If you want to keep your WordPress site spam-free, you must learn how to prevent contact form spam.
When you place a contact form on your site, any user can fill out the form and submit it with ease. But you’re also exposing your site to scammers and bots that send irrelevant or malicious content through the forms.
That’s why protecting your contact forms from such spam submissions is crucial. This article will guide you on the four easy ways to prevent contact form spam.
Why is it Important to Stop Spam on WordPress Contact Form?
Form spam is unwanted content submitted through forms in large numbers with the help of spam bots. A bot can spam your site with hundreds of repetitive form submissions within a short period of time.
As you can see, these spam submissions can be annoying to deal with manually. But that’s not the only harm contact form spam poses for your site.
- Contact form spam submissions usually contain links to malicious phishing sites that can compromise your site’s security.
- Massive amounts of spam can clog up your website storage and harm the website’s performance.
- The spam buries the genuine contact form submissions from your human users, which makes it harder for you to respond to them.
- Spam submissions misrepresent the analytics on traffic and lead generation on your site.
Thus, it’s always a good idea to prevent contact form spam in WordPress and avoid any of the issues above.
With that said, let’s learn how to prevent contact form spam in WordPress.
4 Ways to Prevent Contact Form Spam in WordPress
Using this plugin, you can not only create custom contact forms for your site but also enable spam protection for the forms.
There are four ways to stop WordPress contact form spam using Everest Forms.
- Whitelisting domains
- Anti-spam honeypot
- reCAPTCHA and hCaptcha protection
- Everest Forms Custom Captcha add-on
That’s why we’ll be using this plugin to demonstrate how you can prevent spam easily. You can try the method that’s more feasible for you.
Before proceeding, ensure that you have the free and premium versions of Everest Forms installed and activated on your site. Some anti-spam features described below are only accessible in the pro version.
Anti-spam honeypot and reCAPTCHA/ hCaptcha protection are available in the free version. On the other hand, the whitelist domain feature and Custom Captcha add-on are available in Everest Forms Pro.
You can refer to our guide on installing Everest Forms Pro to properly set up the plugin. After completing the setup, you can start!
1. Using the Whitelist domains feature in Everest Forms
One of the key features Everest Forms provides to prevent spam is whitelisting email domains.
As the name suggests, this feature gives you the ability to allow only users with specific domains to submit the form. You can set either the allowed or the denied domain for the form.
The form blocks users with an email domain that’s not whitelisted. Thus, you can block all spam form submissions that use fake email addresses.
Start by opening the contact form where you want to enable the whitelist domain feature.
If you don’t already have a contact form, go through our article on creating a contact form. Follow the steps in the guide to build a simple contact form quickly.
Make sure the form you create has an Email field. You can only whitelist domains through the Email field.
After that, click on the Email field on your form to open its Field Options.
Scroll down to the Advanced Options, where you’ll find the Whitelisted Domains option.
Here, choose Allowed Domains or Denied Domains from the dropdown.
Allowed Domains: Set the email domains for which you want to enable form submission.
For example, if you enter the “gmail.com” domain, only users with this domain will be able to submit the form. You can make multiple domains allowed or denied. Just separate the domains with a comma.
Denied Domains: When you add a denied domain, users with that specific domain won’t be able to submit the form.
For example, if you set “abc.com” as a denied domain, the form blocks users with this domain. You can add domains that appear fake or spammy in this option.
Remember to save the changes when you’re done by clicking the Save button.
2. Enabling Anti-spam Honeypot for the Contact Form
The anti-spam honeypot feature in Everest Forms is the next method to protect contact forms from spam. It utilizes honeypot security to trap, detect, and prevent spam attacks on your site.
The honeypot feature adds an invisible field to your form, which is only visible to spam bots. So, a bot that fills the field and tries to submit the form is immediately detected and blocked.
To enable this feature, open the contact form you previously created. Now, click on the Settings tab at the top of the form builder.
As you scroll down the General settings, you’ll find the Enable anti-spam honeypot option that’s on by default.
If not, you need to tick the checkbox and save the changes.
Congratulations! Your contact form is now safe from spam messages.
3. Enabling reCAPTCHA or hCaptcha Protection
Another way to block contact form spam is by adding CAPTCHAs to the form. Everest Forms offers three types of CAPTCHA protection: reCAPTCHA v2, reCAPTCHA v3, and hCaptcha.
To integrate these CAPTCHAs into your contact form, navigate to Everest Forms >> Settings >> CAPTCHA.
You can choose any of the following CAPTCHA types for the form:
reCAPTCHA v2: reCAPTCHA v2 requests users to tick the “I am not a robot.” checkbox or complete image CAPTCHA challenges. The system analyzes the user’s actions to verify whether the user is a human or a bot.
reCAPTCHA v3: reCAPTCHA v3 evaluates the way users interact with your website. It then generates a score indicating how genuine or fake the user is. A higher score means the user is more likely to be human.
Unlike reCAPTCHA v2, it works in the background. So, your forms won’t display image CAPTCHAs or “I am not a robot.” checkboxes.
hCaptcha: hCaptcha is similar to reCAPTCHA. The only difference is that hCaptcha doesn’t sell user data to third parties.
So, let’s look at the process of integrating these CAPTCHAs.
I. Add reCAPTCHA to Prevent Spam
First of all, you must get the Site Key and Secret Key for the reCAPTCHA you’ll be using.
