Formidable Forms

Formidable Forms

  • Features
  • Pricing
  • Resources
    • Docs & Support
    • Blog
    • Community
  • Solutions
    • Web Applications
    • Calculators
    • Surveys
    • Directories
    • Payments
    • Contact forms
  • Login
  • Get Formidable Forms

Ryan Cordoni / Last Updated December 19, 2022

8 Ways to Block Contact Form Spam in WordPress

Want to block contact form spam in WordPress? Here are 8 anti-spam techniques to help prevent spam emails in form submissions.

How to block contact form spam in WordPress

The events of 2020 sent global digitalization through the roof. That's good news for everybody with a website. It means expanding their online business could be easier. But with the good comes the bad...

Spam. It just seems to be everywhere. Considering that 40% of websites run on WordPress, the users of this platform can expect a lot of spam. And much of the spam email comes from simple contact forms.

This post will go over a few ways to stop spam in WordPress contact forms. Unless you enjoy sifting through spam submissions manually!

Formidable Forms is the best WordPress Form Builder plugin. Get it for free!

Let’s get to it!

? Want to use hCaptcha spam protector on your website?: How to Use hCaptcha for WordPress Forms [Block Spam Easy!]

1. Completely block the IP address

Seems like the most obvious solution right? If only it were this simple!

If you see a repeat offender, you can block the whole IP address in the WordPress comment blocklist. With services like Cloudflare, you can even block whole countries.

Usually, you do not receive a spam contact form submission from a real person. Most spam comes from bots (programs automatically post spam messages on every WordPress contact form they can find). And to add to the fun - spammers use proxies (a wide range of fake IP addresses).

As you can see, blocking the IP address may protect you from an individual spammer but not from bots. Blocking an IP is easy but will not help you solve the problem easily. This will only work if you constantly track spam IP addresses, but who has time for that?

2. Add a JavaScript token to prevent form spam without captcha

The thing is, most spammers are not humans, so the JavaScript on your site isn't triggered. You are rarely spammed by individuals but usually by bots.

A JavaScript token is an autogenerated key your site creates when a human visits your WordPress site. Then, it's inserted into your forms without real visitors ever knowing it's there. The token is checked when a contact form is submitted. It resets every day or two, so spammers are always running behind.

This way, you can protect your contact forms and message field without ever lifting a finger.

3. Block spam with the honeypot method

The honeypot method is a 'sweet' form of contact form spam protection on WordPress sites. Here is how the honeypot method blocks spam. It creates a hidden field on your contact form page which is invisible to the visitors but is visible to the bot.

Hiding the field in plain sight from the human eye is easy - and will not disturb your visitors. But the bot scans the code of your page, so it sees the field anyway. As we discussed, bots submit spam messages automatically, identifying this “honeypot” field and filling it out.

When the bot tries to submit the contact form spam message, the honeypot feature will block it - as it will see that the “invisible field” is filled too. Gotcha!

If you are worried about difficult coding that you will have to do - worry not. Contact form plugins like Formidable Forms will make it a one-click action. A form builder like Formidable also has tons of other spam protection features.

There are a few other options that use the honeypot method. The Contact form 7 Honeypot plugin can extend the basic features of Contact Form 7, for example.

4. Use reCAPTCHA

Googles’ reCaptcha is designed to tell the difference between a human and a bot. They've made this tool widely accessible to developers. There's only one issue: it can be a bit complicated if you aren't a developer.

This is where a plugin like Formidable Forms can help once again. You can add a reCAPTCHA to your WordPress contact forms with a few clicks. If you can use a simple tool like a landing page builder, Formidable will be even easier.

reCAPTCHA v2

Here is when things get interesting. You'll probably know this reCAPTCHA:

invisible spam contact form protection

This new version of reCaptcha tracks the movement of your mouse after you click the box, if the movement is still suspicious, you'll be clicking on boats, cars, and trains to prove that you are not a spam bot.

This is one of the most widespread solutions at the present moment. Why? Because it works! It does not annoy the user that much, and the mouse tracking is very hard to bypass by the bot.

But still, you want the perfect user experience, right? Do you want to capture as many valid email addresses as possible? There are a few more ways to prevent contact form spam in WordPress.

5. Invisible reCAPTCHA

Invisible reCaptcha is here to save the day! It tracks the mouse movement but in the background while staying invisible. So while real human users happily click and go through the pages, bots are blocked.

Invisible reCaptcha is available with one click in a WordPress contact form builder like Formidable, so it's a no-brainer for sure.

6. ReCAPTCHA V3

Just in case you didn't have enough reCAPTCHA options... Here's another one to help stop contact form spam. V3 gives you invisible anti-spam but also scores every submission in a form. You choose what scores to block, and the rest is covered.

Over time, this reCAPTCHA learns more about your site by seeing real traffic. Then, website owners can adjust the score threshold to block more or less strictly. This could be a great way to stop human spammers too.

WordPress contact form spam protection with recaptcha v3 scoring

7. Custom spam protect form fields

Are you still looking for more contact form anti-spam for WordPress sites? We've got a couple more that could really help.

