New Update: Boost Social Proof with Reviews & Automation
Introducing RafflePress's new leave-a-review giveaway actions. Boost customer engagement and build trust effortlessly by incentivizing reviews in WordPress.
New Update: Boost Social Proof with Reviews & Automation
Stacey Corrin
Stacey Corrin
John Turner
John Turner
Spam form submissions are one of the most frustrating problems I’ve had to deal with on WordPress sites. They flood your inbox with junk, waste your time, and make it harder to spot real messages from visitors.
If you’re tired of dealing with fake entries, bot spam, or unwanted messages through your contact forms, this guide will show you how to stop spam form submissions in WordPress using simple, proven methods.
I’ll walk you through how to protect your site using tools like reCAPTCHA, IP blocking, and email filters. These steps are easy to follow and work even if you’re not a tech expert.
TL;DR: How to Stop Spam Form Submissions in WordPress
WordPress form spam is irrelevant or inappropriate submissions generally generated by bots. They’re automated systems that flood your site and contact forms with spammy links, advertisements, and unsolicited content.
This can clutter your site and compromise your website’s user experience, speed, performance, and security. It may also lead to a drop in search engine rankings since a slow-loading site is an SEO ranking factor.
Spammers target websites for a variety of reasons. They might be trying to build backlinks, spread malware, or engage in phishing.
Complex bots or human spammers can easily get past basic captcha-based security. It’s frustrating, we know, but there are ways to make your site more robust against these form spam submissions.
You don’t need to be a developer to protect your site from WordPress form spam. These simple strategies help you block spam bots, fake entries, and repeat offenders, without breaking your forms or hurting conversions.
Let’s dive in.
The fastest way to stop spam form submissions is with a reliable anti-spam plugin. These tools automatically detect and filter spam before it ever reaches your inbox.
So, how do you choose the right spam prevention plugin?
Some popular and highly trusted plugins include Askimet, Titan Anti-Spam & Security, and Antispam Bee.
If you’re running contests or giveaways, spam entries can ruin your results. RafflePress, the best WordPress giveaway plugin, includes built-in tools like email verification and invisible reCAPTCHA to keep your giveaways fair and secure.
When creating your giveaway, navigate to the Settings panel, and you can activate Recaptcha and invisible Recaptcha.
Invisible Recaptcha doesn’t involve interactive puzzle-solving for the users. Instead, it uses an advanced risk analysis system to decide if it’s a human user or a bot.
You can also require users to verify their email addresses when entering your giveaway. This is a great way to confirm their identity and that they’re actually human beings.
Most modern form plugins include spam protection settings you can enable in just a few clicks. These built-in options are a great way to block bots without needing extra plugins.
WPForms, the best WordPress form builder plugin, has this feature built-in.
It provides an added layer of protection against automated bots and malicious users who try to submit spam through contact form submissions. Previously, WPForms used a Honeypot field (a secret hidden field), but since spam bots are now smart enough to bypass it, they removed it and replaced it with the anti-spam token.
All you need to do is enable the feature in your form settings.
Behind the scenes, the plugin adds a secret token unique to each submission. Since spambots can’t detect the token, they get stuck and can’t submit the form.
reCAPTCHA is one of the most effective ways to block automated spam bots. It works by detecting user behavior and verifying that form submissions come from real people, not scripts or spammers.
We mentioned previously that RafflePress includes Recaptcha for giveaway form submissions. What you might not know is that many other WordPress plugins also offer this feature, including WPForms.
Instead of having just one Recaptcha method, they offer a choice of 3:
After choosing your Recaptcha method, adding your API keys, and going through the authentication process, you can add the Recaptcha field to your online form. The field validation will help control fake submissions.
When the form field is in place, you’ll see the Recaptcha badge in the form builder preview.
Some other popular WordPress plugins with Recaptcha features include:
Spam doesn’t just target forms; it hits your blog comments too. WordPress includes built-in moderation settings that let you hold suspicious comments for review before they appear publicly.
To enable comment moderation, navigate to Settings » Discussion from your WordPress admin. One of the options you’ll see is ‘Comment Moderation.’
Here, you can specify the number of links or keywords that trigger comment moderation. For example, if you set the value to ‘2’, any comment with more than two links will be held for moderation.
Similarly, if you add specific words to the moderation list, comments containing those words will also be held for your review.
After, click the Save Changes button to apply the settings. From now on, any comment that meets the moderation criteria will be held for your approval before it appears on your website.
If the same spammer keeps coming back, you can block their IP address directly in WordPress. This stops form submissions and comments from that source without affecting the rest of your visitors.
But be cautious: blocking an IP should be your last resort, as it can potentially block legitimate users.
First, you’ll need to identify the IP addresses causing problems. You can find these in your server logs, where all IP addresses interacting with your site are recorded.
Once you have the offending addresses, add them to your comment disallow list. To find it, navigate to Settings » Discussion and scroll down to the Disallowed Comment Keys section.
Now paste the list of IPs, one per line, and click the Save Changes button. Anyone slipping past your Captcha will now be blocked.
Some spam comes from real people using shady email addresses. With tools like WPForms, you can create an allowlist or denylist to control which email addresses can submit your forms.
To find this feature, head to your forms in the WordPress dashboard and edit a form.
Next, click the email field and expand the Advanced Options heading.
After expanding the menu, click the Allowlist / Denylist dropdown and select your desired option. For this example, we’ll choose the Denylist.
Type the email addresses you want to block in the box beneath the dropdown. You can type the full email or use an asterisk * to create a partial match.
When you have the denylist set up, save the form.
If your form spam is coming from specific regions, WPForms lets you restrict submissions by country. This can drastically reduce junk entries without blocking your real audience.
Simply edit your form, then toggle the Enable Country Filter option in the spam settings.
From there, you can restrict entries from specific countries or accept submissions only from selected countries.
In addition to the tips above, here are some common questions that our readers ask us about form spam.
One reason why people spam forms is for promotion. They use spam forms to advertise their products or services, hoping to catch your eye and lead you to their websites.
Additionally, some use this tactic to collect your email address. Then, they can send you unwanted emails. At their worst, these spammers do it to cause trouble and disrupt your website.
An unusual increase in form submissions is a clear sign of spam. Spam hints include random text, weird keywords, or jumbled sentences.
Spam bots also use many links back to their sites or products, so spotting a surplus of irrelevant links could be a warning that you’re dealing with spam.
Additionally, spam bots often use temporary emails. Look out for unusual or random strings of characters – they’re likely spam.
Yes, you can track the source of spam form submissions on WordPress. One way to do this is by using WPForms. It provides a feature called Form Abandonment, which tracks the IP address of the user who started filling out the form but didn’t submit it. This can help you identify potential spam sources.
Furthermore, some WordPress security plugins offer features to track the source of spam. For example, Sucuri and Wordfence provide detailed logs and reports showing IP addresses and other relevant information about spam submissions.
Securing your site from spam form submissions is an excellent way to protect your site’s credibility and protect user data. With the steps in this guide, you’ll create a robust wall against spam invaders.
Good luck, and here’s to a spam-free WordPress site!
You might also find the following tips and tutorials useful in maintaining your WordPress site:
If you liked this article, please subscribe to our YouTube Channel for RafflePress video tutorials. You can also find us on Twitter and Facebook.
Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.
Copyright © 2024 SeedProd LLC. RafflePress® is a registered trademark of SeedProd LLC
