Sick of WordPress contact form spam? We don't blame you! Here are 8 anti-spam techniques to help prevent spam form submissions.
Approximate read time: 5.5 minutes
Tired of sorting through spam messages from your WordPress contact forms? You're not alone. Spam quickly clutters an inbox and wastes precious time.
The good news?
There are simple ways to stop spam and keep your contact forms clean. And in this post, we'll share 7+ easy tips to block spam on your WordPress contact forms. With just a few small changes, you can spend less time dealing with spam and more time answering real people.
Stop WordPress Contact Form Spam Now!
Here's how to stop spam on WordPress comment forms and contact forms:
1. Block the IP address
If you see a repeat offender, you can block the whole IP address in the WordPress comment blocklist. Just go open your WordPress dashboard and head to Settings → Discussion. Then, add them to the Disallowed Comment Keys list.
Or, if you're using a service like Cloudflare, you can even block whole countries.
But most of the time, spam contact form submissions come from bots — not real people. Unfortunately, spambots usually use proxies (a wide range of fake IP addresses).
Blocking the IP address may protect you from human spammers, but this method doesn't work against robots.
This strategy is only effective if you're constantly tracking spam IP addresses. And who has time for that?
2. Add a JavaScript token
Since most spammers aren't human, the JavaScript on your site isn't triggered. That's because an autogenerated JavaScript token is only created when a human visits your WordPress site.
Then, it's inserted into your forms without real visitors knowing it's there. The token is checked when a contact submits the form.
So, by having your site first check to see if a JavaScript token is being submitted with the form, you can instantly reject any entries that don't have the token.
And don't worry. We know seeing the word "JavaScript" can be scary. Especially if you're not an experienced developer. But with Formidable Forms, you can activate this spam prevention method in one click!
This way, you can protect your contact forms and message fields without lifting a finger or making users do annoying puzzles.
3. Block WordPress contact form spam with the Honeypot method
The honeypot method is a pretty sweet type of contact form spam protection. Get it?
Here's how the honeypot spam blocker works:
- It creates a hidden field on your contact form page that is invisible to visitors but seen by bots.
- Since the bot sees the honeypot field, it fills it out.
- Then, when the bot tries to submit its contact form spam message, the submission is blocked because there's a form filled out that shouldn't be.
Gotcha!
And just like with the JavaScript token option, the best contact form plugins like Formidable Forms let you activate it with a button.
A few other form builders use the honeypot method to prevent contact form spam. For example, a honeypot plugin for Contact Form 7 adds anti-spam protection.
4. Use reCAPTCHA
Google’s reCAPTCHA is designed to tell the difference between a human and a bot. They've made this tool widely accessible to developers. There's only one issue: it can be complicated if you aren't a developer.
This is where a plugin like Formidable Forms can help once again. You can add a reCAPTCHA to a WordPress contact form in a few clicks.
Looking for a free alternative to Google reCAPTCHA? Check out Cloudflare Turnstile — you can add it to Formidable Forms too!
reCAPTCHA v2
Here is when things get interesting. You'll probably know this reCAPTCHA:
This checkbox reCaptcha v2 tracks your mouse's movement after you click the box. If the movement is suspicious, you'll click on boats, cars, and trains to prove you are not a spam bot.
This is one of the most widespread solutions currently available. Why? because it works! It does not annoy the user much, and the bot finds it very hard to bypass the mouse tracking.
But still, you want the perfect user experience. Do you want to capture as many valid email addresses as possible? There are a few more ways to block contact form spam in WordPress.
5. Add invisible reCAPTCHA
Invisible reCaptcha v2 is here to stop spam on WordPress contact forms! It tracks mouse movement but in the background while staying invisible. So, while real human users happily click and go through the pages, bots are blocked.
Invisible reCaptcha is available with one click in a WordPress contact form builder like Formidable.
6. Use reCAPTCHA
Just in case you didn't have enough reCAPTCHA options... Here's another one to combat contact form spam.
reCAPTCHA V3 gives you invisible anti-spam but scores every submission in a form. You choose which scores to block, and your site handles the rest.
Over time, this reCAPTCHA learns more about your site by seeing real traffic. Then, website owners can adjust the score threshold to block more or less strictly. This is a great way to stop human spammers, too.
👉 Learn how to add reCAPTCHA to WordPress contact forms.
7. Create custom spam protection form fields
If you have a solid form builder, you can create your own form and block spam emails in WordPress.
You formulate questions and ask the visitor to answer them. Because the questions and answers are unique to each site, bots have difficulty understanding them.
One simple custom captcha method: a math question. Ask something like “5+6=?” and let the user fill in the answer. While it is a very accessible solution, it still slightly decreases the user experience.
8. Install WordPress spam-blocker plugins
You can't finish an article about contact form spam protection in WordPress without mentioning anti-spam plugins.
The most popular ones are Akismet, WordPress Zero Spam, and Jetpack. These plugins work independently from your contact form tools.
