Fed up with spam entrances in your contact form?
If your form is not protected, you will see spam registrations and signups selling products and services. Apart from the fact that this is annoying, the real problem is that genuine contacts might get lost in this mess.
This article will reveal to you exactly how to use anti-spam tools to quit spam in contact forms.
Why are you receiving spam form submissions?
If you’re wondering, “Why me? Why am I obtaining spam?” The straightforward solution is that you leave your type unprotected.
Spam for contact forms is usually generated by bots programmed to search the Internet and find unprotected forms.
You then fill it out with a predetermined message and submit the form. In the end, you receive a random form :
Spambots don’t pay attention to the size or popularity of your website, so this type of spam is a problem even for small and brand-new websites.
Why do you require to protect your contact form?
Spam via contact forms is undoubtedly annoying, but there’s a bigger problem with unsecured forms: the risk of being hacked.
Those emails you receive most likely come from phishing sites that try to steal your information. They can then misuse it for their benefit.
Some spambots even attempt to get into your website.
They use an atactic called brute force, where they try to guess your username and password. If successful, they use your website to spread more spam and malware to other people, including your contact list.
Spambots also perform injection attacks. How do they do it?
The information became part of the get in touch with type is stored in your database. These bots enter malicious code into your form, infecting your database when submitted.
So, spam via contact forms is not only annoying but also dangerous!
Prevent contact form spam
The best method to protect your contact form is to choose a reliable form plugin that will handle form security.
WPForms is the best form builder and has built-in spam protection. This way, spam will be blocked automatically, and you can even take further preventive measures to avoid spam.
With WPForms, you don’t need multiple tools to create your form and protect it. It takes care of everything for you. Here’s what you can expect with WPForms.
- Create any type of form with pre-built templates.
- The easy drag-and-drop builder is suitable for beginners as well
- Built-in honeypot and the latest spam prevention methods
- Easily enable reCAPTCHA and custom CAPTCHA protection
- Free version and affordable paid plans are available
Create a contact form with WPForms
You must set up and turn on WPForms on your website to get started. You can, after that, access WPForms from your WordPress control panel.
You’ll see that there are pre-made templates, so it’s easy to create a contact form in less than 5 minutes.
Create a callback request form
You can include, remove, and edit fields using the drag-and-drop form builder. And when you’re happy with it, just save your form.
WPForms drag and drop editor
Then you can embed the form in any page, post, or sidebar using the WPForms widget.
Add WPForms in the Block Editor
Since you have developed your get in touch with form, let’s take a look at how you can secure your call kind with WPForms. Below’s a tabulation of what we’ll cover.
- WPForms Anti-Spam Token
- Google reCAPTCHA
- ReCaptcha
- WPForms Personalized CAPTCHA Addon
- Block or allow details email addresses on your kinds
1. WPForms Anti-Spam Symbol
WPForms automatically enables anti-spam defense on every kind you develop, whether you are the free version or the premium version.
It spots bots as well as avoids their kind entry from being submitted. This way, you won’t be confronted with spam entries from the very beginning.
Your visitors also don’t have to take a test to prove they are not robots. It means no inconvenience for you or your visitors.
You can check if the default anti-spam defense is enabled by browsing the WPForms” Settings” General tab.
You scroll to the bottom of the web page to see if the package alongside “Enable anti-spam defense” is checked.
If you use an older version of WPForms, you can see the “Anti-Spam Honeypot” option. That is the old spam protection option in WPForms.
You can check this box or upgrade to the latest version of WPForms to get the new anti-spam defense.
If you just enabled spam protection, make sure you save your form to save your changes.Currently, your contact kind is safeguarded from spambots.
2. Google reCAPTCHA
To include another layer of defense to your type, you can use Google’s reCAPTCHA. It either puzzles your visitors or analyzes their behavior on your website.
It can check if a human is submitting the form and block automatic spam submissions.
Google Recaptcha home page
The great thing is that it is free to use for up to a million users. Currently, there are three versions of Google reCAPTCHA.
- Checkbox reCAPTCHA v2: Here, visitors are asked to check a box that says “I am not a robot” and submit it. The advantage here is that it is a visible form of security. So visitors can feel safe filling out your form knowing that it is protected.
- Invisible reCAPTCHA v2: Detects the user’s behavior and activity on your website. It does not present a challenge or a puzzle.
- ReCAPTCHA v3: It uses JavaScript to recognize people. It is very effective at blocking bots, but sometimes it prevents real users. Therefore, we recommend using this version if you know how to fix bugs.
You can make it possible for all three variations of Google reCAPTCHA with WPForms. Let’s. Get started with that right away.
Step 1: Selecting the reCAPTCHA type
To start adding reCAPTCHA to your contact form, you first need to select which type of CAPTCHA you want to use.To do this, go to the WPForms ” Settings tab, where you will find the CAPTCHA option.
