3 ways to stop spammers from messing up your WP Contact forms

These is nothing as annoying as having your email inbox filled up with unnecessary form submissions from your own website.

But we know at the same time that we need those contact forms to connect us with our visitors. My contact page is one of my most visited pages by both human and bot visitors.

While I login to my business email everyday expecting a new business message from my blog, unlike before, I expect less of spam messages. This is because I have taken steps to say stop the bots that try to submit my contact form.

And in this post, I want to share with you 3 ways to keep your contact form spammers disappointed and unable to get to you.

Stop spammers with WPForms

Now, you are going to have to get the most widely used and recommended forms plugin for WordPress. WPForms of course is the solution you need to create any forms in WordPress from simple contact forms to donations forms, Billing/order forms, surveys and polls, suggestion forms, etc.

Go here for details and how to grab a copy of the plugin. For step-by-step instructions on installation and setup, click here.

[page_section template=’1′ position=’default’ padding_bottom=’on’ padding_top=’on’]

3 ways to stop spammers from your WP contact forms


Let’s now examine some of the ways to completely get rid of spams from your WordPress contact form. By spam, I mean when the form is submitted by bots. Sometimes, some individuals may want to get to you with completely off-topic content. That too may be considered spam but we are dealing with bots here.

1. Use a free service by Google called reCAPTCHA

If you’ve been online, interacting with website owners, there is no doubt you have come across a form that requires you to click on a reCAPTCHA element.

This is just a friendly technology that makes sure the form is not submitted by a bot. The idea is that since a bot can’t click a checkbox and/or resolve a simple logical task, if the reCAPTCHA enabled form is submitted without the valid input from the reCAPTCHA form field, that submission should be treated as being done by a bot (not human reader).

The first step of course is to create your contact form with WPForms. For step-by-step guide on how to create a form with WPForms, I recommend you check out this document

A simple contact form may look something like this:

Simple-Contact-Form wpforms

WPForms will allow you to play around with this form, adding as many form fields as possible including Credit Card fields, file upload fields, multiple select fields, checkboxes, radio buttons, etc.

The next thing is to enable v2 reCAPTCHA

Go to WPForms – > and click on the  reCAPTCHA tabs.

This will bring up the  reCAPTCHA settings options. Stop at this point for now.

Go to the reCAPTCHA page here on Google and click on Admin console button to generate some items you will use.

Sign in to your Google account. Once in, you will be redirected to a page where you can register your site for reCAPTCHA. But if you’ve registered a site before, you’ll simply see a page with the possibility to add more site.

If that’s your case, simply click the (+) plus sign (top right) to Register a new site:

recaptcha google free.png

Remember we are going with reCAPTCHA v2 so make sure you check that option and then the “I’m not a robot” checkbox on the page. Enter your domain name , accept the reCAPTCHA terms of service and click to submit.

On the next page, you’ll have your reCAPTCHA key and secret.

recaptcha key and secret

Copy these items to WPForms reCAPTCHA settings. Fill the form and click to save.

recaptcha in wpforms for wordpress

Time to create the contact form and apply the reCAPTCHA form field

Open the form in WPForms. This is going to be very simple. If you haven’t created the form yet, go to WPForms -> Add New

On the page that follows, click “Simple Contact Form“. Simply click the reCAPTCHA form field to enable it for this form:

wpforms recaptcha element

For more help on how to create a simple contact form, see this tutorial

Still on the form, go to Settings -> General tab:

enable reCAPTCHA wpforms

Check the button to Enable Google Checkbox v2 reCAPTCHA and remember to save the changes.

This is how your form will now look like on your contact page:

recaptcha activated on forms

2. Using WPForms Custom Captcha Addon

Here is another simple method to kick bots from your WordPress contact forms if you do not want to use Google reCAPTCHA.

WPForms has a powerful Captcha Addon. This allows you to define custom questions or use random math questions as CAPTCHA to stop bots from submitting your forms.

Given that you’ve created your contact form. go to go to WPForms » Addons and find the Custom Captcha Addon. Click Install Addon:

Open the contact form editor in WPForms for the form you want to secure.

On the Field tab, locate the Captcha (not reCAPTCHA) button and drag it to your form where you want the Captcha to appear:

adding captcha to form

The next step is simply to click on the Captcha element on your form. This will pull up the Captcha options. There are two types of Captchas to select from:

  1. Maths
  2. Question and answer

You can only use one of these options at a time. You will also be able to name the Captcha element:

captcha options

With the Math Captcha type, the mathematical task is randomly generated each time your form is loaded. However, the Question and Answer option allows you to create different questions and provide their answers. Each of them is randomly chosen when the form is displayed.

3. Build a Spam-Free Contact Form Without CAPTCHA

You may want to create a spam free contact form without using any CAPTCHA. From all stand points, CAPTCHAS give your site visitors extra amount of work, which may disrupt user experience and impact your form submission rates.

While some users may not have time to answer random questions on your forms, others may find it difficult answering math questions for several reasons.

There are two simple ways to create a spam-free contact form without CAPTCHA using WPForms.

a) Add an invisible reCAPTCHA to the form.

This is basically same process as adding reCAPTCHA as we’ve seen above. Follow the same procedure but select the  the Invisible reCAPTCHA option:

invisible recaptcha

You have to go as far as checking to enable Google invisible reCAPTCHA to on the form for it to be active.

Each time a user tries to submit the form, Google will determine whether it’s a spambot trying to submit the form or a human reader.

b) Build a Spam-Free Contact Form Without Anti-spam Honeypot

Honeypot is a hidden way to secure your contact forms without using CAPTCHAS. It’s great because like invisible reCAPTCHA, it doesn’t interfere with user experience.

A honeypot is actually a hidden empty field that should be submitted with the form. If this form is submitted with some data in the honeypot field, it will be treated as fake form submission.


Because the honeypot field must be submitted empty.

The way spambots function makes this easy. They will auto-fill all hidden fields in a form (including honeypot) with data that’s only useful to the spammer. By filling the honeypot field, it makes them vulnerable and easily caught.

By default, honeypot anti-spam is enabled for all forms created with WPForms even if you use any of the spam fighting methods I mentioned above.

To check this on any form, go to Settings » General.

enable spam fighter honeypot

Of course you can always un-check and disable this option for any reasons.

There we go…

Let me know what you think in the comment

Comments are closed.