How To Stop Contact Form Spam in WordPress

This post may contain affiliate links. For more info, visit the disclosure page.

Woman biting pencil in front of open laptop

One of the most annoying things about managing a WordPress website is getting unwanted spam messages through your contact form.

I put a contact form on my website so that people who want to personally contact me about something related to my business, they can do so. But the dark part of the internet also has a use for my site’s contact form as well.

I use WP Forms to build my contact forms. I found it to be the simplest way to build and add a form to my contact pages and it also has some very powerful features. Best of all it’s free.

By spamming my contact form, they hope that their message might reach me so that I will get whatever they’re pushing. But that could be dangerous and anything from getting your computer infected with malware, phishing traps and a number of other bad things can happen if you do get involved with these spam messages.

And the senders of these messages 99% of the times isn’t human. Well, there’s a human behind the operation but the messages are delivered mostly by bots that can fill the forms and send the message.

So how do you stop this annoying activity from getting into your inbox and taking up your time?

There are several things you can do but I’m going to show you the one that I’ve personally employed to deal with this issue on my websites including this one.

What You Can Do About Contact Form Spam

With the challenge of bot submitted contact form spam, a number of solutions has been developed over the years and they’ve also evolved as the spammers got smarter.

One of the things I considered was to remove my contact form but that was totally out of the question as any reputable business should have a way of being contacted by your website visitors.

Just imagine getting dozens of emails every day through your sites contact form that look like this one.

Ugh! Can you say annoying one more time!?

So I decided to look into finding a solution.

Here are some of ways in which you could battle contact form spam.

Captcha Challenge

I’m sure you’ve seen forms before with a little picture before the submit button that has some letters or numbers or a mix of both which you had to figure out and type into a box. Usually, you’d have to be human to see these characters but the big drawback was that sometimes these were tough to even figure out although you could refresh the puzzle and get a new set of characters.

Captcha example
A confusing example of captcha.

Captcha challenges can also vary. I’ve seen some where I’d get a picture divided into squares and I’ll have to click all the squares that had traffic lights in them or some other common object. Then there are others that ask you to do a simple math problem like 3 + 2 and you had to answer 5 correctly to proceed.

You don’t want to use captcha challenges because people who may genuinely want to contact you can see it as an extra hurdle and not bother. They may get stumped on the puzzle the first time and decide not to try again.

reCAPTCHA Checkbox

Captcha checkboxes are a simpler evolution of the captcha challenge and only requires the user to click inside a box to check it to prove that they are human.

reCAPTCHA with checkbox.

It presents less of a hassle for users and can be performed with one click. No tricky puzzles to figure out.

Google actually developed a tool called reCAPTCHA which is now in version 3 to help stop bots from spamming your forms. The checkbox option is part of their solution but there’s also another solution that allows users to submit your contact form without having to deal with Captcha. The captcha works in the background.

Invisible reCAPTCHA

Google’s reCAPTCHA v3 allows you to implement an invisible captcha solution which works in the background to detect bot traffic using a scoring system. Human visitors won’t have to fill out any captcha forms or check any boxes, just the needed info in the contact form.

Bots are automatically blocked form submitting anything and you don’t get the frustration of having to deal with contact form spam.

How To Add reCAPTCHA To Your Contact Forms

Now the first thing you need to do is to have a plugin to build your contact forms.

There are many contact form plugins for WordPress and I’ve used a lot of them over the years but the best and simplest one I’ve found is WP Forms. You can get it for free and it has some very powerful features and a pro version where you can unlock even more useful features.

After building your contact form in WP Forms, you can add reCAPTCHA to the form to either have a checkbox or to use the invisible reCAPTCHA to help block spam.

I used the invisible method for two of my most heavily spammed forms and I haven’t had to view any spam emails that were sent through these forms.

In this section, I’m going to show you how I added invisible reCAPTCHA to my forms using the WP Forms plugin. The process is the same for adding a checkbox – you just have to choose that option.

Step 1. Create A Contact Form using WP Forms.

If you haven’t created a form yet for your contact page, you can create one using WP Forms. WP Forms makes the process simple and there’s even a Gutenberg block you can add to make things even more simple.

To create a form, after installing and activating the plugin, simple click “Add New”. On the next page, add a name for the form then select “Simple Contact Form”. Click “Save” and your form is built for you in just a few clicks.