ReCaptcha in wpforms
Selecting this option will open a page with CAPTCHA icons. You can select an icon in the middle.If you scroll down the same page, you will see the reCAPTCHA settings. Remember, these settings apply to all forms you create with WPForms.
Now you should see 3 of the different reCAPTCHA options we mentioned earlier:
- Up forms-Recaptcha-settings
- Checkbox reCAPTCHA v2
- Invisible reCAPTCHA v2
- ReCAPTCHA v3
Simply select the option you want to use on your website. Next, you will see two fields where you can enter your site key and your secret key. We will show you how to develop these keys below.
Step 2: Set up Google reCAPTCHA
To use Google reCAPTCHA, you need to visit Google’s reCAPTCHA website to set it up.
From there, click Admin Console in the top menu.
reCAPTCHA Admin Console
If you are not logged into your Google account, Google will prompt you to do so now. First, get in the name of your website in the designation area. If you have numerous domains, you recognize the name you entered, as you will need it later.
reCAPTCHA settings Google
Then use the radio buttons to choose between reCAPTCHA v2 and v3. If you choose v3, you don’t need to do anything else here.
If you choose reCAPTCHA v2, you will be given two more options. You can select the “I am not a robot” checkbox or the invisible reCAPTCHA badge. Now you need to enter the official domain of your website, for example, “Fix hacked site.com.” You don’t need to add ‘HTTPS://.’
Afterward, all you require to do is accept the terms of use and select whether you want to receive notifications about reCAPTCHA.
reCAPTCHA settings in Google
After that, you can submit the form by clicking the “Submit” button at the bottom of the page.
Step 3: Retrieving your reCAPTCHA keys
After you submit your information, Google will automatically generate unique identification keys to link your form to your reCAPTCHA account. You will receive a website key and a secret key. You should receive a message with your keys.
It should note that Google uses a different key for each CAPTCHA type. So if you are using reCAPTCHA v2 today and want to switch to v3 later, you will need to generate a new set of keys.
registered reCAPTCHA
Copy the keys and go back to your WordPress website where you have opened the WPForms ” Settings ” CAPTCHA page. There you will see fields to fill in this information. Paste the keys here.
enter site key captcha wpforms
After that, you will see two more options:
- Error Message: You can customize the message displayed to a visitor if they fail the CAPTCHA test or fail to submit a form.
- No-Conflict Mode: If another plugin tries to load the reCAPTCHA mode, it might cause unwanted errors on your website. WPForms will force reCAPTCHAs from other plugins to be disabled by checking this box.
Once you’ve filled everything out, click the Save Settings button to save your reCAPTCHA settings.
Step 4: Add reCAPTCHA to your contact form
Now that you have reCAPTCHA enabled, you need to add it to your contact form. Open WPForms” All Kinds, as well as pick your contact type.
It will open the form builder, where you can edit the form. Click on the CAPTCHA field in the left menu under Standard Fields.
You don’t have to drag and drop it into your form like other fields. When you click on it, reCAPTCHA will be enabled for that form, and you will see a confirmation message .
Confirm Captcha Message
And with that, you have successfully added reCAPTCHA to your contact form. If you ever want to disable this feature, you can edit the form and click on the same CAPTCHA field to disable it.
hCaptcha
You can enable Captcha if you want an alternative to reCAPTCHA, which presents visitors with a challenge.
If visitors do not meet the challenge, they will not submit the form. That stops spambots in their tracks.
How is Captcha different from reCAPTCHA? Here are some of the main differences that can help decide which system is better:
- Using Captcha is free, but you’ll need to sign up for a paid plan if you want an invisible CAPTCHA.
- Each time a visitor completes a challenge, you get a small reward. So if you have a high-traffic website, you can earn a lot of money. a captcha does not collect so much data from your website. So if you are worried about data security, this might be a better option.
- There is a “simple mode” that you can enable to minimize the number of CAPTCHAs displayed to your visitors.
Are you ready to start using Captcha? Then let’s get started
Step 1: Set up hCatpcha in WPForms
First, you need to open the WPForms ” Settings page to enable Captcha.
Under the CAPTCHA tab, you will see the captcha option on this page.
wpforms-captcha-hcaptcha
Now you need your website key and your secret key. To generate these keys, you first need to create a captcha account.
Step 2: Set up your captcha account
To set up your captcha account, you need to go to the captcha website and sign up for the free plan.
Free-captcha-captcha
Once you are logged in, you can include a new website in the captcha dashboard.
Add new-site-captcha
When you click on the “New Website” button, you can enter the name of your website and save your changes. Then you will see an option to add a new site key with a pencil icon.
If you click on the pencil symbol, you can include your site key name to remember it later easily.
After that, you need to add your domain in the “General information” section.
