Spam-Free WordPress Contact Forms

How to Build Spam-Free WordPress Contact Forms (The Ultimate Guide)

Do you want to prevent getting spam form submissions?

A lot of those spam submissions are automated with bots. However, with WPForms, and just a few steps, you can build spam-free WordPress contact forms. That way, you can improve the quality of your lead generation.

In this article, we’ll show you how to add reCAPTCHA to your WordPress forms, how to use the WPForms Custom Captcha addon, and how to create a spam-free contact form without using CAPTCHA. We’ll also share a bonus strategy that works no matter which solution you use.

Here are some quick links for you so you can check out which type of spam-free form you want to create for your site:

How to Add reCAPTCHA to Your Contact Forms

Here we’re going to show you how to create a contact form that will have an interactive reCAPTCHA. This reCAPTCHA section is for site visitors to click on to prove they’re human when they submit a form.

Why Use reCAPTCHA?
1. Block spamrecaptcha – By verifying that a human is submitting a form, all automated spam attempts are blocked.

2. Easy to use – Originally CAPTCHA was created to do two things at the same time: help machines translate non-digital books and fight spam. But, the jumbled text was difficult for users to answer correctly. Google has since improved their CAPTCHA tool, with reCAPTCHA v2 to be much easier for users. Now instead of entering text, users can just put their mouse over the checkbox and the tool understands that this is not an automated spam bot. This is much easier for users to prove that they are not robots.

In the fall of 2018, Google released something called reCAPTCHA v3, which uses a behind-the-scenes scoring system to help you detect abusive traffic all over your website without asking users to do anything. reCAPTCHA v2 has two options, interactive checkboxes and invisible reCAPTCHA. This guide will focus on adding reCAPTCHA v2’s interactive checkboxes or invisible reCAPTCHA to your WordPress forms.

How to Add a reCAPTCHA Checkbox to Your Forms

Now, let’s see how to add an interactive reCAPTCHA checkbox to your contact forms.

Step 1: Create a Simple Contact Form in WordPress

The first thing you’ll need to do is install and activate the WPForms plugin. For more details, see this step by step guide on how to install a plugin in WordPress.

Next, you’ll need to create a WordPress contact form. For help with this step, check out our tutorial on how to create a simple contact form in WordPress.

Simple Contact Form

Step 2: Configure reCAPTCHA Settings

Next, you need to configure reCAPTCHA settings in WordPress.

To start, go to WPForms » Settings. Then, click on the reCAPTCHA tab.

wpforms-recaptcha-settings-tab

Choose v2 reCAPTCHA to add an interactive reCAPTCHA box to your contact form.

select-checkbox-recaptcha-setup

reCAPTCHA is a service provided by Google. It’s free, but requires a site key and secret key. You can easily generate those keys for your site by visiting Google’s reCAPTCHA setup page.

Once you’re on this setup page, click on the Admin console button in the top right corner.

Click admin console button on Google reCAPTCHA page

Then, sign in to your Google account.

After logging in, you’ll be redirected to a page where you can register your site for reCAPTCHA.

If you’ve already registered a website for Google reCAPTCHA in the past, you’ll see a different screen. In that case, just click on the plus sign to Register a new site.

recaptcha-admin-console-add-new

Enter the name of your website in the label field. This is for your own use, so that you can identify the website if you ever needed to get the keys again.

register-new-site-for-recaptcha

Then, choose the type of reCAPTCHA you want to add to your website. In this example, we’ll select reCAPTCHA v2 and then the “I’m not a robot” Checkbox.

how-to-setup-recaptcha-on-wordpress-forms

After that you need to add your website’s domain, such as example.com.

To save your site, click the Submit button.

enter-domain-in-recaptcha-setup

Next, you’ll see a page with a site key and secret key for your website.

recaptcha-keys

Copy your site and secret key, and switch back to the WPForms » Settings page. Paste your site and secret keys under the reCAPTCHA settings.

Click on the Save Settings button to store your changes.

checkbox-setup-captcha

Step 3: Add reCAPTCHA to Your Contact Form

Adding reCAPTCHA to your WordPress form is easy to do.

To enable reCAPTCHA in the simple contact form you created earlier, go to Settings » General in the form editor.

At the bottom, check the box next to Enable Google Checkbox v2 reCAPTCHA.

enable-recaptcha-on-wpforms

Lastly, click Save.