You can also edit, add or subtract form fields to your liking. I chose to go for the simple form where the “last name” field isn’t shown.

Test form using WP Forms

Step 2. Setup reCAPTCHA in Google reCAPTCHA tool.

reCAPTCHA is a free service that is provided by Google so you’ll need to get a ‘site key’ and a ‘secret key’ from Google which will link your site’s contact form to their service.

This is easy to configure in WP Forms but first you’ll need to set up reCAPTCHA in Google. To do this simply go to the tool and click on the “Admin Console” button at the top.

Google reCAPTCHA tool

On the next page, you’ll need to add a site and this is done by clicking the plus sign. Then you’ll need to fill in a simple form to register your site and get your keys.

Add a label to identify your site. This could be the name of the website. You’ll get another field below where you can add the domain name.

Google reCAPTCHA settings

Next, you’ll choose reCAPTCHA v2 under reCAPTCHA type which further gives the options to either use a checkbox or an invisible badge. If you want to use invisible reCAPTCHA then choose that option otherwise choose the “I am not a robot” tickbox to add a checkbox.

Fill in the other info and click submit. On the next page, you’ll be able to copy your keys.

Step 3. Configure reCAPTCHA in WP Forms.

Now that you have the keys from Google’s reCAPTCHA tool, you now need to add them to WP Forms. Find WP Forms in your WordPress dashboard and go to “Settings”.

On the settings page, click on the reCAPTCHA menu item to configure the settings.

On this page choose “Invisible reCAPTCHA v2” to add invisible reCAPTCHA or click on the checkbox option to add that option.

Right below, you’ll have two fields to add the Site Key and the Secret Key from Google’s reCAPTCHA tool. Just copy and paste each key into their respective fields. Click on ‘save settings’ to save your configuration.

Step 4. Add reCAPTCHA to your contact form.

Now that you have reCAPTCHA set up for your website, it’s time to add it to your form. Click to edit the form that you created earlier and then go to your form settings by clicking on “Settings” in the menu.

All you need to do on this page is to check the box that says “Enable Google Invisible v2 reCAPTCHA” or “Enable Google checkbox v2 reCAPTCHA” depending on which option you chose during the reCAPTCHA setup. Don’t forget to save your changes.

Step 5. Add your form to WordPress

The last thing you need to do is to add your contact form to your contact page. This can be easily done in WordPress’ block editor as there is a convenient WP Forms block included as long as you have the plugin installed and activated.

Edit your contact page and where you need to add your form, add a block and search form ‘wpforms’ or open the widgets section to find the WPForms block.

Add the block and select the form you created from the drop down list. Publish or Update your page to save your new contact page with spam protection.

On the page, you should see a checkbox if you chose that option but if you chose the invisible option then you’ll see only the normal fields of the contact form and at the bottom of the screen in the right hand corner, you should see a reCAPTCHA badge.

Custom CAPTCHA solution

I found that the invisible reCAPTCHA solution worked well for me but you may not want to use Google’s solution for whatever reason.

WP Forms also has a Custom CAPTCHA addon which you can use to define custom questions or random math questions on your contact forms to deter spam bots.

To use this feature, you’ll have to upgrade to the Pro version where you can unlock a host of other useful features.

Why use WP Forms?

I’m sure that there are other WordPress form plugins that will let you combat contact form spam with solutions like using Google’s reCAPTCHA but I chose to use WP Forms because of it’s simplicity, powerful features and because I trust the company that makes the plugin.

I think that it’s the best solution for creating not just contact forms but any type of web form your business may require.

The plugin is currently the only contact form plugin with a 5 star rating which it got from over 5700 reviews. It has over 3 million active installations at the moment. WordPress users love WP Forms more than any other form plugin.

You can use WP Forms to not only build contact forms but also to create newsletter signup forms, surveys and polls, post submission forms, booking forms, user registration forms and many more.

The pro version lets you integrate with a number of other applications such as Stripe, Aweber, Getresponse, Drip, MailChimp, PayPal, Zapier and more.

If you just need a simple solution to build a simple contact form for your WordPress website then I recommend using WP Forms. You will be able to add spam protection to your forms so you won’t have to deal with annoying spam bots. You’ll also be able to build unlimited forms for your website and upgrade to the pro version if needed to unlock dozens of useful features.

Download and install WP Forms today.


Leave a Reply

Your email address will not be published. Required fields are marked *