How to stop spam from website contact form?

Home - Best WordPress Plugins - How to stop spam from website contact form?
contact form spam

There seem to be email spam bots everywhere. WordPress users should prepare for a lot of spam given that WordPress runs 40% of all websites. Additionally, a significant percentage of the email spam bot is caused by plain WordPress contact form spam, which is a problem that affects all website owners. No matter how big or little your website is, spambots still target it and deliver pointless emails to your mailbox. You must go through numerous entries to discover actual users amongst spam messages, which is a time-consuming procedure.

To stop contact form spam, we’ll go through a few strategies for WordPress form spam protection in this article, unless you prefer manually sorting through multiple spam email bot submissions.

What is WordPress Contact Form Spam?

contact form spam

Spambots are software programmes made to submit false information to your contact page and invade as email spam bot. The malicious submission of website forms by spammers or human scammers is known as WordPress contact form spam. These form submissions include offensive language, fraudulent information, spamming copy and paste comments, spamming logo, and connections to phishing and malware-downloading websites. Without your knowing, they bypass the forms on your website.

Why WordPress Contact Form Spam is Dangerous?

  • Because spam is typically labelled as junk email or off-topic by email providers, spam bots not only overwhelm your website but also impede you from reaching your intended audience.
  • Malicious email spam bots can use your contact form to submit links that may contain malware.
  • An email spam bot can overwhelm your website with many requests in a short period of time. This may cause your site to slow down, affect form functionality for real users, and even cause a site outage.
  • Due of this, it is quite challenging for legitimate emails to reach their intended recipients.

Why WordPress contact form spam and email spam bots should be blocked?

contact form spam

  • The user experience on your website might be badly impacted by WordPress contact form spam.
  • Email spam bots scour websites in search of insecure forms before flooding your inbox by spamming logo alongwith bogus links.
  • Excessive spam submissions and traffic might slow down your website and bury legitimate contact forms, making it more challenging to reply to actual visitors.
  • Additionally, a spam email bot might utilize brute force attempts to access your login form.
  • Users will ultimately lose patience with spam, and if you take too long to reply to form submissions, they will stop using your website.

How to identify WordPress contact form spam?

  • Phishing URLs are used by fraudsters to steal crucial information for illicit reasons. This includes login credentials, passwords, and financial data. Phishing links are fakes intended to steal important data, even if they seem to lead to a reputable website.
  • Phishers send out a lot of pointless messages in order to advertise, engage in phishing schemes, or disseminate malware.
  • You might get submissions with made-up names; this is a warning sign.
  • Your website is likely under attack if you find a lot of spelling mistakes in the responses to contact forms.

How to prevent contact form spam and email spam bots?

Let us now look at some methods by which we can prevent WordPress contact form spam and email spam bots.

1. Custom Captcha

custom captcha addon

  • Some website owners prefer something unbranded, while others have privacy concerns that prevent them from using Google’s reCAPTCHA.
  • Then, you may use a customized WordPress contact form CAPTCHA to add a unique, word-based code or an arbitrary math question to your website, which users must respond to in order to submit forms. Users must respond to the question or enter the information shown above the submit button in order to add a comment or submit a form.
  • Users must correctly answer a simple math question that WPForms will generate if you choose Math. This Custom CAPTCHA is a very successful method for preventing contact form spam because spambots cannot correctly answer these math questions.
  • You can also choose Series of Questions as the CAPTCHA style. This enables you to formulate a query and specify the right response.
  • You can make use of the unique CAPTCHA addition for the WPForms Pro plugin. You can add the captcha to contact form by installing the Custom Captcha addon from Fancy Fields section.

2. ReCaptcha

ReCAPTCHA is a free Google application which comes as a WordPress contact form captcha that asks users to respond to short questions before they may submit forms. Additionally, reCAPTCHAs track user behaviour as users move throughout your website, assigning each one a “spam score” based on what the programme deems to be suspicious behaviour.

reCAPTCHA now comes in three different flavours:

  • Checkbox reCAPTCHA v2: This reCAPTCHA variant has a checkbox that users must select to verify that they are not a robot. You could be requested to complete a quick image validation test to verify that you are a real user if user activity seems suspect.
  • Invisible reCAPTCHA v2: Users do not see a checkbox at all. Instead, this reCAPTCHA service examines user behaviour to spot and restrict bots.
  • reCAPTCHA v3: It uses JavaScript to identify human visitors. It identifies human visitors by using riddles or by analyzing way they interact while on your webpage.