Now you can add your contact form, complete with Google reCAPTCHA, to your website.

Step 4: Add Contact Form with reCAPTCHA to WordPress

WPForms allows you to add your forms to many locations on your website, including your blog posts, pages, and even sidebar widgets.

Let’s take a look at the most common post/page embed option.

To start, create a new post or page in WordPress and then click on the Add WPForms icon inside of a block.

insert-wpforms-into-page-or-post

Next, select your form from the dropdown in the modal popup.

insert-contact-form-into-block

Then, publish your post or page so your form will appear on your website.

recaptcha-in-form

How to Use the WPForms Custom Captcha Addon

If you don’t want to use Google reCAPTCHA, but know you want to add an interactive reCAPTCHA element to your website, you can always use our Custom Captcha Addon.

With this addon, you can define custom questions or use random math questions as CAPTCHA to fight spam form submissions.

Step 1: Create a Simple Contact Form in WordPress
The first thing you’ll need to do is install and activate the WPForms plugin. For more details, see this step by step guide on how to install a plugin in WordPress.

Next, go to WPForms » Addons and find the Custom Captcha Addon.

Install and activate the Custom Captcha Addon.

Custom Captcha Addon

Next, you’ll need to create a WordPress contact form. For help with this step, check out our tutorial on how to create a simple contact form in WordPress.

Simple Contact Form

Step 2: Add and Customize the Captcha Form Field

Once you’ve created a contact form, stay in the form builder to add your custom captcha form field.

WPForms Captcha Form Field

Just drag it from the left hand panel to the right hand panel to add it to your form. The form field will automatically display a random math question for site visitors to answer before they can submit their form on your site.

A new addition, subtraction, or multiplication problem will appear every time the page loads or refreshes.

For help customizing the Math Captcha, check out our documentation on how to change the Math Captcha.

Custom Captcha Math Example

To make changes to the form field, click on it.

Now you can change the label, type of captcha, and add a description.

Math Captcha Changes

If you prefer to use a custom question and answer instead of the Math Captcha, change the type of captcha to Question and Answer in the Field Options section.

Question and Answer Captcha

There, you can also change the question and answer that site visitors have to answer to submit their form on your site.

If you want to display random questions and answers every time your page loads or refreshes, click on the plus (+) button to add another question and answer.

Add Question and Answer

Click Save when you’ve customized your custom captcha.

You’re now ready to add your contact form to your website.

Step 3: Add Contact Form with Custom Captcha to WordPress

WPForms allows you to add your forms to many locations on your website, including your blog posts, pages, and even sidebar widgets.

Let’s take a look at the most common post/page embed option.

To start, create a new post or page in WordPress and then click on the Add WPForms icon inside of a block.

insert-wpforms-into-page-or-post

Next, select your form from the dropdown in the modal popup.

add-custom-captcha

Then, publish your post or page so your contact form will appear on your website.

Final Custom Captcha Form

How to Build a Spam-Free Contact Form Without CAPTCHA

Here we’ll show you how to build a spam-free contact form in WordPress without CAPTCHA so the user experience is never disrupted and filling out your forms is as easy as possible.

Why Not Use CAPTCHA?

To protect your site, you want to make it as easy as you can for your visitors to fill in your contact form, while making it as hard as possible for spambots to get through your security.

One of the most common ways to stop spambots is to use a form field that only a human could answer, called CAPTCHA.

CAPTCHA usually requires users to enter specific text into a box.

CAPTCHA Example

Though our Custom CAPTCHA Addon works a bit differently by creating a field that asks a user to solve a simple math problem or answer a question correctly, this can still be an extra step that frustrates the user and may decrease form submission rates.

user registration spam protection in WordPress with captcha

Users may not want to take the time to answer irrelevant questions. And, some users may have difficulty answering math questions or reading CAPTCHA text, especially if they have dyslexia or other disabilities.

Luckily, it’s easy to create a spam-free contact form without CAPTCHA using WPForms.

How to Add an Invisible Recaptcha Checkbox to Your Forms

Now, let’s see how to add an interactive reCAPTCHA box to your contact forms.

Step 1: Create a Simple Contact Form in WordPress
The first thing you’ll need to do is install and activate the WPForms plugin. For more details, see this step by step guide on how to install a plugin in WordPress.

