Formidable includes several built-in options for spam protection. Each of the options below will stop spam by preventing the entry from being submitted if it appears to be spam.
Honeypot is a type of invisible spam protection. Normal users won't be affected by this spam protection. Suspicious submissions will be marked as spam and Formidable will prevent the entry from being submitted.
This feature is enabled by default on all forms and does not require additional configuration.
Empty field above form
If the Formidable styling is missing from the page, you may see the empty form field at the top of each form. If you see this extra field with the label 'If you are human leave this field blank', follow these steps:
- Clear any caching from your site (i.e. from a plugin, or from your host) and then refresh the page.
- If the issue persists, go to the Formidable → Global settings page and click the Save Style at the bottom of the page.
Akismet saves you time by automatically detecting and preventing spam. It runs hundreds of tests on each entry and determines whether or not to allow form submission. As a result, you don't have to waste your time sorting through and deleting spam entries. Follow the directions below to set it up.
- Go to your WordPress plugins. Install and activate Akismet.
- Sign up for an Akismet API key. Akismet may require a paid subscription depending on the type of site you have.
- Go to your Akismet Settings and save your API key.
- For each form you would like protected, go to edit the form and click on the 'Settings' tab. Under the section 'On Submit' you should see 'Use Akismet to check entries for spam for' at the bottom of the page.
You can set Akismet to check entries for no one, everyone, or visitors who are not logged in.
If you are seeing an error message like Your entry appears to be spam, you might have an email address or URL that is getting flagged. Please contact Akismet directly and ask them to whitelist it for you.
reCAPTCHA is a script that judges whether a user is a human or a robot. You have probably seen some variation of reCAPTCHA.
CAPTCHAs are used by many websites to prevent abuse from 'bots', or automated programs usually written to generate spam. Bots cannot easily submit forms protected by reCAPTCHA. Learn more about setting up reCAPTCHA in your forms.
In addition to Honeypot spam protection, every form submission goes through the comment blacklist checks. This not only allows you to add custom terms to the comment blacklist, but also allows several spam protection plugins to integrate without any extra effort.
To add words, IPs, or urls to your blacklist, go to the WordPress Settings → Discussion page. Add values in the Comment Blacklist box, following the WordPress instructions: One word or IP address per line. It will match inside words, so "press" will match "WordPress".
When a form submission is determined to be spam, an error message appears:
Your entry appears to be blacklist spam!
To disable blacklist spam checks, use the frm_check_blacklist hook.
The following third-party plugins may also be used for spam prevention:
- Anti-Spam by CleanTalk