WPForms Blog

WordPress Tutorials, Tips, and Resources to Help Grow Your Business

Spam-Free WordPress Contact Forms

How to Build Spam-Free WordPress Contact Forms (The Ultimate Guide)

by Lindsay Liedke on Aug 13, 2018

Do you want to prevent getting spam form submissions? A lot of those spam submissions are automated with bots. However, with WPForms, and just a few steps, you can build spam-free WordPress contact forms.

In this article, we’ll show you how to add reCAPTCHA to your WordPress forms, how to use the WPForms Custom Captcha addon, and how to create a spam-free contact form without using CAPTCHA. We’ll also share a bonus strategy that works no matter which solution you use.

Here are some quick links for you so you can check out which type of spam-free form you want to create for your site:

How to Add reCAPTCHA to Your Contact Forms

Here we’re going to show you how to create a contact form that will have an interactive reCAPTCHA section for site visitors to click on proving that they’re human when they submit a form.

Why Use reCAPTCHA?
1. Block spamrecaptcha – By verifying that a human is submitting a form, all automated spam attempts are blocked.

2. Easy to use – Originally CAPTCHA was created to do two things at the same time: help machines translate non-digital books and fight spam. But, the jumbled text was difficult for users to answer correctly. Google has since improved their CAPTCHA tool, reCAPTCHA v2.0, to be much easier for users. Now instead of entering text, users can just put their mouse over the checkbox and the tool understands that this is not an automated spam bot. This is much easier for users to prove that they are not robots.

Now, let’s see how to add an interactive reCAPTCHA box to your contact forms.

Step 1: Create a Simple Contact Form in WordPress
The first thing you’ll need to do is install and activate the WPForms plugin. For more details, see this step by step guide on how to install a plugin in WordPress.

Next, you’ll need to create a WordPress contact form. For help with this step, check out our tutorial on how to create a simple contact form in WordPress.

Simple Contact Form

Step 2: Configure reCAPTCHA Settings
Next, you need to configure reCAPTCHA settings in WordPress.

To start, go to WPForms » Settings.. Then, click on the reCAPTCHA tab.

WPForms reCAPTCHA Settings

Choose v2 reCAPTCHA to add an interactive reCAPTCHA box to your contact form.

v2 reCAPTCHA

reCAPTCHA is a service provided by Google. It’s free, but requires a site key and secret key. You can easily generate those keys for your site by clicking on the v2 reCAPTCHA link.

Once on the site, click on Get reCAPTCHA to continue.

Google Get reCAPTCHA

Then, sign in to your Google account. After logging in, you’ll be redirected to a page where you can register your site for reCAPTCHA.

Enter the name of your website in the label field. This is for your own use, so that you can identify the website if you ever needed to get the keys again.

Then, choose the type of reCAPTCHA you want to add to your website. In this example, we’ll select reCAPTCHA v2.

Register a New Site for reCAPTCHA

After that you need to add your website’s domain, such as example.com.

To save your site, click the Register button.

Next, you’ll see a page with a site key and secret key for your website.

reCAPTCHA Keys

Copy your site and secret key, and switch back to the WPForms » Settings page. Paste your site and secret keys under the reCAPTCHA settings.

WPForms reCAPTCHA Keys

Click on the Save Settings button to store your changes.

Step 3: Add reCAPTCHA to Your Contact Form
Adding reCAPTCHA to your WordPress form is easy to do.

To enable reCAPTCHA in the simple contact form you created earlier, go to Settings » General in the form editor.

At the bottom, click Enable Google reCAPTCHA (v2).

Enable reCAPTCHA on WPForms

Lastly, click Save.

Now you can add your contact form, complete with Google reCAPTCHA, to your website.

Step 4: Add Contact Form with reCAPTCHA to WordPress
WPForms allows you to add your forms to many locations on your website, including your blog posts, pages, and even sidebar widgets.

Let’s take a look at the most common post/page embed option.

To start, create a new post or page in WordPress and then click on the Add Form button.

Next, select your contact form in the modal popup and click Add Form.

Add Form with reCAPTCHA

Then, publish your post or page so your contact form will appear on your website.

Final reCAPTCHA Form

How to Use the WPForms Custom Captcha Addon

If you don’t want to use Google reCAPTCHA v2, but know you want to add an interactive reCAPTCHA element to your website, you can always use our Custom Captcha Addon.

With this addon, you can define custom questions or use random math questions as CAPTCHA to fight spam form submissions.

Step 1: Create a Simple Contact Form in WordPress
The first thing you’ll need to do is install and activate the WPForms plugin. For more details, see this step by step guide on how to install a plugin in WordPress.

Next, go to WPForms » Addons and find the Custom Captcha Addon.

Install and activate the Custom Captcha Addon.

Custom Captcha Addon

Next, you’ll need to create a WordPress contact form. For help with this step, check out our tutorial on how to create a simple contact form in WordPress.

Simple Contact Form

Step 2: Add and Customize the Captcha Form Field
Once you’ve created a contact form, stay in the form builder to add your custom captcha form field.

