RafflePress Logo
RafflePress announcement for review actions

New Update: Boost Social Proof with Reviews & Automation

Introducing RafflePress's new leave-a-review giveaway actions. Boost customer engagement and build trust effortlessly by incentivizing reviews in WordPress.
How to Stop Spam Form Submissions in WordPress

How to Stop Spam Form Submissions in WordPress

Written By: author avatar Stacey Corrin
author avatar Stacey Corrin
Stacey has been writing about WordPress and digital marketing for over 10 years and on other topics for much longer. Alongside this, she's fascinated with web design, user experience, and SEO.
     Reviewed By: reviewer avatar John Turner
reviewer avatar John Turner
John Turner is the co-founder of RafflePress. He has over 20+ years of business and development experience and his plugins have been downloaded over 25 million times.

Spam form submissions are one of the most frustrating problems I’ve had to deal with on WordPress sites. They flood your inbox with junk, waste your time, and make it harder to spot real messages from visitors.

If you’re tired of dealing with fake entries, bot spam, or unwanted messages through your contact forms, this guide will show you how to stop spam form submissions in WordPress using simple, proven methods.

I’ll walk you through how to protect your site using tools like reCAPTCHA, IP blocking, and email filters. These steps are easy to follow and work even if you’re not a tech expert.

TL;DR: How to Stop Spam Form Submissions in WordPress

What Is WordPress Form Spam?

WordPress form spam is irrelevant or inappropriate submissions generally generated by bots. They’re automated systems that flood your site and contact forms with spammy links, advertisements, and unsolicited content.

This can clutter your site and compromise your website’s user experience, speed, performance, and security. It may also lead to a drop in search engine rankings since a slow-loading site is an SEO ranking factor.

Why Does Your Site Attract Spam Form Submissions?

Spammers target websites for a variety of reasons. They might be trying to build backlinks, spread malware, or engage in phishing.

Complex bots or human spammers can easily get past basic captcha-based security. It’s frustrating, we know, but there are ways to make your site more robust against these form spam submissions.

How to Stop Spam Form Submissions

You don’t need to be a developer to protect your site from WordPress form spam. These simple strategies help you block spam bots, fake entries, and repeat offenders, without breaking your forms or hurting conversions.

Let’s dive in.

Step 1: Use an Anti-Spam Plugin to Block WordPress Form Spam

The fastest way to stop spam form submissions is with a reliable anti-spam plugin. These tools automatically detect and filter spam before it ever reaches your inbox.

So, how do you choose the right spam prevention plugin? 

  • Reputation: Make sure the plugin you choose has a proven track record. Check out its rating, the number of active installations, and user reviews.
  • Support: You might run into issues even with the best WordPress plugins. Make sure the plugin is well-supported. The developer should be responsive to support queries and solve any reported problems in timely updates.
  • Features: Look for plugins that provide comprehensive protection, including IP blocking, Google Recaptcha verification, and blocking options based on country/portfolio.
Akismet anti-spam plugin reviews on WordPress.org

Some popular and highly trusted plugins include Askimet, Titan Anti-Spam & Security, and Antispam Bee.

Step 2: Stop Spam Form Submissions in Giveaways with RafflePress

If you’re running contests or giveaways, spam entries can ruin your results. RafflePress, the best WordPress giveaway plugin, includes built-in tools like email verification and invisible reCAPTCHA to keep your giveaways fair and secure.

RafflePress WordPress giveaway plugin

When creating your giveaway, navigate to the Settings panel, and you can activate Recaptcha and invisible Recaptcha.

RafflePress recaptcha and invisible recaptcha to stop spam form submissions

Invisible Recaptcha doesn’t involve interactive puzzle-solving for the users. Instead, it uses an advanced risk analysis system to decide if it’s a human user or a bot. 

You can also require users to verify their email addresses when entering your giveaway. This is a great way to confirm their identity and that they’re actually human beings.

Verify email address in RafflePress to stop spam form submissions

Step 3: Enable Built-In Spam Protection for WordPress Forms

Most modern form plugins include spam protection settings you can enable in just a few clicks. These built-in options are a great way to block bots without needing extra plugins.

WPForms, the best WordPress form builder plugin, has this feature built-in.

wpforms homepage

It provides an added layer of protection against automated bots and malicious users who try to submit spam through contact form submissions. Previously, WPForms used a Honeypot field (a secret hidden field), but since spam bots are now smart enough to bypass it, they removed it and replaced it with the anti-spam token.

All you need to do is enable the feature in your form settings.

Enable spam protection in WPForms to stop spam form submissions

Behind the scenes, the plugin adds a secret token unique to each submission. Since spambots can’t detect the token, they get stuck and can’t submit the form.

Step 4: Add reCAPTCHA to Prevent Spam Form Submissions

reCAPTCHA is one of the most effective ways to block automated spam bots. It works by detecting user behavior and verifying that form submissions come from real people, not scripts or spammers.

We mentioned previously that RafflePress includes Recaptcha for giveaway form submissions. What you might not know is that many other WordPress plugins also offer this feature, including WPForms.