They also tap into already-known spam IP databases so they can help block the threat even before it appears.
Ready to stop contact form spam on WordPress?
Creating anti-spam protection and security on your WordPress site while keeping the user experience high will require some help. Luckily, the methods described in this post are easily accessible with the right tools.
For example, combining Invisible reCaptcha, Honeypot, and one of the WordPress plugins will give you several layers of protection for stopping spam. The best part? None of those methods are intrusive for users!
For more top WordPress tips and tutorials, follow us on Facebook, Twitter, and YouTube.
9 Best reCAPTCHA Alternatives To Try Today!
What is Honeypot Anti-Spam? [And How To Use It!]
Cloudflare Turnstile vs. Google reCAPTCHA [Which is Best?]
Thank you, this is great. I use the reCaptcha for this purpose but didn't know about these other options as well.
Will use in the future.
Glad this was helpful for you. Best of luck on all your current and future projects.
I always use reCaptcha. Thanks for making it so easy to use!
Glad you like it. reCaptcha really is a great way to reduce spam in your WordPress forms. best of luck on your current and future projects.
Wow, I never knew about the HoneyPot method, this is a very valuable blog, thank you, signed not-a-bot
Hi not-a-bot 😉
Yeah, HoneyPot spam protection for WordPress forms is fairly new. It isn't always the most bullet-proof option for spam protection, but it is great to use in conjunction with other spam protection methods like reCaptcha or Akismet.
HoneyPot method is a great tip!
Yep, It's a great tool. Glad the article helped.
I always used reCaptcha until it didn't work anymore, I never didn't know why, so I searched other methods like these. Thanks for the post!
Yeah, it is strange that sometimes one spam protection method works and other times it doesn't. I think server and site configurations can play a big role in this. We always recommend using a Honeypot spam option in conjunction with something else like Akismet or reCaptcha.
As someone who is starting his first blog, this post has been very helpful!
Congratulations on starting your first blog. Glad you were able to find our blog and that it was useful for you. Best of luck.
The honeypot method is just amazing! I'll definitely try it.
Thanks for sharing the information.
~Nitin
Thanks for the comment. While it isn't always the best option by itself, honeypot spam control is a great way to beef up other spam protection methods like Akismet or reCaptcha.
I will follow these tips on my wp site.
Glad you liked the spam protection tips. If you haven't already, you can subscribe to our blog to get other super helpful tips to make your WordPress forms even better.
I am literally getting tens of submissions every single day on my blog. I'll use all the techniques to reduce spam as much as possible.
Thanks for helping me by posting this valuable piece of content.
Ugh, Spam is the worst. Sorry you are having trouble with it. Hope the tips and solutions in this article are helpful for you.
So, spammers use proxies to spam with multiple IP addresses...I wonder if this works the same way with spam phone calls. I receive so many unwanted calls daily, ill block the number & they will call from another number the next day. Anyway, I think the idea you developed is a great one!
Great idea...I'm not exactly sure how this would work, but the principles should do the trick if they can be applied to phone calls.
Thanks
I have a few 'Contact Us' forms that have been absolutely blasted by spammers, so I've implemented honeypot, recaptcha, and a conditional check for Russian characters and links in the message field.
That's a great idea to check for specific characters...Did you know you can use the Built-in blacklist from the WordPress Discussion settings page to block entries containing certain words?
Is there any programatic way of implementing this, I did some code to block bots, yet I still get fake submittions
If you are using Formidable forms, you shouldn't need code to implement any of the above options. Otherwise, I am guessing something similar could be implemented programmatically, but that isn't something we can help with, Sorry!
REALLY USEFUL TO ME AS A NOVICE IN WORDPRESS, I HATE SPAM COMMENTS!
I'm still very new to Wordpress and this world and I was not aware of any of these methods. I had started getting spam and was searching for solutions. Thank you so so much for this!
Formidable's ability to connect forms with Akismet is not only a huge lifesaver for us, but I think it's a bit of a hidden secret setting.
After installing Akismet, check out this guide https://formidableformscom.bigscoots-staging.com/knowledgebase/add-spam-protection/#kb-akismet
And make sure to turn on this setting.
Lifesaver.
Another choice that can block submission base on field content. You may also use white list, email list and IP list to block spam.
With your own keyword and apply them to a form field. The plugin will block submitting if the field content contains / same as one of your spam keyword.
It also can be used to delete entry if spam keyword found.
Ryan, Formidable forms is one of the popular forms out there and hence it has become a target for spammers. You have listed some very important options to weed out spam. We would like to suggest the Antideo Email Validator plugin that works out of the box with Formidable Forms, to validate emails preventing disposable emails, free emails, emails from invalid domains, generic emails etc. You can also create and save your own email as well as domain blacklists.
Ryan, it would be wonderful if you can include us in your blog as one of the options to further secure your contact forms
Hello, formidableformscom.bigscoots-staging.com. s
You can use Maspik to block email spam in wordpress, this plugin have a lot of feature and supported Formidable Forms