WPForms Captcha Form Field

Just drag it from the left hand panel to the right hand panel to add it to your form. The form field will automatically display a random math question for site visitors to answer before they can submit their form on your site.

A new addition, subtraction, or multiplication problem will appear every time the page loads or refreshes.

For help customizing the Math Captcha, check out our documentation on how to change the Math Captcha.

Custom Captcha Math Example

To make changes to the form field, click on it.

Now you can change the label, type of captcha, and add a description.

Math Captcha Changes

If you prefer to use a custom question and answer instead of the Math Captcha, change the type of captcha to Question and Answer in the Field Options section.

Question and Answer Captcha

There, you can also change the question and answer that site visitors have to answer to submit their form on your site.

If you want to display random questions and answers every time your page loads or refreshes, click on the plus (+) button to add another question and answer.

Add Question and Answer

Click Save when you’ve customized your custom captcha.

You’re now ready to add your contact form to your website.

Step 3: Add Contact Form with Custom Captcha to WordPress

WPForms allows you to add your forms to many locations on your website, including your blog posts, pages, and even sidebar widgets.

Let’s take a look at the most common post/page embed option.

To start, create a new post or page in WordPress and then click on the Add Form button.

Next, select your contact form in the modal popup and click Add Form.

Add Custom Captcha Form

Then, publish your post or page so your contact form will appear on your website.

Final Custom Captcha Form

How to Build a Spam-Free Contact Form Without CAPTCHA

Here we’ll show you how to build a spam-free contact form in WordPress without reCAPTCHA so the user experience is never disrupted and filling out your forms is as easy as possible.

Why Not Use CAPTCHA?
To protect your site, you want to make it as easy as you can for your visitors to fill in your contact form, while making it as hard as possible for spambots to get through your security.

One of the most common ways to stop spambots is to use a form field that only a human could answer, called CAPTCHA.

CAPTCHA usually requires users to enter specific text into a box.

CAPTCHA Example

Though our Custom CAPTCHA Addon works a bit differently by creating a field that asks a user to solve a simple math problem or answer a question correctly, this can still be an extra step that frustrates the user and may decrease form submission rates.

user registration spam protection in WordPress with captcha

Users may not want to take the time to answer irrelevant questions. And, some users may have difficulty answering math questions or reading CAPTCHA text, especially if they have dyslexia or other disabilities.

Luckily, it’s easy to create a spam-free contact form without CAPTCHA using WPForms.

Step 1: Create a Simple Contact Form in WordPress
The first thing you’ll need to do is install and activate the WPForms plugin. For more details, see this step by step guide on how to install a plugin in WordPress.

Next, you’ll need to create a WordPress contact form. For help with this step, check out our tutorial on how to create a simple contact form in WordPress.

Simple Contact Form

Step 2: Configure reCAPTCHA Settings
Next, you need to configure reCAPTCHA settings within WordPress.

To start, go to WPForms » Settings.. Then, click on the reCAPTCHA tab.

WPForms reCAPTCHA Settings

Choose Invisible reCAPTCHA to add Invisible reCAPTCHA to your contact form.

Invisible reCAPTCHA

reCAPTCHA is a service provided by Google. It’s free, but requires a site key and secret key. You can easily generate those keys for your site by clicking on the Invisible reCAPTCHA link.

Once on the site, click on Get reCAPTCHA to continue.

Google Get reCAPTCHA

You’ll be asked to sign in with your Google account. After logging in, you’ll be redirected to a page where you can register your site for reCAPTCHA.

Enter the name of your website in the label field. This is for your own use, so that you can identify the website if you ever needed to get the keys again.

Then, choose the type of reCAPTCHA you want to add to your website. In this example, we’ll select Invisible reCAPTCHA.

Register a New Site for Invisible reCAPTCHA

After that you need to add your website’s domain, such as example.com.

To save your site, click the Register button.

Next, you’ll see a page with a site key and secret key for your website.

reCAPTCHA Keys

Copy your site and secret key, and switch back to WPForms » Settings page. Paste your site and secret keys under the reCAPTCHA settings.

WPForms Invisible reCAPTCHA Keys

Click on the Save Settings button to store your changes.

Step 3: Enable Invisible reCAPTCHA on Your Contact Form
To enable the Invisible reCAPTCHA on your contact form, go to Settings » General in the form editor.

Then, scroll down and click the Enable Google Invisible reCAPTCHA checkbox.

Enable Invisible reCAPTCHA on WPForms

Click Save.

Now any time someone tries to submit a form on your website, Google will determine whether it’s a spambot trying to submit a fake form or not. Your users, however, will never see anything related to captcha and will simply submit their form without any issue.

Added Bonus: How to Enable Anti-spam Honeypot

There is a hidden way to secure your contact forms without using CAPTCHA of any kind in WPForms. This hidden tool is called a honeypot.

Basically, a spambot fills in a hidden field that valid users can’t see. This extra field of data verifies that the submitter is a spambot, not a user.