Instead of having just one Recaptcha method, they offer a choice of 3:

  • Checkbox reCAPTCHA v2: Visitors can hover their mouse cursor over a checkbox to submit your form. It’s called a ‘challenge’ and usually has the words ‘I am not a robot’ beside it.
  • Invisible reCAPTCHA v2: Instead of showing a checkbox, this method detects user activity to decide if they’re human. It’s a great way to prevent spam each time without showing a challenge (like a math question).
  • reCAPTCHA v3: This advanced CAPTCHA uses JavaScript to detect human visitors. It’s a great choice for AMP pages but can sometimes stop real visitors from submitting forms. We suggest using this option only if you’re an advanced user who can troubleshoot issues.
Different types of Recaptcha in WPForms

After choosing your Recaptcha method, adding your API keys, and going through the authentication process, you can add the Recaptcha field to your online form. The field validation will help control fake submissions.

Add the WPForms Recaptcha form field

When the form field is in place, you’ll see the Recaptcha badge in the form builder preview.

Recaptcha badge in WPForms builder

Some other popular WordPress plugins with Recaptcha features include:

Step 5: Filter Comment Spam with WordPress Moderation Settings

Spam doesn’t just target forms; it hits your blog comments too. WordPress includes built-in moderation settings that let you hold suspicious comments for review before they appear publicly.

To enable comment moderation, navigate to Settings » Discussion from your WordPress admin. One of the options you’ll see is ‘Comment Moderation.’

Use Comment Moderation in WordPress to stop spam form submissions

Here, you can specify the number of links or keywords that trigger comment moderation. For example, if you set the value to ‘2’, any comment with more than two links will be held for moderation.

Similarly, if you add specific words to the moderation list, comments containing those words will also be held for your review.

After, click the Save Changes button to apply the settings. From now on, any comment that meets the moderation criteria will be held for your approval before it appears on your website.

Step 6: Block IPs to Stop Repeat WordPress Spam Submissions

If the same spammer keeps coming back, you can block their IP address directly in WordPress. This stops form submissions and comments from that source without affecting the rest of your visitors.

But be cautious: blocking an IP should be your last resort, as it can potentially block legitimate users.

First, you’ll need to identify the IP addresses causing problems. You can find these in your server logs, where all IP addresses interacting with your site are recorded.

Once you have the offending addresses, add them to your comment disallow list. To find it, navigate to Settings » Discussion and scroll down to the Disallowed Comment Keys section.

Block IP addresses in WordPress to stop spam form submissions

Now paste the list of IPs, one per line, and click the Save Changes button. Anyone slipping past your Captcha will now be blocked.

Step 7: Block Spam Emails from Submitting Forms in WordPress

Some spam comes from real people using shady email addresses. With tools like WPForms, you can create an allowlist or denylist to control which email addresses can submit your forms.

To find this feature, head to your forms in the WordPress dashboard and edit a form.

Edit a form in WPForms

Next, click the email field and expand the Advanced Options heading.

WPForms email advanced panel

After expanding the menu, click the Allowlist / Denylist dropdown and select your desired option. For this example, we’ll choose the Denylist.

Choose the email denylist option

Type the email addresses you want to block in the box beneath the dropdown. You can type the full email or use an asterisk * to create a partial match.

Allowlist wildcard in WPForms

When you have the denylist set up, save the form.

Step 8: Limit Spam Form Entries by Country in WPForms

If your form spam is coming from specific regions, WPForms lets you restrict submissions by country. This can drastically reduce junk entries without blocking your real audience.

Simply edit your form, then toggle the Enable Country Filter option in the spam settings.

Enable country filtering WPForms

From there, you can restrict entries from specific countries or accept submissions only from selected countries.

FAQs About Form Spam

In addition to the tips above, here are some common questions that our readers ask us about form spam.

Why do people spam forms?

One reason why people spam forms is for promotion. They use spam forms to advertise their products or services, hoping to catch your eye and lead you to their websites.

Additionally, some use this tactic to collect your email address. Then, they can send you unwanted emails. At their worst, these spammers do it to cause trouble and disrupt your website.

What are the common signs of spam form submissions?

An unusual increase in form submissions is a clear sign of spam. Spam hints include random text, weird keywords, or jumbled sentences.

Spam bots also use many links back to their sites or products, so spotting a surplus of irrelevant links could be a warning that you’re dealing with spam.

Additionally, spam bots often use temporary emails. Look out for unusual or random strings of characters – they’re likely spam.

Can I track the source of spam form submissions?

Yes, you can track the source of spam form submissions on WordPress. One way to do this is by using WPForms. It provides a feature called Form Abandonment, which tracks the IP address of the user who started filling out the form but didn’t submit it. This can help you identify potential spam sources.

Furthermore, some WordPress security plugins offer features to track the source of spam. For example, Sucuri and Wordfence provide detailed logs and reports showing IP addresses and other relevant information about spam submissions.

Prevent WordPress Form Spam Today 

Securing your site from spam form submissions is an excellent way to protect your site’s credibility and protect user data. With the steps in this guide, you’ll create a robust wall against spam invaders.

Good luck, and here’s to a spam-free WordPress site!

You might also find the following tips and tutorials useful in maintaining your WordPress site:

If you liked this article, please subscribe to our YouTube Channel for RafflePress video tutorials. You can also find us on Twitter and Facebook.

author avatar
Stacey Corrin Writer
Stacey has been writing about WordPress and digital marketing for over 10 years and on other topics for much longer. Alongside this, she's fascinated with web design, user experience, and SEO.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.

Let's Connect

Join Our Newsletter

Subscribe to get Free WordPress Tips and Resources

We do not sell or share your information with anyone.

Copyright © 2024 SeedProd LLC. RafflePress® is a registered trademark of SeedProd LLC

WPBeginner Verified Badge