how-to-stop-contact-form-spam-on-wordpress_o

How to Stop Contact Form Spam on WordPress in 2020

Do you want to prevent spam form submissions?

A lot of those spam submissions are automated with bots. However, with WPForms, and just a few steps, you can build spam-free WordPress contact forms and get better leads.

In this article, we’ll show you exactly how to stop contact form spam on your WordPress site.

Why Do Bots Spam Forms?

Since bots are automated, they crawl websites to try and find ways to email you through an non-secure form. Worse, some bots are looking for ways to exploit your site or email list through a form.

WPForms is the best WordPress Form Builder plugin. Get it for free!

This is why it’s such a good idea to have a contact form plugin that helps you stop form spam, especially if you’re running a small business site.

How to Stop Contact Form Spam

There are several great ways to stop contact form spam and spam email. Here are some quick links for you to jump to each section so you can read about which type of spam-free form you want to create for your site:

Ready to skyrocket your income online through your email list? We’ve compared costs and features of the best email marketing services available today.

How to Add reCAPTCHA to Your Contact Forms (Method #1)

Here we’re going to show you how to create a contact form that’ll have an interactive reCAPTCHA. This reCAPTCHA section is for site visitors to click on to prove they’re human when they submit a form.

Why Use reCAPTCHA?

1. Block Spam — By verifying that a human is submitting a form, all automated spam attempts are blocked. The added security can also make users feel that the form is secure and help reduce form abandonment.

2. Easy to Use — Originally CAPTCHA was sometimes hard to get right, even for us humans. Google has since improved their CAPTCHA tool, making reCAPTCHA v2 much easier for users. Now instead of entering text, users can just put their mouse over the checkbox and the tool understands that this is not an automated spam bot.

In the fall of 2018, Google released something called reCAPTCHA v3, which uses a behind-the-scenes scoring system to help you detect abusive traffic all over your website without asking users to do anything.

Since there’s a chance that v3 reCAPTCHA may prevent some legitimate users from submitting your forms, we recommend using reCAPTCHA v2 to help you stop contact form spam.

reCAPTCHA v2 has 2 options, interactive checkboxes and invisible reCAPTCHA. This guide will focus on adding reCAPTCHA v2’s interactive checkboxes or invisible reCAPTCHA to your WordPress forms.

How to Add a reCAPTCHA Checkbox to Your Forms

Now, let’s see how to add an interactive reCAPTCHA checkbox to your contact forms.

Step 1: Create a Simple Contact Form in WordPress

The first thing you’ll need to do is install and activate the WPForms plugin. For more details, see this step by step guide on how to install a plugin in WordPress.

Next, you’ll need to create a WordPress contact form. For help with this step, check out our tutorial on how to create a simple contact form in WordPress.

simple contact form on wpforms to stop contact form spam

Step 2: Configure reCAPTCHA Settings

Next, you need to configure reCAPTCHA settings in WordPress.

To start, go to WPForms » Settings. Then, click on the reCAPTCHA tab.

recaptcha settings to stop contact form spam

Choose Checkbox reCAPTCHA v2 to add an interactive reCAPTCHA box to your contact form.

select checkbox recaptcha contact form with captcha

reCAPTCHA is a service provided by Google. It’s free, but requires a site key and secret key. You can easily generate those keys for your site by visiting Google’s reCAPTCHA setup page.

Once you’re on this setup page, click on the Admin console button in the top right corner.

google recaptcha admin console

Then, sign in to your Google account.

After logging in, you’ll be redirected to a page where you can register your site for reCAPTCHA.

If you’ve already registered a website for Google reCAPTCHA in the past, you’ll see a different screen. In that case, just click on the plus sign to Register a new site.

recaptcha-admin-console-add-new

Enter the name of your website in the label field. This is for your own use, so that you can identify the website if you ever needed to get the keys again.

register-new-site-for-recaptcha

Then, choose the type of reCAPTCHA you want to add to your website. In this example, we’ll select reCAPTCHA v2 and then the “I’m not a robot” Checkbox.

how-to-setup-recaptcha-on-wordpress-forms

After that you need to add your website’s domain, such as example.com.

To save your site, click the Submit button.

enter-domain-in-recaptcha-setup

Next, you’ll see a page with a site key and secret key for your website.

recaptcha-keys

Copy your site and secret key, and switch back to the WPForms » Settings page. Paste your site and secret keys under the reCAPTCHA settings.

Click on the Save Settings button to store your changes.

recaptcha site keys for stopping spam

Step 3: Add the Checkbox reCAPTCHA to Your Contact Form

Adding Checkbox reCAPTCHA to your WordPress form is easy to do.

To enable reCAPTCHA in the simple contact form you created earlier, go to Add Fields in the form editor and click on the reCAPTCHA button.

click on the reCAPTCHA button

You’ll be notified that Google Checkbox v2 reCAPTCHA has been enabled.

enabling google recaptcha pop up

Click OK to see the reCAPTCHA enabled badge on your form.

recaptcha enabled badge on form

Don’t forget to save it!

