Would you like to prevent spam from being sent through your WordPress forms? There are lots of different anti-spam options available, and it can be hard to know which one(s) to choose.
In this tutorial, we’ll walk you through the anti-spam options available in WPForms.
- Enabling Anti-Spam Protection
- Adding a CAPTCHA to Your Forms
- Creating an Allowlist or Denylist
- Frequently Asked Questions
Requirements: The reCAPTCHA and hCaptcha integrations are available with any version of WPForms, including WPForms Lite. The Custom Captcha addon is available with any paid license.
Enabling Anti-Spam Protection
Note: For anti-spam protection to function properly, JavaScript must be enabled on your site.
WPForms comes with its own anti-spam protection that you can enable in your form’s settings. It verifies a token that our plugin adds to each form.
The token is a time-sensitive cryptographic string that’s very hard to guess or fake. This allows us to halt form submission processing if there’s no token, or if the token has expired or is invalid.
Once you’ve installed and activated WPForms, you can find the anti-spam option in the form builder under Settings » General.
The Enable anti-spam protection option should be toggled on by default, but you can check it here.
With this setting on, your form will not submit if a bot triggers the anti-spam protections.
Adding a CAPTCHA to Your Forms
CAPTCHAs are automated tests that check that users are real people and not spambots. There are three ways to add one to your forms for additional protection beyond the built-in option WPForms provides.
Enabling reCAPTCHA
Google’s reCAPTCHA is a popular CAPTCHA solution. To add reCAPTCHA to your forms, you’ll need to integrate it with WPForms by going to WPForms » Settings » CAPTCHA.
Here, click on reCAPTCHA to enable it. Then fill out the fields that appear and save your settings.
Note: For detailed steps on how to integrate reCAPTCHA with WPForms, please check out our reCAPTCHA setup tutorial.
Next, open the form you want to protect in the form builder and add a reCAPTCHA field to it.
Finally, go to Settings » General and toggle on the reCAPTCHA option to enable it for this form.
Make sure to save your changes before leaving the form builder.
Enabling hCaptcha
If you’d prefer not to use Google’s reCAPTCHA, one alternative is to add an hCaptcha to your forms. hCaptcha is free and privacy-conscious, while still offering reliable anti-spam protection.
To set up hCaptcha, you’ll first need to go to WPForms » Settings » CAPTCHA. Then select hCaptcha from the options.
This will reveal some more settings for you to fill out. You’ll need to generate keys in your hCaptcha account and add them here, then save your settings.
Note: For the full details on how to use hCaptcha with your forms, be sure to check out our tutorial on setting up hCaptcha.
Once you’ve added your keys to your site, you can enable hCaptcha in a specific form by clicking on the hCaptcha field in the form builder.
Then go to Settings » General and toggle on the Enable hCaptcha option.
Remember to save your form before you leave the builder.
Using a Custom Captcha
Our Custom Captcha addon makes it easy to create a custom question-and-answer or math CAPTCHA for spam prevention.
Before adding a Custom Captcha to your form, you’ll need to activate the Custom Captcha addon.
Then open the form you want to protect in the builder and scroll to the Fancy Fields section. Click on the Custom Captcha option to add it to your form.
Once you’ve added the field, you can click on it in the preview area to open up its field options. From here, choose which type of CAPTCHA to show your users by selecting Math or Question and Answer from the Type dropdown.
The Math option will show users a randomly generated simple equation to solve.
The Question and Answer option lets you create your own CAPTCHA questions and answers. Each time your form loads, it will display one at random and require your users to answer it before submitting your form.
Note: For more details, be sure to check out our tutorial on setting up the Custom Captcha addon.
Creating an Allowlist or Denylist
Another way you can protect your forms from spam is with an allowlist or denylist. This restricts who can submit your form based on their email address. If a user’s email address doesn’t follow your list’s rules, then they won’t be able to submit your form.
To create an allowlist or denylist, open your form for editing and make sure to include an Email field in it. In the Email field’s Advanced options, use the Allowlist / Denylist dropdown to enable your list. Then add your rules.
Note: For a step-by-step guide on creating an email allowlist or denylist, see our full tutorial on this field option.
Frequently Asked Questions
Below, we’ve answered the top questions we get about spam protection in WPForms.
There’s an option in my settings to enable an anti-spam honeypot. How does that work?
Our anti-spam honeypot was included for any forms created prior to our 1.6.2 release. However, forms created after that update will only use our newer anti-spam protection option.
That’s it! Now you know how to prevent spam in your forms.
Next, would you like to edit entries that have been submitted through your forms? Be sure to check out our tutorial on editing entries in WPForms for more details.