Next, you’ll need to create a WordPress contact form. For help with this step, check out our tutorial on how to create a simple contact form in WordPress.

Simple Contact Form

Step 2: Configure reCAPTCHA Settings

Next, you need to configure reCAPTCHA settings within WordPress.

To start, go to WPForms » Settings. Then, click on the reCAPTCHA tab.

wpforms-recaptcha-settings-invisible

Choose Invisible reCAPTCHA to add Invisible reCAPTCHA to your contact form.

select-invisible-recaptcha

reCAPTCHA is a service provided by Google. It’s free, but requires a site key and secret key. You can easily generate those keys for your site by visiting Google’s reCAPTCHA setup page.

Once on the site, click on the Admin console button in the top right corner to continue.

Click admin console button on Google reCAPTCHA page

You’ll be asked to sign in with your Google account. After logging in, you’ll be redirected to a page where you can register your site for reCAPTCHA.

If you’ve already registered a website for Google reCAPTCHA in the past, you’ll see a different screen. In that case, just click on the plus sign to Register a new site.

recaptcha-admin-console-add-new

Enter the name of your website in the label field. This is for your own use, so that you can identify the website if you ever needed to get the keys again.

register-new-site-for-recaptcha

Then, choose the type of reCAPTCHA you want to add to your website. In this example, we’ll select Invisible reCAPTCHA badge.

invisible-recaptcha-setup

After that you need to add your website’s domain, such as example.com.

To save your site, click the Submit button.

enter-domain-in-recaptcha-setup

Next, you’ll see a page with a site key and secret key for your website.

recaptcha-keys

Copy your site and secret key, and switch back to the WPForms » Settings page. Make sure Invisible reCAPTCHA v2 is selected for Type.Paste your site and secret keys under the reCAPTCHA settings.

Click on the Save Settings button to store your changes.

recaptcha-setup-invisible

Step 3: Enable Invisible reCAPTCHA on Your Contact Form

To enable the Invisible reCAPTCHA on your contact form, go to Settings » General in the form editor.

Then, scroll down and click the Enable Google Invisible reCAPTCHA checkbox.

invisible-recaptcha-setup-wpforms

Click Save.

Now any time someone tries to submit a form on your website, Google will determine whether it’s a spambot trying to submit a fake form or not. Your users, however, will never see anything related to captcha and will simply submit their form without any issue.

Added Bonus: How to Enable Anti-spam Honeypot

There is a hidden way to secure your contact forms without using CAPTCHA of any kind in WPForms. This hidden tool is called a honeypot.

Basically, a spambot fills in a hidden field that valid users can’t see. This extra field of data verifies that the submitter is a spambot, not a user.

When the honeypot field is filled in, the form is rejected as spam. The spambot gets stuck and can’t submit the form.

Honeypots are great because they don’t bother users like a CAPTCHA field and they are a secure tool for stopping spambots.

Honeypot Spam Prevention

By default, this setting is enabled for all your forms, even if you use other anti-spam strategies such as Google reCAPTCHA, the Custom Captcha addon, or Invisible CAPTCHA.

If you want to double check that it’s activated, you can go to Settings » General.

Then, near the bottom of the right-hand preview panel, you’ll see that the Enable anti-spam honeypot option is selected for you.

Honeypot Feature

And there you have it! You now know how to build spam-free WordPress contact forms using Google Checkbox reCAPTCHA, Invisible reCAPTCHA, and our very own WPForms Custom Captcha addon. Plus, you know all about the anti-spam honeypot feature that all WPForms have.

Do you need to stop user registration spam? You might also want to check out our guide on simple tricks to eliminate spam user registration.

So, what are you waiting for? Get started with the most powerful WordPress forms plugin today.

And don’t forget, if you like this article, then please follow us on Facebook and Twitter.

Comments

  1. Thanks for reading this article – I hope you found it helpful.

    I wanted to let you know about our new WordPress survey plugin that allows you to build interactive polls and surveys within minutes. You also get best-in-class reporting, so you can make data-driven decisions.

    You can get it 100% free when you purchase WPForms Pro plan.

    Get Started with WPForms Today and see why over 1 million websites choose WPForms as their preferred online form builder.

