How to Prevent Spam in WPForms

Would you like to prevent spam from being sent through your WordPress forms? There are lots of different anti-spam options available, and it can be hard to know which one(s) to choose.

In this tutorial, we’ll walk you through the anti-spam options available in WPForms.

Requirements: The reCAPTCHA and hCaptcha integrations are available with any version of WPForms, including WPForms Lite. The Custom Captcha addon is available with any paid license.


Enabling Anti-Spam Protection

Note: For anti-spam protection to function properly, JavaScript must be enabled on your site.

WPForms comes with its own anti-spam protection that you can enable in your form’s settings. It verifies a token that our plugin adds to each form.

The token is a time-sensitive cryptographic string that’s very hard to guess or fake. This allows us to halt form submission processing if there’s no token, or if the token has expired or is invalid.

Once you’ve installed and activated WPForms, you can find the anti-spam option in the form builder under Settings » General.

The Enable anti-spam protection option should be toggled on by default, but you can check it here.

Enabling anti-spam protection for a form

With this setting on, your form will not submit if a bot triggers the anti-spam protections.

The anti-spam token expired error message

Adding a CAPTCHA to Your Forms

CAPTCHAs are automated tests that check that users are real people and not spambots. There are three ways to add one to your forms for additional protection beyond the built-in option WPForms provides.

Enabling reCAPTCHA

Google’s reCAPTCHA is a popular CAPTCHA solution. To add reCAPTCHA to your forms, you’ll need to integrate it with WPForms by going to WPForms » Settings » CAPTCHA.

Opening the WPForms CAPTCHA settings

Here, click on reCAPTCHA to enable it. Then fill out the fields that appear and save your settings.

The reCAPTCHA settings in WPForms

Note: For detailed steps on how to integrate reCAPTCHA with WPForms, please check out our reCAPTCHA setup tutorial.

Next, open the form you want to protect in the form builder and add a reCAPTCHA field to it.

Adding a reCAPTCHA field to a form

Finally, go to Settings » General and toggle on the reCAPTCHA option to enable it for this form.

Turning on reCAPTCHA for a form

Make sure to save your changes before leaving the form builder.

Enabling hCaptcha

If you’d prefer not to use Google’s reCAPTCHA, one alternative is to add an hCaptcha to your forms. hCaptcha is free and privacy-conscious, while still offering reliable anti-spam protection.

To set up hCaptcha, you’ll first need to go to WPForms » Settings » CAPTCHA. Then select hCaptcha from the options.

Selecting hCaptcha in the WPForms settings

This will reveal some more settings for you to fill out. You’ll need to generate keys in your hCaptcha account and add them here, then save your settings.

The hCaptcha settings in WPForms

Note: For the full details on how to use hCaptcha with your forms, be sure to check out our tutorial on setting up hCaptcha.

Once you’ve added your keys to your site, you can enable hCaptcha in a specific form by clicking on the hCaptcha field in the form builder.

Adding an hCaptcha field to your form

Then go to Settings » General and toggle on the Enable hCaptcha option.

Enabling hCaptcha for a form

Remember to save your form before you leave the builder.

Using a Custom Captcha

Our Custom Captcha addon makes it easy to create a custom question-and-answer or math CAPTCHA for spam prevention.

Before adding a Custom Captcha to your form, you’ll need to activate the Custom Captcha addon.

Then open the form you want to protect in the builder and scroll to the Fancy Fields section. Click on the Custom Captcha option to add it to your form.

Adding a Custom Captcha field to a form

Once you’ve added the field, you can click on it in the preview area to open up its field options. From here, choose which type of CAPTCHA to show your users by selecting Math or Question and Answer from the Type dropdown.

Selecting a custom captcha type

The Math option will show users a randomly generated simple equation to solve.

A math custom captcha

The Question and Answer option lets you create your own CAPTCHA questions and answers. Each time your form loads, it will display one at random and require your users to answer it before submitting your form.

A question and answer custom captcha

Note: For more details, be sure to check out our tutorial on setting up the Custom Captcha addon.

Creating an Allowlist or Denylist

Another way you can protect your forms from spam is with an allowlist or denylist. This restricts who can submit your form based on their email address. If a user’s email address doesn’t follow your list’s rules, then they won’t be able to submit your form.

To create an allowlist or denylist, open your form for editing and make sure to include an Email field in it. In the Email field’s Advanced options, use the Allowlist / Denylist dropdown to enable your list. Then add your rules.

An example of a denylist in WPForms

Note: For a step-by-step guide on creating an email allowlist or denylist, see our full tutorial on this field option.

Frequently Asked Questions

Below, we’ve answered the top questions we get about spam protection in WPForms.

There’s an option in my settings to enable an anti-spam honeypot. How does that work?

Our anti-spam honeypot was included for any forms created prior to our 1.6.2 release. However, forms created after that update will only use our newer anti-spam protection option.

That’s it! Now you know how to prevent spam in your forms.

Next, would you like to edit entries that have been submitted through your forms? Be sure to check out our tutorial on editing entries in WPForms for more details.