Did you know WordPress receives 487 billion spam messages every month? Spam has been here for decades, and none of us nor our websites are fully immune. WordPress spam affects multiple areas of your website, including your comments, forms, orders, email lists, trackbacks, and so much more. But the one that is probably driving you nuts the most is the spam submissions on your WordPress forms.
Not all is lost! If you are tired of getting spam submissions, there are multiple ways to stop WordPress form spam. However, you’ll need a combination of tools to win your fight.
Let’s join forces together and go over the best anti-spam blocking tools you can use to stop spam bots from reaching your website and your WordPress form!
Table of contents
- How to stop spam on your WordPress contact form with Ninja Forms?
- Stop WordPress form spam with an anti-spam plugin
- Bonus: Block a specific email address or email domain from submitting your form
How to stop spam on your WordPress contact form with Ninja Forms?
Our contact form plugin offers numerous solutions to reduce contact form spam in WordPress. We have your back even if you don’t take a single measure to prevent spam.
Even our free version of Ninja Forms core plugin offers WordPress spam protection including Honeypot, Anti-Spam field, and Google reCAPTCHA v2 and v3. Let’s talk about each of them and show you how user-friendly these anti-spam features are.
Honeypot: Built-in spam protection
You actually don’t have to do anything, Ninja Forms (even the free version) already comes with a honeypot. Just like a real honeypot would catch flies, this honeypot will catch spam submissions. This technique allows you to ignore spambots and users don’t need to fill out a captcha or any type of challenge-response test. How?
Honeypot is an invisible field that’s present in all of your forms and isn’t supposed to be filled. If it is filled, the submission will fail. A spambot wouldn’t know this, it will fill all of the form fields on the page so that a WordPress submission created by a bot would fail.
Honeypots are highly effective and used by web security professionals around the world for many, many applications ranging from spam filtering to network security. There is a high probability that Ninja Forms’ native honeypot feature is all you need to protect your WordPress forms from spam bots, but if it isn’t, then you can try some of the tips below.
Anti-Spam field
Another way to stop spam submissions or spam comments is to add an additional field on your form that can only be answered by a person. In Ninja Forms, we have a field that’s built for this, called the Anti-Spam field. You can find the Anti-Spam field under the Miscellaneous Fields.
Google reCAPTCHA
Another way to stop spam on the WordPress contact forms is using Google reCAPTCHA. If you are not familiar with reCAPTCHA, it is a free security service from Google that helps protect websites from spam and abuse by malicious bots. It is a test to distinguish human activity from bot activity on a site. These protections are easy for humans to solve but difficult for bots.
We are compatible with both, reCAPTCHA v2 and v3 versions. The reCAPTCHA v1 was shut down in 2018. We have previously recommended not to use reCAPTCHA in order to create better experiences for customers and site visitors but over the years, reCAPTCHA v2 has improved its functionality while offering a seamless experience for the end users.
However, using the v2 version might lead to lower conversion rates linked to users’ direct interaction on your website. The reCAPTCHA v3, on the other side, provides a better user experience by being invisible to visitors and adds an extra layer of security to your forms.
Want to learn more about reCAPTCHA? Read our blog post on How to Use ReCAPTCHA to Protect WordPress Forms from Spam, Brute Force Logins, and Carding Attacks. If you are ready to set up your Google reCAPTCHA on Ninja Forms, check this step-by-step documentation or visit How to Easily Add reCAPTCHA v3 to Your WordPress Form to implement reCAPTCHA v3.
Stop WordPress form spam with an anti-spam plugin
Did you know there are over 55,000 plugins on the WordPress Plugin Directory, with many new options added every day? With so many options out there, you probably have to do research every time you are thinking to install a new plugin to your WordPress website.
We put together our top picks for the best WordPress anti-spam plugins that help you manage spam on your WordPress website. With the combination of the tools above and the right anti-spam plugin, you are one step closer to blocking contact form spam in WordPress for good. Let’s dig in!
Akismet anti-spam plugin
That’s right. If you’ve been in the WordPress space for a while now, you definitely have heard about, or even use the Akismet Anti-Spam plugin. It’s a popular anti-spam plugin from Automattic that checks your comments and form submissions for spam. At this moment Akismet has over 265 million downloads and it catches about 7,500,000 spam per hour!
Once you install and activate the plugin, it will protect your site from spam comments. But if you want to activate Akismet for one specific form, you can! Read this documentation to learn how to set up Akismet on your forms.
Spam Protection, AntiSpam, FireWall by CleanTalk
Another popular plugin to prevent contact form spam is a cloud-based anti-spam service by CleanTalk. This all-in-one solution for WordPress is tested with Ninja Forms. It protects login, comment, and contact forms at once. The good news is you don’t need to install separate anti-spam plugins for each form.
