There’s nothing more annoying than contact form spam bots burying your inbox in mountains of fake submissions. Here’s how to stop it—for good.
Spam bots are automated computer programs that submit incorrect information onto your contact or email signup form. They’re always looking for ways to assume control of your site, server, or email address so they can use it to send out spam emails. Even worse, they might pilfer your email list, so they have a new set of people to bug with their spammy messages.
Spamming is often an uphill battle because spammers and bots constantly change their methods. However, there are some steps you can take to reduce the amount of spam that gets through successfully.
Note: If you don’t want to bother with solutions, but are looking for someone to do it for you, view our WordPress Website Management Packages.
How to Directly Prevent Contact Form Spam
1. Enable a Honeypot
Honeypots are hidden contact fields that spammers are likely to fill in, but users never see. Spam bots will see these fields and try to submit them, revealing themselves as a bot. Best of all, when the bot fills out your form, that form submission will go straight to the trash instead of your inbox.
The best way to enable a honeypot is to use a contact form plugin with built-in honeypot functionality. For example, plugins like Contact Form 7 and Gravity Forms have honeypots.
2. Add reCAPTCHA
Another great way to protect your contact form from spam is to add a reCAPTCHA field. This is a simple checkbox that users must tick off for their contact form submission to go through. If it’s not checked, the contact form submission will automatically be thrown out, and nothing happens – no new client, user, or extra mail in your inbox.
There are two different types of reCAPTCHA available: visible and invisible.
The little boxes you see on websites to confirm that you’re not a robot are called reCAPTCHA. They could be better, but they’re much better than previous options and do an excellent job filtering spam.
They work by comparing the contact form submission against a database of known spam email addresses. The contact form submission is assumed to be spam and discarded if there’s a match.
Invisible reCAPTCHA works precisely the same way, but it replaces those visible contact forms with a tiny element that users never see. Like its visible counterpart, this invisible field successfully filters out all contact form submissions from bots.
3. Add a Conditional Submit Button
If the above two methods aren’t cutting, adding a single-line text field to your form which asks a simple question that only humans can answer will bypass any bot. A natural person should be able to answer the question correctly, whereas most bots won’t. If someone gets through your form at this point, you’ll know it’s a human.
Enable button conditional logic based on this question field in your form plugin settings. If the submitter doesn’t input the correct answer, the form can’t submit. The trick is to simplify the question so anyone can answer and then only let through forms with the correct answer.
Here are some examples:
- A dog has how many legs?
- Everyone who lives, _________
- USA is the acronym for __________
No single anti-spam method in the world can catch 100% of spam. Because of that, you can find hundreds of anti-spam techniques and services across the internet, some that work and others that don’t. For complete elimination, we recommend using all three methods simultaneously.
How to Indirectly Prevent Contact Form Spam
Choose a reputable WordPress website host
An essential step in preventing contact form spam is to choose a reputable WordPress website host.
Many hosting providers are notorious for being plagued by contact form spam, so you must look into your potential host’s reputation and track record before committing. Some things to look for include:
- A history of contact from spam issues and how the hosting provider has dealt with them
- Robust security features, including firewalls, malware protection, and data backups
- Fast loading speeds and reliable uptime guarantee to minimize the likelihood of contact form submissions getting lost or stuck in a queue for too long
The way to find out is by placing a simple Google search like, “Does GoDaddy have spam issues?” You might run into a community article posted in October 2021 titled, “Why does Godaddy have such a major problem with inbound/outbound spam?” It’s worth looking into.
By choosing a reputable host with solid security measures in place, you can rest assured that your contact forms will stay as spam-free as possible and that you’ll be able to collect all of the valuable contact information you need from your website visitors.
When you purchase a WordPress Website Management Package from Structure, we’ll evaluate your hosting and recommend switching to our preferred hosting partner with a good history. We’ll even help you make the switch!
Use a quality WordPress form plugin
Another critical component to preventing spam is using a high-quality WordPress contact form plugin. Because contact forms are so vulnerable to bot attacks, choosing a plugin with solid security measures and anti-spam features is essential.
Look for plugins that include:
- Email verification capabilities – these can prevent bots from submitting contact forms by requiring users to verify their email addresses before sending messages
- IP filtering or restriction options – these will help keep your contact form submissions from being intercepted by spammers who might be spoofing legitimate IP addresses to bypass security filters
- A built-in captcha feature – this will stop bots from accidentally submitting contact forms, either due to typing errors or simply not understanding the instructions on the form
With a quality contact form plugin and reliable hosting, you can rest assured that your contact forms will be protected from contact form spam. At Structure, we recommend using the Gravity Forms plugin to create and manage contact forms on your WordPress site.
