WPForms Blog

WordPress Tutorials, Tips, and Resources to Help Grow Your Business

How to Build a Spam Free Contact Form without CAPTCHA

How to Build a Spam-Free Contact Form Without CAPTCHA

by Courtney Robertson on Jan 23, 2017

Are you getting fake form submissions? With just a few steps, you can eliminate spam without frustrating your users. We’ll walk you through how to build a spam-free contact form without CAPTCHA.

Why Spam Prevention Matters

Spam prevention is one of the first steps in WordPress security.  If spambots are able to break through your security efforts, they can alter the content of your site, inject malicious code, or even remove your ability to log in.

To protect your site, you want to make it as easy as you can for your visitors to fill in your contact form, while making it as hard as possible for spambots to get through your security.

With so many spam submissions, you might even be thinking you don’t need a contact form at all. But there are many important reasons why you should use a contact form.

The key is to create your form in such a way that you don’t get spammed.

Why Not CAPTCHA?

Among the most common ways to stop spambots is to use a form field that only a human could answer, called CAPTCHA.

CAPTCHA usually requires users to enter specific text into a box.

CAPTCHA example

Our Custom CAPTCHA Addon works a bit differently. It creates a field that asks a user to solve a simple math problem or answer a question correctly.

user registration spam protection in WordPress with captcha

Still, these options can be an extra step that frustrates the user and may decrease form submission rates.

Users may not want to take the time to answer irrelevant questions. And some users may have difficulty answering math questions or reading CAPTCHA text, especially if they have dyslexia or other disabilities.

Luckily, it’s easy to create a spam-free contact form without CAPTCHA, using WPForms.

Creating Your Spam-Free Contact Form

The first thing you need to do is install and activate the WPForms plugin. Here’s a step by step guide on how to install a WordPress plugin.

Also, you’ll need to have a form created. See our tutorial on How to Create a Simple Contact Form as an example to get started.

WPForms creates secure contact forms out of the box, but you can also customize your security settings for an even more secure form.

Here are your options.

4 CAPTCHA Alternatives to Stop Spam

There are four main ways WPForms can keep your forms spam-free: reCAPTCHA, Custom CAPTCHA, our default honeypot anti-spam method, and by installing a third-party plugin WordPress Zero Spam. Here’s how they work.

1. reCAPTCHA

If you want to stop contact form spam without CAPTCHA, you might want to try reCAPTCHA as an alternative.

The advantage of using reCAPTCHA is that users only need to check a box. This requires less effort by the user.

recaptcha

The checkbox to enable reCAPTCHA is at Settings » General for each form. You can look on the right-hand preview panel near the bottom of the screen to find the Enable reCAPTCHA checkbox.

stop spam registrations in WordPress with honeypot and recaptcha user form registration

For more details, see our guide on how to enable reCAPTCHA for your WordPress forms.

2. Custom CAPTCHA

The WPForms Custom Captcha addon makes it easy for you to add custom questions or math CAPTCHA to your WordPress forms.

These questions can be easier for your users to answer than a traditional CAPTCHA.

By default, it will show random Math questions. However when you click to edit the Captcha form field, it will allow you to choose between the Math option or the Custom Questions option.

Custom Captcha Type

Users must answer your Captcha question correctly in order for the form to submit.

3. Honeypot Spam Protection

There is a hidden way to secure your contact forms without using CAPTCHA. This hidden tool is called a Honeypot.

Basically, a spambot fills in a hidden field that valid users can’t see. This extra field of data verifies that the submitter is a spambot, not a user.

When the honeypot field is filled in, we can reject the form as spam. The spambot gets stuck and can’t submit the form.

Honeypots are great because they don’t bother users like a CAPTCHA field and they are a secure tool for stopping spambots.

Honeypot Spam Prevention

By default, this setting is enabled for all your forms. If you want to double check that it’s activated, you can go to Settings » General.  At the bottom of the right-hand preview panel, you’ll see that the Enable anti-spam honeypot option is selected for you.

stop spam registrations in WordPress with honeypot and recaptcha user form registration

4. Install the WordPress Zero Spam Plugin
Do you want to create an additional layer of protection to combat spam submissions? Then, you need to install the WordPress Zero Spam plugin.

The WordPress Zero Spam plugin adds an extra layer of protection to your WordPress forms by blocking spammy IPs. The plugin works upon activation, and it doesn’t require you to configure any additional settings.

Good work! You now have a spam-free contact form using CAPTCHA alternatives.

Do you need to stop user registration spam? You might also want to check out our guide on simple tricks to eliminate spam user registration.

What are you waiting for? Get started with the most powerful WordPress forms plugin today.

If you like this article, then please follow us on Facebook and Twitter for more free WordPress tutorials.

Comments

  1. I’ve been using the WordPress Zero Spam plugin for a while on your recommendation and it seems to be working fine. However I recently discovered that it’s no longer being maintained.

    So then I tried to prevent spam in other ways but I’m having a hard time. Now that some time has passed, do you recommend any other options?

    Thanks!

    1. Hi Ryan,

      The WordPress Zero Spam plugin hasn’t been updated in a while because it’s super simple from a code standpoint and doesn’t require frequent updates – but if you’d like to use it, it’s still completely good to go 🙂

      If you’d prefer an alternate option, though, I’d recommend Google’s reCAPTCHA. We have integration with their newer Invisible reCAPTCHA option, which is still free and doesn’t require the user to take any action (no checkbox, etc). Here’s our tutorial with more information on how to set that up.

      I hope that helps! 🙂

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.