So, head to the official Google reCAPTCHA page and click on the v3 Admin Console menu in the header.
Next, log into your Google account, and you’ll arrive at the Create page. From this page, you can register the website where you want to display the CAPTCHA.
Type your website’s name in the Label and choose the reCAPTCHA type between v2 and v3.
If you choose v2, you get three options on the type of v2 CAPTCHA you can use:
- “I’m not a robot” Checkbox
- Invisible reCAPTCHA badge
- reCAPTCHA Android
Next, add your site’s domain and accept the reCAPTCHA Terms of Service. Finally, click on the Submit button.
Google reCAPTCHA automatically generates a new Site Key and Secret Key for you.
Now that you have the keys you need, open your WordPress dashboard and go to Everest Forms >> Settings >> CAPTCHA.
To add reCAPTCHA v2, select reCAPTCHA v2 in CAPTCHA Type. Then, copy and paste the Site Key and Secret Key you generated for reCAPTCHA v2.
Besides that, you can make the reCAPTCHA invisible by ticking the checkbox for Enable Invisible reCAPTCHA.
Everest Forms also supports multiple CAPTCHA languages. You can pick the language in which you want to display the CAPTCHA from the dropdown. Finally, hit the Save Changes button.
On the other hand, if you’ve generated keys for reCAPTCHA v3, select the v3 CAPTCHA Type. Then, paste the Site Key and Secret Key generated for reCAPTCHA v3.
After that, you can set the Threshold score for validating requests. The default value is 0.4, which means that users who get at least 4 out of 10 total scores are genuine. If necessary, you can increase the Threshold score for a stricter user evaluation.
Like reCAPTCHA v2, you can select a CAPTCHA Language from the dropdown.
After the integration is complete, there’s one more important step remaining. You must enable the CAPTCHA protection for the desired contact form.
So, open the contact form and go to Settings >> General. Scroll down, and you’ll find the option to enable reCAPTCHA v2 or v3.
All you have to do is tick the checkbox and click Save.
With that, you’ve successfully protected your contact form from spam with Google reCAPTCHA.
II. Add hCaptcha to Prevent Spam
Visit the official hCaptcha page and open the sign-up page by pressing the Sign Up button.
Here, choose the free service to get started.
Next, you must create a new account and get the Site Key and Secret Key.
Go back to your WordPress dashboard and open Everest Forms >> Settings >> CAPTCHA.
Here, choose hCaptcha in the Captcha Type option. Paste the keys you generated from your hCaptcha account and save the changes.
Now, you still need to enable the hCaptcha protection for the contact form. So, open the contact form of your choice and go to its General Settings. Simply tick the Enable hCaptcha option, and you’re done!
You’ve successfully integrated your contact form with reCAPTCHA or hCaptcha protection.
4. Using the Everest Forms Custom Captcha Add-on
The Captcha add-on offers a CAPTCHA field for your contact form. Using it, you can create custom math CAPTCHAs or question-and-answer CAPTCHAs.
We’ve explained the step-by-step process of using the Captcha add-on for contact form spam prevention.
I. Install and Activate the Custom Captcha Add-on
As mentioned earlier, you must activate Everest Forms Pro on your site before installing the Captcha add-on. Only then you’ll be able to install and activate the add-on on top of it.
So when you’ve done that, go to Everest Forms >> Add-ons.
Find the Custom Captcha add-on and click the Install Addon button. Then, click Activate.
II. Add Captcha Field to Contact Form
You can add a Captcha field to your contact form with the Captcha add-on. You can use the contact form you’ve created in the earlier methods.
If you haven’t built a contact form yet, please do so before proceeding ahead.
Now, open Add Fields in the form builder and scroll down to Advanced Fields.
When you find the Captcha field, drag and drop it into the contact form.
That’s not all. Everest Forms lets you customize each form field on your field, including the Captcha field.
Customizing the Captcha Field
Click on the Captcha field to open its Field Options on the left.
Let’s go through each customization option below:
Label: Edit the label of the Captcha field as required.
Description: Add a clear description for the form field to let users know what information they need to fill in the field.
Format: You get Math and Question and Answer Captcha formats for the field.
If you choose the Math format from the dropdown, the form automatically displays a simple math equation for your users to solve. Only the users who enter the correct answer can submit the form.
If you want to add custom questions to the contact form, select Question and Answer from the dropdown. You can add as many questions as you wish using the + button. The form displays any one of the questions you’ve provided to the user at random.
You may also remove some of the equations by clicking the – button.
Advanced Options: Here, you can edit the Placeholder Text, Hide Label of the field, and add CSS Classes.
Conditional Logic: You can enable conditional logic for the Captcha field and apply conditional rules to it. The form only displays the field when it meets your set conditions.
When the customization is complete, hit the Save button at the top. You’ve now successfully secured your contact form against spam.
To summarize, knowing how to prevent contact form spam is vital to secure your website against spam form submissions.
Everest Forms helps you do this in four easy ways. In the free version, you can apply anti-spam honeypot and reCaptcha/ hCaptcha protection. Meanwhile, the whitelist domain feature and Custom Captcha add-on are available in the pro version.
The method you use is entirely up to you. You can even apply multiple ways of spam protection in conjunction.
Contact form spam prevention is only one aspect of overall website protection. So, you may also want to look into WordPress security plugins for advanced protection.