When the honeypot field is filled in, the form is rejected as spam. The spambot gets stuck and can’t submit the form.

Honeypots are great because they don’t bother users like a CAPTCHA field and they are a secure tool for stopping spambots.

Honeypot Spam Prevention

By default, this setting is enabled for all your forms, even if you use other anti-spam strategies such as Google reCAPTCHA, the Custom Captcha addon, or Invisible CAPTCHA.

If you want to double check that it’s activated, you can go to Settings » General.

Then, near the bottom of the right-hand preview panel, you’ll see that the Enable anti-spam honeypot option is selected for you.

Honeypot Feature

And there you have it! You now know how to build spam-free WordPress contact forms using Google reCAPTCHA, Invisible reCAPTCHA, and our very own WPForms Custom Captcha addon. Plus, you know all about the anti-spam honeypot feature that all WPForms have.

Do you need to stop user registration spam? You might also want to check out our guide on simple tricks to eliminate spam user registration.

So, what are you waiting for? Get started with the most powerful WordPress forms plugin today.

And don’t forget, if you like this article, then please follow us on Facebook and Twitter.

Comments

  1. Thanks for reading this article – I hope you found it helpful.

    I wanted to let you know about our new WordPress survey plugin that allows you to build interactive polls and surveys within minutes. You also get best-in-class reporting, so you can make data-driven decisions.

    You can get it 100% free when you purchase WPForms Pro plan.

    Get Started with WPForms Today and see why over 1 million websites choose WPForms as their preferred online form builder.

    Syed Balkhi
    CEO of WPForms

    1. In most cases captchas aren’t needed as we include an anti-spam honeypot field by default, however in scenarios additional protection is required or helpful.

      In those situations we believe Google’s reCATPCHA is the best, though some users want more control over their captchas (Google offers basically none). This addon provides an alternate captcha method with more control.

  2. Thank you, helpful so far.

    What about Step 1: Client Side Integration

    and Step 2: Server Side Integration.

    Can you please explain if we need to do this copy/paste with the snipets, and if so, how?

    1. Hi Jason,

      We’ve got built-in integration with reCAPTCHA, so you don’t actually need to touch any code snippets at all to use it with our forms. As long as you grab the keys mentioned in this article, and then turn on reCAPTCHA for each specific form where you’d like it, you’ll be all set!

      I hope that helps 🙂

  3. I have a problem with reCAPTCHA, after i have inserted the data in the form and selected the reCAPTCHA, the form indicates that the box of the reCAPTCHA “This field is required” ?? Our web site: http://www.Makk.it

    1. Hi Michele,

      There are quite a few issues that can prevent Google’s reCAPTCHA from working properly, most of which have to do with theme issues or conflicts created by other plugins. It looks from your site’s source code like you may be using a plugin that pushes Javascript from various sources together — if you’re aware of a plugin like this, I’d recommend deactivating it, clearing any caches on your site and browser, and seeing if that does the trick.

      If that doesn’t work, please get in touch we can try to help you track down the issue 🙂

      1. Thanks Jess, problem solved. The plug-in that created problems was “WP deferred javaScript”.

    1. Hi Kat,

      I’m sorry to hear you ran into issues with this. When we see issues like what you’re describing, it’s usually because another plugin (or sometimes even the theme) is loading a duplicate set of reCAPTCHA code — which will break the captcha functionality and display an error like you described.

      The best way to check for a duplicate code source is to go through your plugins and look for anything that might have its own reCAPTCHA code loading, then to check theme settings to see if it could be coming from there.

      If you aren’t able to find where else reCAPTCHA might be loaded from, WPBeginner has a great tutorial on troubleshooting that would work well as an alternative.

      Or, if you’d prefer to avoid troubleshooting and go for a quick and simple solution, I’d suggest using WordPress Zero Spam. It doesn’t require any setup, isn’t visible in forms, and works really well.

      I hope that helps! If you have any questions, please get in touch 🙂

  4. Does WPForms support multiple forms with recaptchas on the same page? I just ran into an issue with Ninja Forms where only a single form on a page may contain a recaptcha.

    1. Hey Justin,

      Great question. Yes, WPForms does support multiple reCAPTCHAs on the same page. The caveat is they do need to all be reCAPTCHAs from WPForms. For example if you have a form on your contact page with a reCAPTCHA and a form in your sidebar with a reCAPTCHA, there will be no issues.

      Due to the way reCAPTCHA works, if you run multipe reCAPTCHAs on the same page with different sources, you’ll encounter a problem. For example, if one reCAPTCHA was generated by WPForms and another reCAPTCHA was generated by you theme, they will likely conflict.

      Hope that makes sense 🙂

    1. Hi Muhammad,

      This is mostly personal preference. Both types of reCAPTCHA use the same technology, but they look different on your site. Custom Captcha is a simpler setup, and doesn’t require that you have a Google account.

      In case it helps, personally my favorite of these three is Invisible reCAPTCHA, because it has all the tech behind reCAPTCHA without the big checkbox of v2 🙂

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.