Fix Hacked Site

Stop contact form spam on WordPress sites in easy steps

Do you want to stop spam in contact forms forever?

With WPForms, you can easily prevent email spam from reaching your inbox. This will help improve security and get better leads from your website.

In this article, we will show you all the anti-spam tools in WPForms so that you can quickly stop contact from spam for good.

Why Do Bots Spam Forms?

Given that bots are automated, they crawl websites to find ways to send messages through WordPress contact forms.

Some bots look for ways to contact your website or email list via a form. They might try to hijack your server to spread malware or send even more spam.

You need a contact form plugin to help you stop form spam, especially if you run a small business website. It will save you the inconvenience of spam entries in contact forms, but it will also reduce the security risk of you (or your customers) receiving phishing emails.

To effectively combat spam in contact forms, you need to use WPForms. WPForms is the very best form builder plugin for WordPress. It has various anti-spam tools that drastically reduce or even eliminate spam in contact forms. Even much better, you don’t need to install any additional anti-spam plugins.

There are a few simple ways to prevent spam with WPForms.

If you’re new to WPForms, install and activate the WPForms plugin to create a simple contact form. With WPForms, it takes less than 5 mins.

Now you can set up your favorite spam protection tool. First, let’s look at the most straightforward and fastest anti-spam method.

Method 1: Enable The WPForms Anti-Spam Token

If you want a super-easy way to prevent spam, the WPForms anti-spam Token is the perfect anti-spam solution for you.

The anti-spam Token is significant because the user doesn’t have to do anything to bypass spam checking.

Behind the scenes, we add a secret token unique to each login. Spambots can’t recognize the Token. And without it, they get stuck and can’t submit the form.

The WPForms anti-spam Token is automatically enabled on every new form you create. You may still be using the old WPForms Honeypot spam field on old forms. You must manually enable the new token setting to update your spam protection.

How To Add The Anti-Spam Token To Your Forms

To make it possible for the anti-spam Token, first edit your form to open it in the form builder.

When the form builder opens in your browser, go to Settings” General.

Scroll down to the very bottom on the right side. Then check the Enable anti-spam protection checkbox.

Do you also see the old Honeypot spam protection option in the settings? Check the newer Enable anti-spam protection option next to it.

You can leave the Honeypot box checked or uncheck it if you want. In either case, the old Honeypot will not affect how the new form token works.

Save your form, and you’re done! Your WordPress contact form is now protected from spambots without inconvenience for real visitors.

Method 2: Use Google ReCAPTCHA On Your Contact Form GitHub - google/recaptcha: PHP client library for reCAPTCHA, a free service  to protect your website from spam and abuse.

Google’s reCAPTCHA is probably the most popular CAPTCHA service on the market. It automatically detects human visitors based on puzzles or by recognizing their behavior on your website.

All automated spam attempts are blocked by validating that a human is submitting a form. The added safety of a reCAPTCHA can also make users feel that the form is safe and help reduce form abandonment. 

There are three versions of Google reCAPTCHA, and you can use any of them in WPForms.

Here is a basic overview of the differences between them:

  • Checkbox reCAPTCHA v2 lets visitors hover over a checkbox to submit the form. This is called a “challenge” and is usually displayed with “I am not a robot” next.
  • Invisible reCAPTCHA v2 does not display a checkbox. Instead, the reCAPTCHA service identifies user activity to determine if the visitor is human. This is a great way to stop spam without displaying a challenge every time.
  • reCAPTCHA v3 is an advanced CAPTCHA that uses JavaScript to recognize human visitors. It’s ideal for AMP pages; however, it can occasionally prevent real visitors from filling out your forms. We suggest it for advanced users who are ready to troubleshoot when they encounter problems. When comparing Ninja Forms to WPForms, keep in mind that Ninja Forms doesn’t support v3, but WPForms does.

These reCAPTCHA types are free for approximately 1 million uses per month.

In the following section of the guide, we will look at setting up reCAPTCHA in your forms.

Step 1: Select A ReCAPTCHA Type In WPForms

We’ll start by selecting the type of Google reCAPTCHA you want to use in the WPForms plugin. To do this, open your WordPress dashboard and go to WPForms” Settings.

Then look at the tabs at the top. Click on the CAPTCHA tab.

On this page, you will see the options for CAPTCHAs.

Click on the reCAPTCHA icon in the middle of the page.

Now scroll down a little further until you see the reCAPTCHA settings. These settings are the same for all forms you create on your website.

First, you’ll see the three different reCAPTCHA types we’ve already talked about:

  • Checkbox reCAPTCHA v2.
  • Invisible reCAPTCHA v2
  • reCAPTCHA v3

Select the reCAPTCHA method you want to use with the radio buttons.

Now let’s switch to the reCAPTCHA website and set up your keys.

Step 2: Set Up Google ReCAPTCHA

Next, we will go to the reCAPTCHA website to add your website there.

First, visit Google’s reCAPTCHA website. Open this link in a new tab or window so you can switch back to WPForms in a few minutes.

Once you’re on the reCAPTCHA homepage, click the Admin Console button at the top.

You may need to log in to your Google account at this point.

After that, you will be redirected to a page where you can register your website for reCAPTCHA.

First, enter the name of your website in the designation field. The designation will help you identify the keys later. So, you can enter a name or the entire domain name – whatever you want.

Then select the type of reCAPTCHA you want to add to your website.

If you want to use reCAPTCHA v3, you need to click the top radio button.

If you choose to use reCAPTCHA v2, select this radio button first. Then select either the “I am not a robot” checkbox or the invisible reCAPTCHA.

We’ll utilize the checkbox method to show you how the form settings work in this example. If you choose various reCAPTCHA types, some of the screenshots may look slightly different from this point on.

After you have selected your reCAPTCHA, you will need to add your website’s domain. This time, enter the full domain name without any prefixes.

Click the Accept checkbox if you agree with the process. You can also receive notifications about your reCAPTCHA by checking the second box.

Click Submit to save your progress so far.

Now that you have added your website to reCAPTCHA, you can use it with any forms you create!