RafflePress Logo
RafflePress announcement for review actions

New Update: Boost Social Proof with Reviews & Automation

Introducing RafflePress's new leave-a-review giveaway actions. Boost customer engagement and build trust effortlessly by incentivizing reviews in WordPress.
How to Stop Spam Form Submissions in WordPress

How to Stop Spam Form Submissions in WordPress

Written By: author image Stacey Corrin
author image Stacey Corrin
Stacey has been writing about WordPress and digital marketing for over 10 years and on other topics for much longer. Alongside this, she's fascinated with web design, user experience, and SEO.
     Reviewed By: John Turner
reviewer image John Turner
John Turner is the co-founder of RafflePress. He has over 20+ years of business and development experience and his plugins have been downloaded over 25 million times.

If you’re a WordPress user, you’re likely aware of how frustrating spam form submissions are. They clutter your inbox, waste your time, pose security risks, and can interfere with conversions.

So, how can you rid yourself of this inconvenience? Fortunately, WordPress offers several ways to prevent and stop these unwanted intrusions.

In this article, we’ll guide you through simple, straightforward steps to secure your form submissions and keep spammers at bay. 

What Is WordPress Form Spam?

WordPress form spam is irrelevant or inappropriate submissions generally generated by bots. They’re automated systems that flood your site and contact forms with spammy links, advertisements, and unsolicited content.

This can clutter your site and compromise your website’s user experience, speed, performance, and security. It may also lead to a drop in search engine rankings since a slow-loading site is an SEO ranking factor.

Why Does Your Site Attract Spam Form Submissions?

Spammers target websites for a variety of reasons. They might be trying to build backlinks, spread malware, or engage in phishing.

Complex bots or human spammers can easily get past basic captcha-based security. It’s frustrating, we know, but there are ways to make your site more robust against these form spam submissions.

How to Stop Spam Form Submissions

Dealing with spam can be challenging, but don’t worry, you’re not alone. We’re here to guide you through some simple steps to prevent and stop spam form submissions.

Let’s dive in.

1. Install a Reliable Anti-Spam Plugin

Having the right tools at your disposal is the first and the most vital step in the battle against spam. Countless plugins are available, making them your first line of defense.

So, how do you choose the right spam prevention plugin? 

  • Reputation: Make sure the plugin you choose has a proven track record. Check out its rating, the number of active installations, and user reviews.
  • Support: You might run into issues even with the best WordPress plugins. Make sure the plugin is well-supported. The developer should be responsive to support queries and solve any reported problems in timely updates.
  • Features: Look for plugins that provide comprehensive protection, including IP blocking, Google Recaptcha verification, and blocking options based on country/portfolio.
Akismet anti-spam plugin reviews on WordPress.org

Some popular and highly trusted plugins include Askimet, Titan Anti-Spam & Security, and Antispam Bee.

2. Activate Fraud Protection for Giveaway Forms

Imagine someone entering a contest multiple times with fake information; wouldn’t that dilute the spirit of the game? It’s a common trick manual spammers use, and you don’t have to be the victim of this type of spam.

Implementing a simple and effective fraud protection method for your giveaway forms can help you fight back. So, how do you do this?

RafflePress WordPress giveaway plugin

Luckily, RafflePress, the best WordPress giveaway plugin, comes with built-in fraud protection and anti-spam features.

When creating your giveaway, navigate to the Settings panel, and you can activate Recaptcha and invisible Recaptcha.

RafflePress recaptcha and invisible recaptcha to stop spam form submissions

Invisible Recaptcha doesn’t involve interactive puzzle-solving for the users. Instead, it uses an advanced risk analysis system to decide if it’s a human user or a bot. 

You can also require users to verify their email addresses when entering your giveaway. This is a great way to confirm their identity and that they’re actually human beings.

Verify email address in RafflePress to stop spam form submissions

3. Enable Spam Protection in WordPress Forms

Another easy way to prevent spam form submissions is to enable spam protection in your web form plugin. WPForms, the best WordPress form builder plugin, has this feature built-in.

wpforms homepage

It provides an added layer of protection against automated bots and malicious users who try to submit spam through contact form submissions. Previously, WPForms used a Honeypot field (a secret hidden field), but since spam bots are now smart enough to bypass it, they removed it and replaced it with the anti-spam token.

All you need to do is enable the feature in your form settings.

Enable spam protection in WPForms to stop spam form submissions

Behind the scenes, the plugin adds a secret token unique to each submission. Since spambots can’t detect the token, they get stuck and can’t submit the form.

4. Use Recaptcha to Deter Automated Spam Bots

We mentioned previously that RafflePress includes Recaptcha for giveaway form submissions. What you might not know is that many other WordPress plugins also offer this feature, including WPForms.

Instead of having just one Recaptcha method, they offer a choice of 3:

  • Checkbox reCAPTCHA v2: Visitors can hover their mouse cursor over a checkbox to submit your form. It’s called a ‘challenge’ and usually has the words ‘I am not a robot’ beside it.
  • Invisible reCAPTCHA v2: Instead of showing a checkbox, this method detects user activity to decide if they’re human. It’s a great way to prevent spam each time without showing a challenge (like a math question).
  • reCAPTCHA v3: This advanced CAPTCHA uses JavaScript to detect human visitors. It’s a great choice for AMP pages but can sometimes stop real visitors from submitting forms. We suggest using this option only if you’re an advanced user who can troubleshoot issues.
Different types of Recaptcha in WPForms

After choosing your Recaptcha method, adding your API keys, and going through the authentication process, you can add the Recaptcha field to your online form. The field validation will help control fake submissions.