    Syed Balkhi
    CEO of WPForms

    1. In most cases captchas aren’t needed as we include an anti-spam honeypot field by default, however in scenarios additional protection is required or helpful.

      In those situations we believe Google’s reCATPCHA is the best, though some users want more control over their captchas (Google offers basically none). This addon provides an alternate captcha method with more control.

  2. Thank you, helpful so far.

    What about Step 1: Client Side Integration

    and Step 2: Server Side Integration.

    Can you please explain if we need to do this copy/paste with the snipets, and if so, how?

    1. Hi Jason,

      We’ve got built-in integration with reCAPTCHA, so you don’t actually need to touch any code snippets at all to use it with our forms. As long as you grab the keys mentioned in this article, and then turn on reCAPTCHA for each specific form where you’d like it, you’ll be all set!

      I hope that helps 🙂

  3. I have a problem with reCAPTCHA, after i have inserted the data in the form and selected the reCAPTCHA, the form indicates that the box of the reCAPTCHA “This field is required” ?? Our web site: http://www.Makk.it

    1. Hi Michele,

      There are quite a few issues that can prevent Google’s reCAPTCHA from working properly, most of which have to do with theme issues or conflicts created by other plugins. It looks from your site’s source code like you may be using a plugin that pushes Javascript from various sources together — if you’re aware of a plugin like this, I’d recommend deactivating it, clearing any caches on your site and browser, and seeing if that does the trick.

      If that doesn’t work, please get in touch we can try to help you track down the issue 🙂

      1. Thanks Jess, problem solved. The plug-in that created problems was “WP deferred javaScript”.

    1. Hi Kat,

      I’m sorry to hear you ran into issues with this. When we see issues like what you’re describing, it’s usually because another plugin (or sometimes even the theme) is loading a duplicate set of reCAPTCHA code — which will break the captcha functionality and display an error like you described.

      The best way to check for a duplicate code source is to go through your plugins and look for anything that might have its own reCAPTCHA code loading, then to check theme settings to see if it could be coming from there.

      If you aren’t able to find where else reCAPTCHA might be loaded from, WPBeginner has a great tutorial on troubleshooting that would work well as an alternative.

      Or, if you’d prefer to avoid troubleshooting and go for a quick and simple solution, I’d suggest using WordPress Zero Spam. It doesn’t require any setup, isn’t visible in forms, and works really well.

      I hope that helps! If you have any questions, please get in touch 🙂

  4. Does WPForms support multiple forms with recaptchas on the same page? I just ran into an issue with Ninja Forms where only a single form on a page may contain a recaptcha.

    1. Hey Justin,

      Great question. Yes, WPForms does support multiple reCAPTCHAs on the same page. The caveat is they do need to all be reCAPTCHAs from WPForms. For example if you have a form on your contact page with a reCAPTCHA and a form in your sidebar with a reCAPTCHA, there will be no issues.

      Due to the way reCAPTCHA works, if you run multipe reCAPTCHAs on the same page with different sources, you’ll encounter a problem. For example, if one reCAPTCHA was generated by WPForms and another reCAPTCHA was generated by you theme, they will likely conflict.

      Hope that makes sense 🙂

    1. Hi Muhammad,

      This is mostly personal preference. Both types of reCAPTCHA use the same technology, but they look different on your site. Custom Captcha is a simpler setup, and doesn’t require that you have a Google account.

      In case it helps, personally my favorite of these three is Invisible reCAPTCHA, because it has all the tech behind reCAPTCHA without the big checkbox of v2 🙂

  5. Thank you, helpful so far.

    What about Step 1: Client Side Integration

    and Step 2: Server Side Integration.

    Can you please explain if we need to do this copy/paste with the snipets, and if so, how?

    1. Hi Digital Upendra,

      WPForms has built-in integration with reCAPTCHA, so you don’t actually need to work with any code snippets to use it with our forms. As long as you grab the keys mentioned in this article, and then turn on reCAPTCHA for each specific form where you’d like it, you’ll be all set!

      I hope this helps! 🙂

  6. Hi, thank you for this article. I was wondering however, whether any of these spam prevention techniques are friendly for people with disabilities? For example, are they accessible for those using screen readers?
    I understand that CAPTCHA has previously received criticism in this regard, and I was wondering if you know of any (or the best) way to avoid spam form submissions, while maintaining site accessibility? Thank you

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our privacy policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.