Now you can add your contact form, complete with Google Checkbox reCAPTCHA, to your website.

Step 4: Add Contact Form with reCAPTCHA to WordPress

WPForms lets you add your forms to many locations on your website, including your blog posts, pages, and even sidebar widgets.

Let’s take a look at the most common option of post/page embedding.

To start, create a new post or page in WordPress and then click on the Add WPForms icon inside of a block.

insert-wpforms-into-page-or-post

Next, select your form from the dropdown in the modal popup.

insert-contact-form-into-block

Then, publish your post or page so your reCAPTCHA-enabled form will appear on your website.

recaptcha-in-form

Want to add an icon with extra info to a form field? Head over to our tutorial on how to add Tooltips in WordPress forms.

Next up, we’ll show you how to use the WPForms Custom Captcha addon.

How to Use the WPForms Custom Captcha Addon (Method #2)

Let’s show you how to add a contact form with captcha to your site with a WPForms addon.

If you don’t want to use Google reCAPTCHA to stop contact form spam, but know you want to add an interactive reCAPTCHA element to your website, you can always use our Custom Captcha addon.

With this addon, you can define custom questions or use random math questions as CAPTCHA to fight spam form submissions.

Step 1: Create a Simple Contact Form in WordPress

The first thing you’ll need to do is install and activate the WPForms plugin. For more details, see this step by step guide on how to install a plugin in WordPress.

Next, you’ll need to create a WordPress contact form. For help with this step, check out our tutorial on how to create a simple contact form in WordPress.

stop contact form spam with simple contact form on wpforms

Now, scroll down and click on the Captcha button to activate the Custom Captcha addon.

activate captcha button

A window will pop up — click Yes, Install and Activate.

install and activate captcha addon to stop contact form spam

After the installation is complete, click Yes, Save and Refresh.

save and refresh catpcha addon to stop contact form spam

Your Custom Captcha addon is now active and ready to be added to your form.

Step 2: Add and Customize the Captcha Form Field

Once you’ve created a contact form, stay in the form builder to add your custom captcha form field.

Just drag it from the left hand panel to the right hand panel to add it to your form.

drag captcha field onto form

The form field will automatically display a random math question for site visitors to answer before they can submit their form on your site. A new math problem (addition, subtraction, or multiplication) will appear every time the page loads or refreshes.

For help customizing the Math Captcha, check out our documentation on how to change the Math Captcha.

To make changes to the form field, click on it. You can change the label, type of captcha, and add a description.

stop contact form spam by editing captcha

If you prefer to use a custom question and answer instead of the Math Captcha, change the type of captcha to Question and Answer in the Field Options section.

type of captcha change

There, you can also change the question and answer that site visitors have to type out a response to in order to submit their form on your site.

If you want to display random questions and answers every time your page loads or refreshes, click on the (+) button to add another question and answer.

add questions and answers to custom captcha

Click Save when you’ve customized your custom captcha to your liking.

save captcha form

You’re now ready to add your Custom Captcha-enabled contact form to your website.

Step 3: Add Contact Form with Custom Captcha to WordPress

WPForms allows you to add your forms to many locations on your website, including your blog posts, pages, and even sidebar widgets.

Let’s take a look at the most common post/page embed option.

To start, create a new post or page in WordPress and then click on the Add WPForms icon inside of a block.

insert-wpforms-into-page-or-post

Next, select your form from the dropdown in the modal popup.

add-custom-captcha

Then, publish your post or page so your contact form will appear on your website.

How to Build a Spam-Free Contact Form Without Captcha (Method #3)

Here we’ll show you how to build a spam-free contact form in WordPress and prevent form spam without Captcha so the user experience is never disrupted and filling out your forms is as easy as possible.

Why Not Use Captcha?

You want to make it as easy as you can for your visitors to fill in your contact form, while making it as hard as possible for spambots to get through your security.

One of the most common ways to stop spambots is to use a form field that only a human could answer, called Captcha.

Captcha usually requires users to enter specific text into a box.

CAPTCHA Example

Though our Custom Captcha addon (shown above in Method #2) works a bit differently by creating a field that asks a user to solve a simple math problem or answer a question correctly, this can still be an extra step that frustrates the user and may decrease form submission rates.

custom captcha example

Users may not want to take the time to answer irrelevant questions. And, some users may have difficulty answering math questions or reading CAPTCHA text, especially if they have a disability.

Luckily, it’s easy to create a spam-free contact form without Captcha using WPForms. We’ll show you how to do this with Google Invisible reCAPTCHA v2 now.

How to Add Invisible reCAPTCHA to Your Forms

Now, let’s see how to add invisible reCAPTCHA to your contact forms.

