Our Managed WordPress Hosting comes with WPForms Elite.
A concise guide on preventing spam in WPForms. It covers built-in spam protection, Akismet integration, CAPTCHAs, minimum submission time, spam entry storage, filtering by keywords or country, allowlists/denylists, and blocking IP addresses. By combining these methods, users can significantly reduce spam while ensuring real submissions go through.
Spam submissions can be a nuisance for website owners using WPForms. Luckily, there are several built-in features and third-party integrations that can help reduce or eliminate spam. Here’s a quick guide to your options.
1. Enable Built-in Spam Protection
WPForms includes modern anti-spam protection based on the Honeypot technique. This feature is enabled by default and blocks bots before they can submit a form.
To check or enable it:
- Go to Settings > Spam Protection and Security in the WPForms form builder.
- Ensure Modern Anti-Spam Protection is toggled on.
2. Use Akismet Anti-Spam
Akismet is a powerful anti-spam tool that learns from user-reported spam across WordPress sites.
- Install and activate the Akismet plugin.
- Enable Akismet under WPForms > Settings > Spam Protection and Security.
3. Add a CAPTCHA
CAPTCHAs help filter out bots by requiring users to complete a verification test. WPForms supports:
- Google reCAPTCHA
- hCaptcha
- Cloudflare Turnstile
- Custom CAPTCHA
You can configure these under Settings > CAPTCHA in WPForms.
4. Set Minimum Time to Submit
Bots often submit forms instantly. WPForms allows you to set a minimum time before submission.
- Under Spam Protection and Security, enable Minimum Time to Submit and set a value (e.g., 2 seconds).
5. Enable Spam Entry Storage (Optional)
If you want to review flagged submissions:
- Go to Settings > Spam Protection and Security and enable Store Spam Entries in Database.
6. Use Spam Filters
You can block spam based on:
- Keywords: Block entries containing spammy words.
- Countries: Prevent form submissions from specific locations.
Enable filters in Spam Protection and Security > Filtering.
7. Create an Allowlist or Denylist
Restrict submissions based on email addresses:
- Allow only specific email domains.
- Block known spam email addresses.
8. Block IP Addresses (Advanced Users)
If certain IPs are sending repeated spam, you can block them using a custom PHP snippet from the WPForms code library.
Final Thoughts
By combining these methods, you can significantly reduce spam while ensuring real users can submit forms without frustration. If you have questions or need help implementing these features, feel free to reach out!
Read more on the topic here
