How to Reduce Contact Form Spam in WordPress
- Home
- How to Reduce Contact Form Spam in WordPress
Are you getting a large number of spam messages through your contact form? It can be annoying and time-consuming to handle.
The good news is that WordPress offers automated methods to prevent spam. There are different ways to reduce and block contact from spam in WordPress.
Unseen Spam, Serious Consequences
Why You Need To Stop Contact Form Spam?
Description
Contact form spam is almost always automated. Even for small, little-known websites, it’s a problem as it’d be carried out by “spammers” that automatically send unwanted spam.
These spambots are bots that crawl websites and look for insecure forms so that they can send you spammy links. They may also try brute force attacks to break into your login forms. It is why it’s so important to have a strong password.
Sometimes, they can also look for vulnerabilities in your website’s forms, so they can use them to send malware or spam to other people. These unwanted messages aren’t just annoying; they’re also a nuisance. Automated bots can be dangerous to your website, reputation, and business.
Spam is a significant issue with contact forms on WordPress sites – both on the sites we design and on a global scale. As the most popular free WordPress contact form plugin, Contact Form 7 is exceptionally focused on blocking spam. Spam contact structure entries can be a significant issue for WordPress sites with high traffic, receiving numerous spam emails daily. These are poorly arranged and make it hard to recognise the authentic messages in the spam.
Stop Spam. Protect Your WordPress Contact Forms.
How to Reduce Junk Submissions on Your Site?
Junk submissions are a massive issue with forms on your site – both the sites we design and on a global scale. These are poorly arranged and make it hard to recognise the authentic messages in the spam. Spam contact structure entries can be a significant issue for WordPress sites with high traffic, as they receive numerous spam emails daily. As the most mainstream free WordPress contact form plugin, Contact Form 7 is exceptionally focused on spammers.
Fast Forms, Safer Submissions
How to Stop Contact Form Spam?
1. Use reCAPTCHA
Description
The reCAPTCHA part of your contact form is where site visitors click to prove they’re human when submitting your form. It will block spam submissions by verifying that a human fills out your forms and blocks most spam attempts. Visitors tend to feel better when they see it because they see you’re serious about security for your site, and it can increase form conversions.
It’s also simple for people to utilise as well. The first CAPTCHA security efforts were somewhat strenuous for even experienced users to get right, so Google made adjustments in version 2. Instead of typing a word or string of text, people can mouse over the checkbox, and the tool understands that it’s not an automated spam bot. If you use the v2 Invisible version, visitors are presented with an image-based question to ensure they’re not a spambot.
There’s also a reCAPTCHA v3 available, which uses a behind-the-scenes scoring system to track user behaviour on your site and detect abusive traffic without asking visitors to do anything. Every user to your website is assigned a “spam score” based on what the tool considers suspicious activity (the user only navigating to the contact form and not looking at any other part of your website).
While using v3, there’s a chance you’ll prevent legitimate visitors from filling out your contact form, so you may want to use reCAPTCHA v2 instead to stop contact form spam.
If you don’t want to use Google’s anti-spam service, you can also add a custom CAPTCHA to your forms, where visitors will answer word-based or math questions before submitting their information.
2. Use a Custom CAPTCHA
Description
With a custom CAPTCHA, you add custom word-based or irregular math questions to your form to battle spam form entries. Here, visitors are asked for the answer to 2 + 8 before they can submit their form information. Visitors should respond to your custom inquiries accurately to submit their forms.
With a WordPress contact form plugin, you can add a few custom word questions that are cycled through randomly on the form with each page load. The irregular numerical problems may work a little better to stop spam, so you may want to consider changing these on a semi-regular basis, for example, monthly (if your site is high-traffic) or quarterly (if it’s not). It’s up to you.
3. Use Google Invisible reCAPTCHA
Description
If you want to secure your contact forms without requiring users to tick a box, Google’s Invisible reCAPTCHA is the perfect solution.
Unlike the standard reCAPTCHA, the invisible version doesn’t display a checkbox. Instead, it silently monitors user behavior when the form is submitted. If Google suspects the submission is from a bot, it will then trigger additional verification.
To use this feature with WPForms, simply follow these steps:
- 1. When registering your site with Google reCAPTCHA, select "Invisible reCAPTCHA badge" instead of the usual "I'm not a robot" checkbox option.
- 2. In your WordPress dashboard, navigate to WPForms » Settings, click on the reCAPTCHA tab, and choose "Invisible reCAPTCHA v2".
- 3. Add the reCAPTCHA field to your form. The invisible reCAPTCHA will now be active.
Visitors will see the reCAPTCHA logo at the bottom-right corner of your site. Clicking it reveals links to Google’s privacy policy and terms of service. Make sure to also reflect this in your own website’s privacy policy for transparency.