Install a WordPress anti-spam plugin
The final step in preventing contact form spam is installing a WordPress anti-spam plugin. There are many different plugins available, each with different features and capabilities. Some popular plugins to consider include:
- Akismet – this plugin uses an intelligent system to filter out contact form spam based on keywords and patterns that indicate bot behavior
- WPForms AntiSpam – this plugin incorporates honeypot technology to fool bots into thinking contact forms are filled out by humans, thereby stopping the bots from submitting forms in the first place
With the right WordPress anti-spam plugin, you can keep contact form spam to a minimum and ensure that only legitimate contact form submissions are received. All our WordPress Management Packages include a free anti-spam plugin.
Common Questions About Contact Form Spam
What is contact form spam, and how can it affect my website?
Contact form spam refers to sending automated messages through contact forms on websites, often in an attempt to promote unrelated products or services. This can negatively impact your website by clogging up contact forms with unwanted submissions and potentially disrupting workflows, business processes, and other essential activities that rely on contact information from contact forms.
How can I prevent contact form spam from affecting my website?
You can use a few key strategies to prevent contact form spam from affecting your website. These include choosing a reputable hosting provider with robust security features, using a high-quality WordPress plugin for contact forms, and installing an anti-spam plugin to protect contact form submissions from bots. Additionally, you can stay up-to-date on contact form spam trends and best practices by consulting resources like online forums and blogs dedicated to website management.
What are some key considerations when choosing a contact form plugin that will help me prevent spam?
Some key considerations when choosing a contact form plugin include its ability to integrate with your existing website, whether or not it includes security features like anti-spam capabilities and its level of usability and accessibility for both you and your users.
Other important factors include the availability of support from the plugin’s developer and any built-in reporting tools that can help you monitor contact form activity over time. Overall, it’s essential to do thorough research to find a contact form plugin that meets all your needs and successfully protects your website from contact form spam.’
With these strategies, you can eliminate contact form spam from your WordPress website and maintain high security and productivity.
Can spam entries still get through all three spam-eliminating steps?
Unfortunately, yes. However, if you’re using all three spam-eliminating steps indicated in this article, you can be sure the contact form spam entries are from real humans.
Unless you want to eliminate humans from filling out your form, you’ll have to put up with a few annoying folks here and there.
Is there a way to eliminate humans from submitting spam entries?
Yes, there is! One way to protect your contact forms from human spam is to disable right-click functionality on your WordPress site.
Here’s how this works. Disabling right-click functionality can help hinder human spammers from copying and pasting their information into your forms. This will require them to manually enter the information or use keyboard shortcuts (not everyone knows keyboard shortcuts).
I’ve heard you can Block Traffic by IP Address. Is that possible?
Yes, it is possible to block contact form spam by IP address. However, it’s important to note that some IP blocking methods may inadvertently block legitimate traffic, so it’s essential to use this approach with caution.
If you want to block specific IPs, you can add them to the Comment Blacklist field on the Discussion settings page of your WordPress admin panel. Advanced site owners can do this through their web host, cPanel, or a security plugin such as Wordfence or Sucuri.
Cloudflare also offers several services that protect your site (and forms), such as IP Access Rules, allowing you to block entire countries easily. This is particularly helpful if you’re in the United States and you notice a flurry of spam entries coming from Russia or China, for example. They also provide solutions to mitigate DDoS attacks or stop malicious bot abuse.
Overall, many different approaches are available for effectively blocking contact from spam, one approach is by IP address, and each website owner must determine which strategy works best for their individual needs.
See Structure’s WordPress Website Management Packages if you’d like help with IP blocking or another method.
What WordPress plugins are available to prevent form spam entries?
Many WordPress plugins can help you prevent spam contact form entries. Some popular options include Akismet, Anti-Spam by CleanTalk, Really Simple Captcha, and Simple Cloudflare Turnstile. Additionally, numerous premium options are available if you’re looking for more robust features or support.
However, regardless of which plugins you choose, it’s important to regularly audit your contact forms, remove invalid entries, and respond quickly to any contact form submissions that look suspicious or potentially malicious. This will help keep your contact form spam-free and ensure the smooth operation of your website.
If you need additional support or guidance managing your contact forms, Schedule a Free Consult Call to review your website, suggest solutions based on your unique needs, and help you implement them quickly.