3 ways to stop spammers from messing up your WP Contact forms
These is nothing as annoying as having your email inbox filled up with unnecessary form submissions from your own website.
But we know at the same time that we need those contact forms to connect us with our visitors. My contact page is one of my most visited pages by both human and bot visitors.
While I login to my business email everyday expecting a new business message from my blog, unlike before, I expect less of spam messages. This is because I have taken steps to say stop the bots that try to submit my contact form.
And in this post, I want to share with you 3 ways to keep your contact form spammers disappointed and unable to get to you.
Stop spammers with WPForms
Now, you are going to have to get the most widely used and recommended forms plugin for WordPress. WPForms of course is the solution you need to create any forms in WordPress from simple contact forms to donations forms, Billing/order forms, surveys and polls, suggestion forms, etc.
- Electronic Signatures : How to create a signature form in WordPress!
- 5 easy steps to create Billing/Order Forms in WordPress!
- How to Create Quick and Easy Conversational Forms in WordPress
- How to capture partial data from abandoned form in WordPress in 4 steps!
3 ways to stop spammers from your WP contact forms
Let’s now examine some of the ways to completely get rid of spams from your WordPress contact form. By spam, I mean when the form is submitted by bots. Sometimes, some individuals may want to get to you with completely off-topic content. That too may be considered spam but we are dealing with bots here.
1. Use a free service by Google called reCAPTCHA
If you’ve been online, interacting with website owners, there is no doubt you have come across a form that requires you to click on a reCAPTCHA element.
This is just a friendly technology that makes sure the form is not submitted by a bot. The idea is that since a bot can’t click a checkbox and/or resolve a simple logical task, if the reCAPTCHA enabled form is submitted without the valid input from the reCAPTCHA form field, that submission should be treated as being done by a bot (not human reader).
The first step of course is to create your contact form with WPForms. For step-by-step guide on how to create a form with WPForms, I recommend you check out this document
A simple contact form may look something like this:
WPForms will allow you to play around with this form, adding as many form fields as possible including Credit Card fields, file upload fields, multiple select fields, checkboxes, radio buttons, etc.
The next thing is to enable v2 reCAPTCHA
Go to WPForms – > and click on the reCAPTCHA tabs.
This will bring up the reCAPTCHA settings options. Stop at this point for now.
Go to the reCAPTCHA page here on Google and click on Admin console button to generate some items you will use.
Sign in to your Google account. Once in, you will be redirected to a page where you can register your site for reCAPTCHA. But if you’ve registered a site before, you’ll simply see a page with the possibility to add more site.
If that’s your case, simply click the (+) plus sign (top right) to Register a new site:
Remember we are going with reCAPTCHA v2 so make sure you check that option and then the “I’m not a robot” checkbox on the page. Enter your domain name , accept the reCAPTCHA terms of service and click to submit.
On the next page, you’ll have your reCAPTCHA key and secret.
Copy these items to WPForms reCAPTCHA settings. Fill the form and click to save.
Time to create the contact form and apply the reCAPTCHA form field
Open the form in WPForms. This is going to be very simple. If you haven’t created the form yet, go to WPForms -> Add New
On the page that follows, click “Simple Contact Form“. Simply click the reCAPTCHA form field to enable it for this form:
For more help on how to create a simple contact form, see this tutorial
Still on the form, go to Settings -> General tab:
Check the button to Enable Google Checkbox v2 reCAPTCHA and remember to save the changes.
This is how your form will now look like on your contact page:
2. Using WPForms Custom Captcha Addon
Here is another simple method to kick bots from your WordPress contact forms if you do not want to use Google reCAPTCHA.
WPForms has a powerful Captcha Addon. This allows you to define custom questions or use random math questions as CAPTCHA to stop bots from submitting your forms.
Given that you’ve created your contact form. go to go to WPForms » Addons and find the Custom Captcha Addon. Click Install Addon:
Open the contact form editor in WPForms for the form you want to secure.
On the Field tab, locate the Captcha (not reCAPTCHA) button and drag it to your form where you want the Captcha to appear:
The next step is simply to click on the Captcha element on your form. This will pull up the Captcha options. There are two types of Captchas to select from:
- Question and answer
You can only use one of these options at a time. You will also be able to name the Captcha element:
With the Math Captcha type, the mathematical task is randomly generated each time your form is loaded. However, the Question and Answer option allows you to create different questions and provide their answers. Each of them is randomly chosen when the form is displayed.
3. Build a Spam-Free Contact Form Without CAPTCHA
You may want to create a spam free contact form without using any CAPTCHA. From all stand points, CAPTCHAS give your site visitors extra amount of work, which may disrupt user experience and impact your form submission rates.
While some users may not have time to answer random questions on your forms, others may find it difficult answering math questions for several reasons.
There are two simple ways to create a spam-free contact form without CAPTCHA using WPForms.
a) Add an invisible reCAPTCHA to the form.
This is basically same process as adding reCAPTCHA as we’ve seen above. Follow the same procedure but select the the Invisible reCAPTCHA option:
You have to go as far as checking to enable Google invisible reCAPTCHA to on the form for it to be active.
Each time a user tries to submit the form, Google will determine whether it’s a spambot trying to submit the form or a human reader.
b) Build a Spam-Free Contact Form Without Anti-spam Honeypot
Honeypot is a hidden way to secure your contact forms without using CAPTCHAS. It’s great because like invisible reCAPTCHA, it doesn’t interfere with user experience.
A honeypot is actually a hidden empty field that should be submitted with the form. If this form is submitted with some data in the honeypot field, it will be treated as fake form submission.
Because the honeypot field must be submitted empty.
The way spambots function makes this easy. They will auto-fill all hidden fields in a form (including honeypot) with data that’s only useful to the spammer. By filling the honeypot field, it makes them vulnerable and easily caught.
By default, honeypot anti-spam is enabled for all forms created with WPForms even if you use any of the spam fighting methods I mentioned above.
To check this on any form, go to Settings » General.
Of course you can always un-check and disable this option for any reasons.
There we go…
Let me know what you think in the comment