7+ Simple Ways To Block WordPress Contact Form Spam

Sick of WordPress contact form spam? We don't blame you! Here are 8 anti-spam techniques to help prevent spam form submissions.

Approximate read time: 5.5 minutes

Tired of sorting through spam messages from your WordPress contact forms? You're not alone. Spam quickly clutters an inbox and wastes precious time.

The good news?

There are simple ways to stop spam and keep your contact forms clean. And in this post, we'll share 7+ easy tips to block spam on your WordPress contact forms. With just a few small changes, you can spend less time dealing with spam and more time answering real people.

Here's how to stop spam on WordPress comment forms and contact forms:

1. Block the IP address

If you see a repeat offender, you can block the whole IP address in the WordPress comment blocklist. Just go open your WordPress dashboard and head to Settings → Discussion. Then, add them to the Disallowed Comment Keys list.

Or, if you're using a service like Cloudflare, you can even block whole countries.

But most of the time, spam contact form submissions come from bots — not real people. Unfortunately, spambots usually use proxies (a wide range of fake IP addresses).

Blocking the IP address may protect you from human spammers, but this method doesn't work against robots.

This strategy is only effective if you're constantly tracking spam IP addresses. And who has time for that?

2. Add a JavaScript token

Since most spammers aren't human, the JavaScript on your site isn't triggered. That's because an autogenerated JavaScript token is only created when a human visits your WordPress site.

Then, it's inserted into your forms without real visitors knowing it's there. The token is checked when a contact submits the form.

So, by having your site first check to see if a JavaScript token is being submitted with the form, you can instantly reject any entries that don't have the token.

And don't worry. We know seeing the word "JavaScript" can be scary. Especially if you're not an experienced developer. But with Formidable Forms, you can activate this spam prevention method in one click!

This way, you can protect your contact forms and message fields without lifting a finger or making users do annoying puzzles.

3. Block WordPress contact form spam with the Honeypot method

The honeypot method is a pretty sweet type of contact form spam protection. Get it?

Here's how the honeypot spam blocker works:

1. It creates a hidden field on your contact form page that is invisible to visitors but seen by bots.
2. Since the bot sees the honeypot field, it fills it out.
3. Then, when the bot tries to submit its contact form spam message, the submission is blocked because there's a form filled out that shouldn't be.

Gotcha!

And just like with the JavaScript token option, the best contact form plugins like Formidable Forms let you activate it with a button.

A few other form builders use the honeypot method to prevent contact form spam. For example, a honeypot plugin for Contact Form 7 adds anti-spam protection.

4. Use reCAPTCHA

Google’s reCAPTCHA is designed to tell the difference between a human and a bot. They've made this tool widely accessible to developers. There's only one issue: it can be complicated if you aren't a developer.

This is where a plugin like Formidable Forms can help once again. You can add a reCAPTCHA to a WordPress contact form in a few clicks.

Looking for a free alternative to Google reCAPTCHA? Check out Cloudflare Turnstile — you can add it to Formidable Forms too!

reCAPTCHA v2

Here is when things get interesting. You'll probably know this reCAPTCHA:

This checkbox reCaptcha v2 tracks your mouse's movement after you click the box. If the movement is suspicious, you'll click on boats, cars, and trains to prove you are not a spam bot.

This is one of the most widespread solutions currently available. Why? because it works! It does not annoy the user much, and the bot finds it very hard to bypass the mouse tracking.

But still, you want the perfect user experience. Do you want to capture as many valid email addresses as possible? There are a few more ways to block contact form spam in WordPress.

5. Add invisible reCAPTCHA

Invisible reCaptcha v2 is here to stop spam on WordPress contact forms! It tracks mouse movement but in the background while staying invisible. So, while real human users happily click and go through the pages, bots are blocked.

Invisible reCaptcha is available with one click in a WordPress contact form builder like Formidable.

6. Use reCAPTCHA

Just in case you didn't have enough reCAPTCHA options... Here's another one to combat contact form spam.

reCAPTCHA V3 gives you invisible anti-spam but scores every submission in a form. You choose which scores to block, and your site handles the rest.

Over time, this reCAPTCHA learns more about your site by seeing real traffic. Then, website owners can adjust the score threshold to block more or less strictly. This is a great way to stop human spammers, too.

👉 Learn how to add reCAPTCHA to WordPress contact forms.

7. Create custom spam protection form fields

If you have a solid form builder, you can create your own form and block spam emails in WordPress.

You formulate questions and ask the visitor to answer them. Because the questions and answers are unique to each site, bots have difficulty understanding them.

One simple custom captcha method: a math question. Ask something like “5+6=?” and let the user fill in the answer. While it is a very accessible solution, it still slightly decreases the user experience.

8. Install WordPress spam-blocker plugins

You can't finish an article about contact form spam protection in WordPress without mentioning anti-spam plugins.

The most popular ones are Akismet, WordPress Zero Spam, and Jetpack. These plugins work independently from your contact form tools.

They also tap into already-known spam IP databases so they can help block the threat even before it appears.

Ready to stop contact form spam on WordPress?

Creating anti-spam protection and security on your WordPress site while keeping the user experience high will require some help. Luckily, the methods described in this post are easily accessible with the right tools.

For example, combining Invisible reCaptcha, Honeypot, and one of the WordPress plugins will give you several layers of protection for stopping spam. The best part? None of those methods are intrusive for users!

For more top WordPress tips and tutorials, follow us on Facebook, Twitter, and YouTube.

Read more posts about anti-spam in WordPress

• Say Goodbye to Spam with Formidable’s WordPress Form Anti-Spam
  Read More

  9 Best reCAPTCHA Alternatives To Try Today!
  Read More

  What is Honeypot Anti-Spam? [And How To Use It!]
  Read More