4. Use the Honeypot Antispam Method
Description
The honeypot method is another invisible way to protect your contact forms from spam. It hides a field in the code of your form that’s invisible to human visitors but is visible to spambots because they’re usually looking at the code of your form. These spambots are tricked into thinking it’s a valid form, so they fill it out. But your form knows that this field is the honeypot and rejects any submissions filled out (or when they’re filled out incorrectly, depending on how you’ve set it up).
Site visitors love it because it reduces some of the friction they might feel when they encounter a challenging question, thereby increasing your form submission rates. There’s also the warm, secure feeling they get when they see the Google terms of service badge, which is the only thing they see when you enable this method on your form.
WPForms enables the honeypot method by default, so check your specific form builder’s settings in WordPress to make sure it’s enabled.
5. Use WordPress Antispam Plugins
Description
You can also utilise antispam plugins like Antispam Bee, Akismet, WordPress Zero Spam, and JetPack that protect your entire website from spam entries.
These often work independently from your forms, protecting your website from spam comments and contact form submissions. (typically your comments and contact forms). They compare submissions to blocklists of words, names, and email addresses, while some antispam plugins likewise let you add a CAPTCHA or other antispam method to your contact form. So, before you start utilising any of these plugins, it is a good idea to go through their instructions and details.
6. Block Copy and Paste In Your Forms
Description
An additional way to protect your contact forms from spam is to disable right-click functionality on your WordPress site. This method will only protect your contact forms from human spammers who copy and paste their information into your forms. Also, you’ll have the added benefit of stopping others from stealing content from anywhere on your site.
One way is to download and install a plugin that disables right-clicking everywhere on your sites, such as WP Content Copy Protection & No Right Click and Disable Right Click For WP.
7. Block Traffic by IP Address
Description
If you’re noticing a lot of spambot action on your site, you can also block traffic from the IP addresses they’re coming from to protect your content from them. While it also adds an extra layer of security to your site, it can block legitimate traffic from these IPs, so use this one at your own risk.
Add the IPs you want to block to the Comment Blacklist field on the Discussion settings page of your WordPress admin panel. Advanced site owners can do this through their web host’s cPanel or a security plugin, such as Sucuri.
Testimonials
Some Of Our Awesome Fans
Listen to what others are saying about how easy and intuitive Fix Hacked Site Is…
"My website was vulnerable to those who seek to invade and I fortunately discovered the Fixhackedsite website. The team quickly secured me from the predators and suggested a few changes to my site. Frankly my site was a bit drab and non-engaging so I had the team rebuild it and I couldn’t be happier. The site is now looking like it belongs in 2022 and is secure – very satisfied with the service and expertise. My business is relatively small but ticking along nicely with good activity from the contact form and turnover is increasing. Fixhackedsite now fully maintain my site and host it – highly recommend their services."
Geoff Pyne
Owner/Manager
"I want to say how important you have been to the display and operation of my website. You have imaginatively redesigned my website in a way that has attracted much praise and attention, helping to draw many more visitors to the site. In addition, you have helped with the daily updating of the site — an essential need for any owner. You have proven to be always available to help me at any time of the day or night. I can’t recommend more highly for your superb work."
Steve Schlesinger
Owner
""I can’t say enough good things about Fixhackedsite web design and hosting. I’ve been working with Fixhackedsite for 2 years and they are the best in the business. They do excellent work at an unbelievable price, and are always available to help with any problems that come up. I’m a small business owner, so I don’t have a huge budget for my marketing needs, but I get more leads than ever before and I’m always happy to refer them to my friends for their website design needs."
Dave Wynn
Owner
Common Questions
Frequently Asked Question
It’s probably not targeted at your site. Websites frequently run the same software as countless others, and hackers will find vulnerabilities that they can exploit en masse.
A fixed fee of $77. Additionally, you can get the clean included in our monthly maintenance plan (from $37/mo). Or, if you would like us to live scan your site for malware every day, this is only $3 a month! Check out our pricing page now.
Yes, we are here all day, every day. We maintain and monitor sites for customers too, which means we need to be available in case of emergencies or urgent updates.
We are an international team of highly experienced website malware removal specialists, primarily based in the US, UK, and the Philippines, perfectly placed to work across all time zones to fix your site as fast as possible so you can get back to business.
If you have a backup, then yes, rollback. However, you need to fix the underlying vulnerability. Likewise, beware that a hack can lie dormant for some time before its effects become visible.
When we have the logins we need, you can leave us to it. We’ll email you when we have an update.
If your website shared hosting space with another site (for instance, in one cPanel account), this could be the reason. It’s unlikely that the web host has a problem, but it’s not unheard of.
Once you place an order utilizing the button above, a thread will be started with our engineers. They’ll gather any more information we need from you and keep you updated on the task status.
Yes, please call us on 0844 995 1012