If you have a solid form builder, you can create your own!

You formulate questions and make the visitor answer it. As the questions and answers are unique for every site, bots have a tough time breaking them.

One simple custom captcha method: a math question. Ask something like “5+6=?” and let the user fill in the answer. While it is a very accessible solution, it still decreases the user experience a bit.

8. Install WordPress antispam plugins

Without mentioning the WordPress anti-spam plugins, no spam message-blocking list would be complete.

The most used ones are Akismet, WordPress Zero Spam, and Jetpack. These plugins work independently from your contact form tools.

They also tap into already-known spam IPs databases, so they can help block the threat even before it appears.

Wrapping up

Creating anti-spam protection on your WordPress site while keeping the user experience high will take some help. Luckily the methods we described in this post are easily accessible if you have the right tools.

For example, combining Invisible reCaptcha, Honeypot, and one of the WordPress plugins will give you several layers of protection for stopping spam. The best part? None of those methods are intrusive for users!

We hope you've enjoyed this article. If you found it useful, be sure to check back to the Formidable blog often!

Read more posts about anti-spam in WordPress

  • How to Use hCaptcha for WordPress How to Use hCaptcha for WordPress Forms [Block Spam Easy!]
    Read More
    How to prevent Spam Registration on WordPress The Best WordPress Spam Registration Prevention Methods
    Read More
    How to Add a Captcha to WordPress Contact Forms How to Add a Captcha to WordPress Contact Forms
    Read More

Formidable Forms is much more than an anti-spam tool. It's a complete website solution. Build forms plus more with one of our 100% guaranteed premium plans today!

Using WordPress and want to get Formidable Forms for free?

Get Formidable Forms Lite Now

This article may contain affiliate links. Once in a while, we earn commissions from those links. But we only recommend products we like, with or without commissions.

Comments

  1. Nat Miletic says

    November 9, 2020 at 8:27 am

    Thank you, this is great. I use the reCaptcha for this purpose but didn't know about these other options as well.

    Will use in the future.

    Reply
    • Steve says

      November 10, 2020 at 3:20 pm

      Glad this was helpful for you. Best of luck on all your current and future projects.

      Reply
  2. Debbie says

    November 9, 2020 at 9:25 am

    I always use reCaptcha. Thanks for making it so easy to use!

    Reply
    • Steve says

      November 10, 2020 at 3:21 pm

      Glad you like it. reCaptcha really is a great way to reduce spam in your WordPress forms. best of luck on your current and future projects.

      Reply
  3. Craig says

    November 9, 2020 at 2:29 pm

    Wow, I never knew about the HoneyPot method, this is a very valuable blog, thank you, signed not-a-bot

    Reply
    • Steve says

      November 10, 2020 at 3:23 pm

      Hi not-a-bot 😉

      Yeah, HoneyPot spam protection for WordPress forms is fairly new. It isn't always the most bullet-proof option for spam protection, but it is great to use in conjunction with other spam protection methods like reCaptcha or Akismet.

      Reply
  4. Connie Blakemore says

    November 9, 2020 at 3:10 pm

    HoneyPot method is a great tip!

    Reply
    • Steve Wells says

      November 10, 2020 at 3:26 pm

      Yep, It's a great tool. Glad the article helped.

      Reply
  5. Silvia Suria Torres says

    November 10, 2020 at 2:32 am

    I always used reCaptcha until it didn't work anymore, I never didn't know why, so I searched other methods like these. Thanks for the post!

    Reply
    • Steve says

      November 10, 2020 at 3:25 pm

      Yeah, it is strange that sometimes one spam protection method works and other times it doesn't. I think server and site configurations can play a big role in this. We always recommend using a Honeypot spam option in conjunction with something else like Akismet or reCaptcha.

      Reply
  6. Balint says

    November 10, 2020 at 10:31 am

    As someone who is starting his first blog, this post has been very helpful!

    Reply
    • Steve says

      November 10, 2020 at 3:23 pm

      Congratulations on starting your first blog. Glad you were able to find our blog and that it was useful for you. Best of luck.

      Reply
  7. Nitin Dabas says

    November 10, 2020 at 10:27 pm

    The honeypot method is just amazing! I'll definitely try it.
    Thanks for sharing the information.
    ~Nitin

    Reply
    • Steve Wells says

      November 11, 2020 at 2:29 pm

      Thanks for the comment. While it isn't always the best option by itself, honeypot spam control is a great way to beef up other spam protection methods like Akismet or reCaptcha.

      Reply
  8. Nitish Lakra says

    November 11, 2020 at 7:21 am

    I will follow these tips on my wp site.

    Reply
    • Steve Wells says

      November 11, 2020 at 2:29 pm

      Glad you liked the spam protection tips. If you haven't already, you can subscribe to our blog to get other super helpful tips to make your WordPress forms even better.

      Reply
  9. Abhishek Upadhyay says

    November 12, 2020 at 9:04 am

    I am literally getting tens of submissions every single day on my blog. I'll use all the techniques to reduce spam as much as possible.
    Thanks for helping me by posting this valuable piece of content.