CleanTalk does not require completing any CAPTCHA challenges, questions, or puzzles, and it does not make users jump through hoops in order to submit a comment or a form. It is one of the fastest anti-spam plugins which positively impacts your SEO as the site speed is one of the most important ranking factors on Google. They even have a mobile app for you to see antispam statistics wherever you want!
Captcha by BestWebSoft
Captcha by BestWebSoft is a security solution that protects your WordPress website forms from spam entries and it is compatible with Ninja Forms. You can use it for login, registration, password recovery, comments form and much more.
You can even choose your Captcha type from invisible, character recognition, simple match actions, and side captcha. There is no API required and the plugin is very easy to use and manage. Captcha by BesWebSoft offers a free version but you can also purchase the pro version that comes with additional spam protection features.
Zero Spam for WordPress
Tested with Ninja Forms, Zero Spam for WordPress offers powerful protection against spam, malicious, users, attacks like web & port scans, brute force, and others. It allows you to block IPs temporarily or permanently, and you can block entire countries, regions, zip/postal codes, and cities. Zero Spam for WordPress also protects comments, user registration & login forms. This anti-spam plugin can be integrated into any existing theme or plugin and uses no captcha as their philosophy is spam isn’t the users’ problem.
Titan Anti-spam & Security
Previously known as Anti-Spam only, it became stronger and now presents a comprehensive WordPress security solution. Titan Anti-spam & Security plugin includes anti-spam, firewall, malware scanner, site accessibility checking, and security and threats audits for WordPress websites. It is a popular plugin among our users, especially if you are looking to perform anti-spam checks for your comments. Titan runs a background check that marks spam comments as spam and hides them on a site which helps to improve user experience and increase engagement.
Bonus: Block a specific email address or email domain from submitting your form
Do you want to block a single email address that keeps harassing you with spam submissions? Maybe you want to block certain email domains from submitting your form? Ninja Forms lets you achieve this with the Conditional Logic add-on!
It’s pretty simple. Just apply logic to the submit button telling it to stay hidden if the email field contains a particular value and that’s it! Additionally, you can also display an error message within an HTML field.
Let’s look at the example below, where we blocked the Hotmail email domain. This is the setting you want to apply if you want to also display an error message to the user who enters an email containing hotmail.com.
Below is an example to block submission entry for a specific email address without displaying any error message:
If you still receive spam submissions on your WordPress form after you’ve used all the methods above, maybe it’s time to change your hosting provider. Ideally, they can help you minimize spam and provide you with a web application firewall to keep those spambots off your website.
Long live the spam-free WordPress forms!
In today’s article, you’ve learned how to stop spam on the WordPress contact form. We showed you our anti-spam blocking tools you can use with Ninja Forms and listed some of the most popular anti-spam plugins in WordPress. We also showed you how you can block specific email addresses or email domains from harassing your forms using our powerful Conditional Logic add-on.
Dealing with spam submissions can be really exhausting and we believe after reading our tips your forms will be spam-free, so you can start receiving real submissions and comments from real people!
If you have any questions about spam and forms, feel free to leave them in the comments section below (only if you’re a real human, of course).😀
Natasha Hinsche Chwachka says:
I really enjoy the ease and use of your forms. The 5 websites I manage have recently come under attack after being online for 2 years. The included honey pot is not stopping the incessant spam any longer. I’ve tried the anti-spam field with math questions with no luck so tried asking the question of what town this store is located in as users know this…still no luck. The bots are getting past even that question. Will try a couple more techniques from your post but agree with you on the reCaptcha and don’t want to go down that road.
Janet says:
This post should be updated! Ninja forms now supports Google Recaptcha V3. ( the invisible one) in version 3.5.5 (June 2021) . However, apart from saving the necessary API key in the NF settings, how to add the recaptcha to a form is too well-hidden. The instructions here https://ninjaforms.com/docs/plugin-settings/ highlight reCAPTCHA version 2, and even after I locate the details in the recaptcha v3 tab (which looks like a non-clickable screenshot by the way) the tiny instruction “2) To enable the v3 reCAPTCHA to your form navigate to the Emails & Action section of your form and add the reCAPTCHA v3 action.” took me a few minutes of staring at that Emails & Action screen on the form saying: where? how? and when I clicked the (+) in the bottom right, there it was. Most NF implementations default to having the basic actions in place on installation so it is a rare thing to need to add additional/obscure actions. Please add more instructions on HOW to add an action that is not visible by default. It would have saved me a lot of frustration.
Kathy Zant says:
Hi Janet, thanks so much for the feedback. We’re in process on updating a number of posts on the site.
Lisa Hazen says:
Hi, there! We are getting spammed by one address. But we want to filter these messages to a different folder. Is that possible?
Melissa says:
What about hate speech? We need to be able to filter malicious HUMANS who send hateful emails. Do you know of any solutions for that?