Add the WPForms Recaptcha form field

When the form field is in place, you’ll see the Recaptcha badge in the form builder preview.

Recaptcha badge in WPForms builder

Some other popular WordPress plugins with Recaptcha features include:

5. Enable Comment Moderation

It isn’t just contact and giveaway forms that can attract spammers. Your comment section is prime real estate for spam messages. That’s why our next recommendation is to moderate your comments.

Comment Moderation is a built-in WordPress feature that lets you review and approve comments before publishing them on your site. It prevents spam comments from appearing publicly and lets you control what is displayed.

To enable comment moderation, navigate to Settings » Discussion from your WordPress admin. One of the options you’ll see is ‘Comment Moderation.’

Use Comment Moderation in WordPress to stop spam form submissions

Here, you can specify the number of links or keywords that trigger comment moderation. For example, if you set the value to ‘2’, any comment with more than two links will be held for moderation.

Similarly, if you add specific words to the moderation list, comments containing those words will also be held for your review.

After, click the Save Changes button to apply the settings. From now on, any comment that meets the moderation criteria will be held for your approval before it appears on your website.

6. Block IP Addresses of Persistent Comment Spammers

Do you have a persistent spammer who won’t take the hint? It might be time to consider blocking their IP.

Blocking IP addresses is a simple way to keep those pesky spammers at bay. But be cautious: blocking an IP should be your last resort, as it can potentially block legitimate users.

First, you’ll need to identify the IP addresses causing problems. You can find these in your server logs, where all IP addresses interacting with your site are recorded.

Once you have the offending addresses, add them to your comment disallow list. To find it, navigate to Settings » Discussion and scroll down to the Disallowed Comment Keys section.

Block IP addresses in WordPress to stop spam form submissions

Now paste the list of IPs, one per line, and click the Save Changes button. Anyone slipping past your Captcha will now be blocked.

7. Block or Allow Specific Email Addresses

Occasionally, you may get spam form submissions from humans. Scammers and sales teams will visit your form repeatedly, spamming you with emails you don’t want or need.

Since they’re real visitors, Captcha, and typical spam filters won’t stop these submissions. However, you can still take some steps to get rid of them.

If you’re using WPForms, you can block or allow specific email addresses. That way, they won’t be able to complete and submit your form. Plus, each form you create has its own block and allow list.

To find this feature, head to your forms in the WordPress dashboard and edit a form.

Edit a form in WPForms

Next, click the email field and expand the Advanced Options heading.

WPForms email advanced panel

After expanding the menu, click the Allowlist / Denylist dropdown and select your desired option. For this example, we’ll choose the Denylist.

Choose the email denylist option

Type the email addresses you want to block in the box beneath the dropdown. You can type the full email or use an asterisk * to create a partial match.

Allowlist wildcard in WPForms

When you have the denylist set up, save the form.

8. Restrict Form Submissions by Country

Many website owners have told us they often get spam form submissions from specific countries. It’s easy to find this out by checking their IP locations.

With its suite of advanced spam protection settings, WPForms also allows you to block IPs from specific locations. Simply edit your form, then toggle the Enable Country Filter option in the spam settings.

Enable country filtering WPForms

From there, you can restrict entries from specific countries or accept submissions only from selected countries.

FAQs About Form Spam

In addition to the tips above, here are some common questions that our readers ask us about form spam.

Why do people spam forms?

One reason why people spam forms is for promotion. They use spam forms to advertise their products or services, hoping to catch your eye and lead you to their websites.

Additionally, some use this tactic to collect your email address. Then, they can send you unwanted emails. At their worst, these spammers do it to cause trouble and disrupt your website.

What are the common signs of spam form submissions?

An unusual increase in form submissions is a clear sign of spam. Spam hints include random text, weird keywords, or jumbled sentences.

Spam bots also use many links back to their sites or products, so spotting a surplus of irrelevant links could be a warning that you’re dealing with spam.

Additionally, spam bots often use temporary emails. Look out for unusual or random strings of characters – they’re likely spam.

Can I track the source of spam form submissions?

Yes, you can track the source of spam form submissions on WordPress. One way to do this is by using WPForms. It provides a feature called Form Abandonment, which tracks the IP address of the user who started filling out the form but didn’t submit it. This can help you identify potential spam sources.

Furthermore, some WordPress security plugins offer features to track the source of spam. For example, Sucuri and Wordfence provide detailed logs and reports showing IP addresses and other relevant information about spam submissions.

Prevent WordPress Form Spam Today 

Securing your site from spam form submissions is an excellent way to protect your site’s credibility and protect user data. With the steps in this guide, you’ll create a robust wall against spam invaders.

Good luck, and here’s to a spam-free WordPress site!

You might also find the following tips and tutorials useful in maintaining your WordPress site:

If you liked this article, please subscribe to our YouTube Channel for RafflePress video tutorials. You can also find us on Twitter and Facebook.

author avatar
Stacey Corrin Writer
Stacey has been writing about WordPress and digital marketing for over 10 years and on other topics for much longer. Alongside this, she's fascinated with web design, user experience, and SEO.

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. We only recommend products that we believe will add value to our readers.

Let's Connect

Join Our Newsletter

Subscribe to get Free WordPress Tips and Resources

We do not sell or share your information with anyone.

Copyright © 2024 SeedProd LLC. RafflePress® is a registered trademark of SeedProd LLC

WPBeginner Verified Badge