    Reply
    • Steve Wells says

      November 12, 2020 at 1:59 pm

      Ugh, Spam is the worst. Sorry you are having trouble with it. Hope the tips and solutions in this article are helpful for you.

      Reply
  10. Elissa Hammond says

    November 12, 2020 at 8:27 pm

    So, spammers use proxies to spam with multiple IP addresses...I wonder if this works the same way with spam phone calls. I receive so many unwanted calls daily, ill block the number & they will call from another number the next day. Anyway, I think the idea you developed is a great one!

    Reply
    • Steve Wells says

      November 19, 2020 at 11:02 am

      Great idea...I'm not exactly sure how this would work, but the principles should do the trick if they can be applied to phone calls.

      Reply
  11. Nazmul Huda says

    November 17, 2020 at 11:32 am

    Thanks

    Reply
  12. James Heath says

    November 18, 2020 at 4:14 pm

    I have a few 'Contact Us' forms that have been absolutely blasted by spammers, so I've implemented honeypot, recaptcha, and a conditional check for Russian characters and links in the message field.

    Reply
    • Steve Wells says

      November 19, 2020 at 11:01 am

      That's a great idea to check for specific characters...Did you know you can use the Built-in blacklist from the WordPress Discussion settings page to block entries containing certain words?

      Reply
  13. Aditya Agarwal says

    November 19, 2020 at 11:56 am

    Is there any programatic way of implementing this, I did some code to block bots, yet I still get fake submittions

    Reply
    • Steve Wells says

      November 19, 2020 at 2:29 pm

      If you are using Formidable forms, you shouldn't need code to implement any of the above options. Otherwise, I am guessing something similar could be implemented programmatically, but that isn't something we can help with, Sorry!

      Reply
  14. FATHME GUL says

    November 20, 2020 at 12:55 pm

    REALLY USEFUL TO ME AS A NOVICE IN WORDPRESS, I HATE SPAM COMMENTS!

    Reply
  15. The Entrepreneur says

    November 21, 2020 at 12:46 am

    I'm still very new to WordPress and this world and I was not aware of any of these methods. I had started getting spam and was searching for solutions. Thank you so so much for this!

    Reply
  16. Jin says

    November 27, 2020 at 6:03 pm

    Formidable's ability to connect forms with Akismet is not only a huge lifesaver for us, but I think it's a bit of a hidden secret setting.

    After installing Akismet, check out this guide https://formidableforms.com/knowledgebase/add-spam-protection/#kb-akismet

    And make sure to turn on this setting.

    Lifesaver.

    Reply
  17. Bannersky.com says

    April 23, 2021 at 7:49 pm

    Another choice that can block submission base on field content. You may also use white list, email list and IP list to block spam.

    With your own keyword and apply them to a form field. The plugin will block submitting if the field content contains / same as one of your spam keyword.

    It also can be used to delete entry if spam keyword found.

    Reply
  18. Antideo says

    August 28, 2021 at 10:22 am

    Ryan, Formidable forms is one of the popular forms out there and hence it has become a target for spammers. You have listed some very important options to weed out spam. We would like to suggest the Antideo Email Validator plugin that works out of the box with Formidable Forms, to validate emails preventing disposable emails, free emails, emails from invalid domains, generic emails etc. You can also create and save your own email as well as domain blacklists.
    Ryan, it would be wonderful if you can include us in your blog as one of the options to further secure your contact forms

    Reply
  19. Ian says

    September 1, 2021 at 2:20 pm

    Hello, formidableforms.com. s

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get Email Updates

Popular Resources

    • How to Create a Searchable Database on a WordPress Site
    • Create a WordPress Custom Calculator: Easy, Powerful Results
    • How to Create a Fitness Tracker in WordPress
    • Formidable Views: The Best WordPress Custom Application Plugin
    • How To Require Email To Download Files in WordPress
    • How to Create Conditional Drop Down Lists in WordPress Forms
    • Best Gravity Forms Alternative for WordPress: Formidable Forms vs. Gravity Forms
    • How to Make a Quiz in WordPress
    • WPForms Alternative: Formidable Forms vs. WPForms Compared

Take on bigger projects Right Now

Get the tools you need to revolutionize your workflow and architect a masterpiece. Build the most advanced WordPress forms and actually use the data you collect in meaningful ways.

Get the most advanced WordPress form plugin and the only form builder with integrated Views.

Get Formidable Forms Now

Resources

  • Community
  • Affiliates
  • Contact
  • Free Online Form Builder

Top Features

  • Application Builder
  • Calculator Forms
  • Surveys & Polls
  • Quiz Maker
  • Form Templates
  • Application Templates
  • Directories
  • Donation Plugin

Company

  • About Us
  • Giving Back
  • Careers
  • Newsletter
  • WP Tasty
  • Nutrifox

Copyright © 2023 Strategy11, LLC. Formidable Forms® is a registered trademark Strategy11, LLC.
Privacy Policy | Terms of Service | Sitemap

Join 300,000+ using Formidable Forms to create form-focused solutions fast. Get Started See User Reviews