Sick of WordPress contact form spam? We don't blame you! Here are 8 anti-spam techniques to help prevent spam form submissions.
Approximate read time: 5.5 minutes
Spam. It just seems to be everywhere. And if you're running a website, a lot of it comes from contact and comment forms.
Today, we'll focus on the different ways to block WordPress contact form spam so you'll no longer need to waste hours sifting through spam emails.
But depending on how your blog comment section is set up, these tactics may work to fight spam comments on your WordPress site too.
If you're ready to save time and instantly clean up your email inbox, keep reading!
Here's how to stop spam on WordPress comment forms and contact forms:
1. Block the IP address
If you see a repeat offender, you can block the whole IP address in the WordPress comment blocklist. Just go open your WordPress dashboard and head to Settings → Discussion. Then add them to the Disallowed Comment Keys list.
Or, if you're using a service like Cloudflare, you can even block whole countries.
But most of the time, spam contact form submissions come from bots. 🤖 Not real people.
And unfortunately, spambots usually use proxies (a wide range of fake IP addresses).
So blocking the IP address may protect you from human spammers, but this method doesn't work to fight the robots.
Plus, this strategy is only effective if you're constantly tracking spam IP addresses. And who has time for that?
Then, it's inserted into your forms without real visitors ever knowing it's there. The token is checked when a contact submits the form.
This way, you can protect your contact forms and message fields without lifting a finger and without making users do any annoying puzzles.
3. Block WordPress contact form spam with the honeypot method
The honeypot method is a pretty sweet type of contact form spam protection. Get it? 😉
Here's how the honeypot spam blocker works:
- It creates a hidden field on your contact form page that's invisible to visitors but is seen by bots.
- Since the bot sees the honeypot field, it fills it out.
- Then, when the bot tries to submit its contact form spam message, the submission is blocked because there's a form filled out that shouldn't be.
There are a few other form builders that use the honeypot method to prevent contact form spam. For example, there's a honeypot plugin for Contact Form 7 that adds this type of anti-spam protection.
4. Use reCAPTCHA
Google’s reCaptcha is designed to tell the difference between a human and a bot. They've made this tool widely accessible to developers. There's only one issue: it can be a bit complicated if you aren't a developer.
This is where a plugin like Formidable Forms can help once again. You can add a reCAPTCHA to a WordPress contact form in a few clicks.
Here is when things get interesting. You'll probably know this reCAPTCHA:
This new version of reCaptcha tracks the movement of your mouse after you click the box, if the movement is still suspicious, you'll be clicking on boats, cars, and trains to prove that you are not a spam bot.
This is one of the most widespread solutions at the present moment. Why? Because it works! It does not annoy the user that much, and the mouse tracking is very hard to bypass by the bot.
But still, you want the perfect user experience, right? Do you want to capture as many valid email addresses as possible? There are a few more ways to block contact form spam in WordPress.
5. Add invisible reCAPTCHA
Invisible reCaptcha V2 is here to save the day! It tracks mouse movement but in the background while staying invisible. So while real human users happily click and go through the pages, bots are blocked.
Invisible reCaptcha is available with one click in a WordPress contact form builder like Formidable, so it's a no-brainer for sure.
6. Use reCAPTCHA V3
Just in case you didn't have enough reCAPTCHA options... Here's another one to help stop WordPress contact form spam.
reCAPTCHA V3 gives you invisible anti-spam but also scores every submission in a form. You choose which scores to block, and your site handles the rest.
Over time, this reCAPTCHA learns more about your site by seeing real traffic. Then, website owners can adjust the score threshold to block more or less strictly. This is a great way to stop human spammers too.
7. Create custom spam protection form fields
Are you still looking for more contact form anti-spam for WordPress sites? We've got a couple more that could really help.
If you have a solid form builder, you can create your own spam blocker!
You formulate questions and make the visitor answer them. As the questions and answers are unique for every site, bots have a tough time breaking them.
One simple custom captcha method: a math question. Ask something like “5+6=?” and let the user fill in the answer. While it is a very accessible solution, it still decreases the user experience a bit.
8. Install WordPress spam-blocker plugins
No contact form spam protection for WordPress article would be complete without mentioning anti-spam plugins.
The most popular ones are Akismet, WordPress Zero Spam, and Jetpack. These plugins work independently from your contact form tools.
They also tap into already-known spam IP databases, so they can help block the threat even before it appears.
Ready to stop contact form spam on WordPress?
Creating anti-spam protection on your WordPress site while keeping the user experience high will take some help. Luckily the methods we described in this post are easily accessible if you have the right tools.
For example, combining Invisible reCaptcha, Honeypot, and one of the WordPress plugins will give you several layers of protection for stopping spam. The best part? None of those methods are intrusive for users!
Read more posts about anti-spam in WordPress
Formidable Forms is much more than an anti-spam tool. It's a complete website solution. Build forms plus more with one of our risk-free premium plans today!