Step 1: Create a Simple Contact Form in WordPress

The first thing you’ll need to do is install and activate the WPForms plugin. For more details, see this step by step guide on how to install a plugin in WordPress.

Next, you’ll need to create a WordPress contact form. You can make a simple contact form or even a multi-step form in WordPress. For help with this step, check out our tutorial on how to create a simple contact form in WordPress.

simple contact form on wpforms

Step 2: Configure reCAPTCHA Settings

Next, you need to configure reCAPTCHA settings in WordPress.

To start, go to WPForms » Settings. Then, click on the reCAPTCHA tab.

recaptcha settings to stop contact form spam

Choose Invisible reCAPTCHA v2 to add Invisible reCAPTCHA to your contact form.

select invisible recaptcha v2

reCAPTCHA is a service provided by Google. It’s free, but requires a site key and secret key. You can easily generate those keys for your site by visiting Google’s reCAPTCHA setup page.

Once you’re on this setup page, click on the Admin console button in the top right corner.

google recaptcha admin console

Then, sign in to your Google account.

After logging in, you’ll be redirected to a page where you can register your site for reCAPTCHA.

If you’ve already registered a website for Google reCAPTCHA in the past, you’ll see a different screen. In that case, just click on the plus sign to Register a new site.

recaptcha-admin-console-add-new

Enter the name of your website in the label field. This is for your own use, so that you can identify the website if you ever needed to get the keys again.

register-new-site-for-recaptcha

Then, choose the type of reCAPTCHA you want to add to your website. In this example, we’ll select reCAPTCHA v2 and then the Invisible reCAPTCHA badge.

invisible-recaptcha-setup

After that you need to add your website’s domain, such as example.com.

To save your site, click the Submit button.

enter-domain-in-recaptcha-setup

Next, you’ll see a page with a site key and secret key for your website.

recaptcha-keys

Copy your site and secret key, and switch back to the WPForms » Settings page. Paste your site and secret keys under the reCAPTCHA settings, making sure Invisible reCAPTCHA v2 is selected for Type.

Click on the Save Settings button to save your changes.

save recaptcha settings

Step 3: Enable Invisible reCAPTCHA on Your Contact Form

Adding Invisible reCAPTCHA to your WordPress form is easy to do.

To enable reCAPTCHA in the simple contact form you created earlier, go to Add Fields in the form editor and click on the reCAPTCHA button.

click on the reCAPTCHA button

You’ll be notified that Google Invisible v2 reCAPTCHA has been enabled.

invisible enabled to stop contact form spam

Click OK to see the reCAPTCHA enabled badge on your form. Don’t forget to save it!

recaptcha enabled badge on form

Now you can add your contact form, complete with Google Invisible reCAPTCHA, to your website.

Step 4: Add Contact Form with reCAPTCHA to WordPress

WPForms lets you add your forms to many locations on your website, including your blog posts, pages, and even sidebar widgets.

Let’s take a look at the most common option of post/page embedding.

To start, create a new post or page in WordPress and then click on the Add WPForms icon inside of a block.

insert-wpforms-into-page-or-post

Next, select your form from the dropdown in the modal popup.

insert-contact-form-into-block

Then, publish your post or page so your reCAPTCHA-enabled form will appear on your website.

Now any time someone tries to submit a form on your website, Google will determine whether it’s a spambot trying to submit a fake form or not. Your users, however, will on see the Captcha-enabled badge and get to submit their form without having to do anything.

How to Enable Anti-spam Honeypot (Method #4)

There is a hidden way to secure your contact forms without using CAPTCHA of any kind in WPForms. This hidden tool is called a honeypot.

Basically, a spambot fills in a hidden field that valid users can’t see. This extra field of data verifies that the submitter is a spambot, not a user.

Is security a priority for you? Be sure to read our post on the greatest WordPress security plugins.

When the honeypot field is filled in, the form is rejected as spam. The spambot gets stuck and can’t submit the form.

Honeypots are great because they don’t bother users like a Captcha field and they’re a secure tool for stopping spam and spam bots.

Honeypot Spam Prevention

By default, this setting is enabled for all your forms, even if you use other anti-spam strategies such as Google reCAPTCHA or the Custom Captcha addon.

If you want to double check that it’s activated, you can go to Settings » General.

Then, near the bottom of the right-hand preview panel, you’ll see that the Enable anti-spam honeypot option is selected for you.

Honeypot Feature to stop contact form spam

In Conclusion

And there you have it! You now know how to successfully stop contact form spam on your WordPress site using Google Checkbox reCAPTCHA, Google Invisible reCAPTCHA, the WPForms Custom Captcha addon.

Do you need to stop user registration spam? You might also want to check out our guide on simple tricks to eliminate spam user registration.

So, what are you waiting for? Get started with the most powerful form WordPress plugin today.

And don’t forget, if you like this article, then please follow us on Facebook and Twitter.

Using WordPress and want to get WPForms for free?

Enter the URL to your WordPress website to install.

Comments

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.