To add captcha to contact form, utilize the plugins Formidable Forms or   WPForms. Select any of the reCAPTCHA flavors as needed by going to the   corresponding settings buttons in the WordPress dashboard.

3. Honeypot


  • To put it simply, a honeypot is a lure that lures intruders into a trap.
  • A “sweet” and covert strategy to prevent spam out of your contact forms is the honeypot technique. It conceals a field in your form’s code that is hidden from human visitors but exposed to spambots who frequently access the code.
  • Honeypots present a fake form field for spambots to fill up. Spambots, which are computer programmes that simulate human activity, simply complete the form fields and click the “Submit” button. This results in the submission being automatically rejected and marked as spam, so you never have to deal with it again.
  • Users will have a more comfortable experience using honeypots because they won’t be bothered by the hidden form and there won’t be a reCAPTCHA requirement. This may enhance the quantity of legitimately filed forms.
  • There are many anti-spam honeypot WordPress plugins which can cater to your needs; WPForms and Formidable Forms. Go to their Settings option form where you can enable it.

4. AntiSpam Plugin

  • Using a plugin with effective built-in spam protection features is the most crucial action you can do to prevent contact form spam in WordPress.
  • These typically function independently of your forms, guarding your website against spam comments and submissions from contact forms. (Typically, your comments and contact forms).
  • Both global and regional learning are used to identify spam. Some additionally let you manually flag articles as spam (or not spam), so they can understand your likings.
  • To shield your entire website from spam submissions, you can also utilise antispam plugins like Akismet, WordPress Zero Spam, Antispam Bee, and JetPack. The most popular option is Akismet. It is one of the free anti-spam plugins WordPress.
  • These are the top features of Akismet plugin
  • Spam is automatically detected and removed from all comments and contact form submissions.
  • removing every spam submission.
  • a simple dashboard with all of the filtered submissions ‘Unspam’ feature for spam that was mistakenly flagged.

5. Block Traffic by IP Address

block traffic by IP address

  • An IP address is auto matically recorded for each user that comments on WordPress. Simply add these IPs to your site’s blacklist if you observe a pattern of identical IP addresses spamming your site repeatedly.
  • By limiting IP addresses to a specific number of form submissions in a specific amount of time and barring IP addresses that go above this restriction, you can help prevent spam from a single source. If an IP address’s activity appears suspect, you can also quickly ban it.
  • Using an IP access list is a great way to ban users. However, it takes time and constant upkeep to block a higher number of spammers.
  • You can do so with the help of WPForms. Goto Settings → Discussion and enter the IP addresses which you want to be blocked.

6. Email Verification from Users

  • Email verification is the process of ensuring that an email address is real and active. This step is necessary because email addresses are now often used by internet users to interact.
  • On submissions via contact forms, spammers and email spam bots typically use phoney or throwaway email addresses. By adding a second step to the submission process to verify user email addresses, you may avoid this. To accomplish this, send an email with a link to the form’s email address as soon as possible.
  • Additionally, you can install WordPress Plugin to Stop Spam Email. They look for email addresses that are new, fraudulent, or have been used maliciously or deceptively. You may find out if the email address you’re trying to send to is valid by using a tool made particularly for this purpose, like Google’s Verify Email Addresses.
  • WPForms can be WordPress Plugin to Stop Spam Email. On the WPForms interface’s left-hand pane, select Settings » User Registration and enable it.
  • Activate Enable user activation button and select the activation type as user email.


Maintaining a good level of user experience while implementing anti-spam protection on your WordPress site will require some help. Thankfully, if you have the necessary tools, using the techniques we discussed in this piece is easy.

For example, using Honeypot, Invisible reCaptcha, and one of the WordPress plugins will add additional layers of spam defence. which is best? All of these techniques don’t bother users at all! Helpbot can even add some flavour to the proceedings by guiding you in making the optimal plugin selection for your tasks.

Read Must Have WordPress Plugins For Bloggers 2023 in our article if you want to understand more about blog plugins. Enjoy crafting!