Add-captcha-domain
Now you will see a CAPTCHA difficulty slider, which allows you to set the puzzle’s difficulty level.
Captcha-difficulty
Here is a brief introduction of the different difficulty levels:
- Easy: It will first attempt to validate the user without a challenge. If a challenge is displayed, these are the easiest ones that only take a few seconds to solve.
- Moderate: This sweet spot indicates a challenge that is neither easy nor difficult to solve.
- Difficult: Challenges take longer to solve and require more effort from the visitor.
That makes your form extremely secure but can also harm the user experience. We recommend using the easy or moderate mode, but you’ll have to make that a business decision. You can always come back and readjust the difficulty level.
The last option on this page is the interest of your audience. You can select topics similar to your industry or business field.
Captcha interests
You can skip this section if you want random challenges to be generated. Make sure to scroll back to the beginning and save your settings.
Step 3: Retrieve your captcha keys
When you save your data, Captcha will automatically redirect you to the Sites tab, where you will see a list of your sites.
Click the Settings button to retrieve your site key.
Captcha-active-sites
Copy and paste your site key here into the field in WPForms.
Site-key-wpforms
Next, you will also need your secret key. To do this, go back to the previous page and open the Settings tab.
Captcha-settings secret key
You can click the Settings button to obtain your secret key.
hcaptcha-secret-key-copy
Copy your secret key, go back to your WordPress site and paste it on the WPForms ” Settings ” CAPTCHA page.
Enter site key captcha wpforms
Now that we return to the WPForms page, you’ll see two more options
- Error Message: You can customize the message displayed to a visitor if they fail the CAPTCHA test or cannot submit a form.
- No-Conflict Mode: If another plugin tries to load the reCAPTCHA mode, it may cause unwanted errors on your website. Checking this box will force WPForms to disable reCAPTCHAs coming from other plugins.
That’s it. Once you’ve filled everything out, click the Save Settings button to save your captcha settings.
Step 4: Add ReCaptcha to your contact form
Now that you have Captcha enabled, all you need to do is add it to your contact form. Open WPForms ” All Forms and choose your contact form.
It will open the form builder, where you can edit the form. Click on the captcha field in the left menu under Standard Fields.
You don’t have to drag and drop it into your form like other fields. When you click it, ReCaptcha is enabled in your form. You will see the captcha badge in your form.
And with that, you have successfully added ReCaptcha to your contact form. If you want to disable this feature again, you can edit the form and click on the same captcha field to disable it.
Use WPForms Custom CAPTCHA addon
We understand that sometimes you don’t want to use a 3rd party service due to privacy concerns. Or maybe you do not want to add another brand; you will need to upgrade if you use the WPForms Lite version.
To activate this addon, go to the WPForms ” Addons page, find the Custom Captcha Addon, and install it.
Custom Captcha Addon
It will be activated automatically. Afterward, you can go to the WPForms ” All types webpage and open your contact form. Under Fancy Fields, you ought to see the Captcha option. You need to drag and drop this into your form.
Add Captcha to wpforms
It is best to add the captcha field above the submit button.
When you select the captcha field in the preview of your form, the captcha field options should open in the left menu.
Now you can transform the type of Captcha to “question and answer” or a “math” problem. Also, you can add different questions to make the answer harder to predict. You can even customize the question that is asked.
When satisfied with the contact form, don’t forget to save it.
And that’s it! With these methods, you can stop bots from spamming your website through your contact form.
However, you may receive spam from human visitors. These can be sales teams and scammers who fill out your form manually. We’ll show you how to block details email addresses to combat this.
5. Block or allow specific email addresses for your forms
If your visitors are spamming you through your contact form, none of the above measures can prevent it. They are designed to detect abstract bots. WPForms has a built-in email block or allows feature that allows you to prevent someone from submitting your form manually.
To do this, navigate to WPForms ” All Forms and edit your contact form. On the form editor page, find “Advanced Options” in the menu on the left.
Here you will see a dropdown menu to select a permission list or a denylist. If you select the denylist, it will open a field where you can enter specific email addresses separated by commas.
Now WPForms has a cool feature here. You can use an asterisk * to create partial matches. For example, you can enter the following examples:
- spam Name* – blocks email addresses that start with “spam name.”
- *@example.com – blocks email addresses from a particular domain
- s*@example.com – blocks all email addresses beginning with the letter “s” from a specific domain
- Once you have set up your denylist, save your form to save your changes.
You can test the form on your website by entering the email address you just blocked. You will see a notification that this email address is not allowed. With this, you should have everything you need to stop contact with spam once and for all!
Contact forms on WordPress websites are often plagued by spam, so you need to take steps to prevent it. Both our websites and globally are affected by these changes. If you’re looking for a quick solution to stop contact form spam, then you’ve come to the right place! Just click Fix Hacked Site