so they identify this “honeypot” field and fill it out.
When the bot tries to submit the contact form spam message, the honeypot feature will block it - as it will see that the “invisible field” is filled too. Gotcha!
If you are worried about difficult coding that you will have to do - worry not. Contact form plugins like Formidable Forms will make it a one-click action. A form builder like Formidable has tons of other spam protection features as well.
There a few other options that use the honeypot method. The Contact form 7 Honeypot plugin can extend the basic features of Contact Form 7 for example.
4. Use reCAPTCHA
Googles’ reCaptcha is designed to tell the difference between a human and a bot. They've made this tool widely accessible to developers. There's only one issue: if you aren't a developer, it can be a bit complicated.
This is where a plugin like Formidable Forms can help once again. With a few clicks, you can add a reCAPTCHA to your WordPress contact forms. If you can use a simple tool like a landing page builder, Formidable will be even easier.
Here is when things get interesting. You'll probably know this reCAPTCHA:
This new version of reCaptcha tracks the movement of your mouse after you click the box, if the movement is still suspicious you'll be clicking on boats, cars, and trains, to prove that you are not a spam bot.
This is one of the most widespread solutions at the present moment. Why? Because it works! It does not annoy the user that much and the mouse tracking is very hard to bypass by the bot.
But still, you want the perfect user experience right? Do you want to capture as many valid email addresses as possible? There are a few more ways you can prevent contact form spam in WordPress.
5. Invisible reCAPTCHA
Invisible reCaptcha is here to save the day! It tracks the mouse movement, but in the background while staying invisible. So while real human users are happily clicking and going through the pages, bots are blocked.
Invisible reCaptcha is available with one click in a WordPress contact form builder like Formidable, so it's a no-brainer for sure.
6. Custom spam protect form fields
Are you still looking for more contact form anti-spam for WordPress sites? We've got a couple more that could really help.
If you have a solid form builder, you have the option of creating your own!
You formulate questions and make the visitor answer it. As the questions and answers are unique for every site, bots have tough times breaking it.
One simple custom method: a math question. Ask something like “5+6=?” and let the user fill in the answer. While it is a very accessible solution, it still decreases the user experience a bit.
7. Install WordPress antispam plugins
No spam message blocking list would be complete without mentioning the WordPress anti-spam plugins.
The most used ones are Akismet, WordPress Zero Spam, and Jetpack. These plugins work independently from your contact form tools.
They also tap into databases of already known spam IP, so they can help to block the threat even before it appears.
Creating anti-spam protection on your WordPress site, while keeping the user experience high, will take some help. Luckily the methods we described in this post are easily accessible if you have the right tools.
For example, combining Invisible reCaptcha, Honeypot and one of the WordPress plugins will give you several layers of protections for stopping spam. The best part? None of those methods are intrusive for users!
We hope you've enjoyed today's article. If you found it useful, be sure to check back to the Formidable blog often! Bye for now.
Read more posts about anti-spam in WordPress
Formidable Forms is much more than an anti-spam tool. It's a complete website solution. Build forms plus more with one of our 100% guaranteed premium plans today!