How to Block WordPress Form Spam?


Are you tired of getting spam form submissions on your website? We’ve got the full proof solution which will put an end to spam issues on your WordPress forms once in for all. In this tutorial, you’ll learn three effective ways to block contact form spam on WordPress forms.

What are Spam Form Submissions?

The form submissions that include harmful and malicious information are spam form submissions. There are spam-bots and malicious users which overflow your WordPress form entries with unwanted and redundant form submissions. 

In addition to that, these spam submissions are very dangerous for your site’s security. These spam can not only steal data from your site but also, hack your site and take it down. So, it is crucial for every website owner to know how to block WordPress contact form spam. 

How to Block Contact Form Spam in WordPress?

Spams form submissions are a common nuisance that you as a website owner will come across every now and then. And, handling these spams can get frustrating. But, Everest Forms plugin easily solves the problem of spam on your WordPress forms.

Everest Forms is the finest contact form plugin available which allows you to create amazing and advanced forms in a few clicks. And, the plugin allows you to protect your forms from spam-bots and malicious users. It offers many features for anti-spam protection such as Google reCaptcha integration, Custom Captcha add-on, and Honeypot option. 

To learn how to add these features to block contact form spam in WordPress, simply follow the instructions below.

  1. Integrate Google reCaptcha for WordPress Forms
  2. Add Custom Captcha Field in WordPress Forms
  3. Use Honeypot to Prevent Form Spam without Captcha

1.  Integrate Google reCAPTCHA for WordPress Forms 

block contact form spam WordPress recaptcha

The first and the most popular method for preventing spam submissions by setting up google reCAPTCHA. reCAPTCHA helps website owners identify spam bots from valid users. You can easily create an account for your website for free in Google’s overview page

STEP 1: Choose reCAPTCHA type

After you create an account, you can register your site and fill out the Label, reCAPTCHA type, Domains, Owners, Terms of Service, and Send alerts to owners. Here, you can choose the reCAPTCHA type for your WordPress form. There are two types of reCAPTCHA that you can integrate into your site i.e. reCAPTCHA v2 and the reCAPTCHA v3.

The reCAPTCHA v2 includes the Checkbox and invisible reCAPTCHA. And, the reCAPTCHA v3 returns a score for each request from 0.0 to 0.1. And, depending on the score the valid requests are passed. 

block contact form spam WordPress site keys

After your site is registered, you need to copy the given Site Key and the Secret Key to Everest Forms reCAPTCHA settings. For each reCAPTCHA type, there is a different pair of keys. Meaning each reCAPTCHA type, even of the same version has a unique pair of keys.

STEP 2: Set Up Everest Forms reCAPTCHA Settings

After you get your Site Key and Secret Key, go to your WordPress dashboard and go to Everest Forms → Settings. Then, you can see the reCAPTCHA tab in which you need to configure the reCAPTCHA type, Site Key, and Secret Key. 

Everest Forms settings block contact form spam WordPress

For v2, select reCAPTCHA v2 and paste the keys for the reCAPTCHA type you chose(Checkbox, Invisible or Android). If you’re using invisible reCAPTCHA, you need to check the Enable Invisible reCAPTCHA option.

STEP 3: Enable reCAPTCHA for Individual Form

Open the form you want to integrate reCAPTCHA and go to the Settings tab. Here, you can see all the individual form settings. Scroll down and click on the Enable Google reCAPTCHA v3 or Enable Google reCAPTCHA v2 checkbox according to your reCAPTCHA type. After that, hit SAVE.

Everest Forms block contact form spam

How Everest Forms uses reCAPTCHA to Prevent Spam Submissions?

After you add reCAPTCHA to your Contact Form, you are protected from the unwanted form entries and spam-bots. To test if it is working on your site, you can submit a form submission. Below are the screenshots for the frontend preview.

For Checkbox reCAPTCHA v2

For Invisible reCAPTCHA v2 and reCAPTCHA v3

2. Add Custom Captcha Field in WordPress Forms

Another easy and effective way to protect your contact forms from unwanted and malicious form submissions is by using Custom Captcha. These Captchas can be a custom question and answer or a custom math problem. For this custom captcha field, you need to install the Everest Forms Captcha add-on

Once you install the Captcha add-on, you can see that the Captcha field is added to the Everest Forms form builder. 

In the Form Options, you can customize your Captcha field. This field allows you to add math captcha or a set of the pre-defined questionnaire as the captcha for your WordPress forms. The Format setting allows you to select the Math or Questionnaire Captcha:

  • Math Captchas are autogenerated. A different math Captcha displayed to each user.
  • Question and Answer option allows you to add your custom questions and answers. You can add more than one question. Click on the “+” and “-” buttons to add or remove questions. The form will display only one question randomly in the frontend.

3. Use Honeypot to Prevent Form Spam without Captcha

Cons of Using Captchas

Although Captcha is a popular method for preventing contact form spam, it has its own disadvantage. These captchas can get really annoying for the genuine users who want to fill-up the form. Most users won’t mind answering extra questions but, many others will get frustrated and abandon the form. 

So, how do you prevent form spam without Captcha? 

The answer is Honeypot. What honeypot does is prevent the spam bots from submitting the form by adding a hidden form field that the normal users cannot see. The genuine users cannot see this hidden field on the form but the bots will find the hidden field and fill it out. But, the bots are detected and stopped from submitting the form.  

This method blocks WordPress contact form spam without hampering the user experience of your site as the users cannot see the hidden fields. 

To implement Honeypot for your form, go to the form builder and click on the Settings tab. In the General settings, you just need to Enable anti-spam honeypot, and don’t forget to save the settings.


As you can see, protecting your contact form from spam submissions is so easy. Everest Forms offers you three amazing and simple ways to block contact form spam for your WordPress site.

Hopefully, you can easily add captcha to contact form without any trouble after reading this article. Or, you can enable the anti-spam honeypot to prevent any bots from submitting forms on your site. Lastly, don’t forget to share if you found this helpful.

Alina Manandhar

Leave a Reply

Your email address will not be published.

Scroll to top

Pin It on Pinterest