How to Stop Spam in WordPress Contact Form? (Beginner’s Guide) 

Last Updated: 16 mins By: ThemeGrill Author

Curious to know how to stop spam in your WordPress contact form? If yes, then it’s the right place for you as we have a complete guide on how to stop spam on the WordPress contact form.

Online contact forms are prone to get spammed. But if you choose the right form builder plugin and integrate some of the useful anti-spamming techniques, there is nothing to worry about. One such plugin is Everest Forms, which provides an essential add-on and integrates spam protection methods into the WordPress forms.  

So, in this article, we’ll be using Everest Forms to apply different methods that you can use to block spam in WordPress contact forms. 

What is Spam on WordPress Contact Form? 

Spam on the WordPress contact form is the submission of unwanted content through the site’s forms by spammers. It includes phishing messages, advertising links, lottery scams, and so on. At the same time, it also contains viruses that can harm your website. The spammers generally send them with the intention of generating profit. 

While you can report spam text and messages, it’s quite a hassle to report every spam you get through the contact form. Also, the number of spam you get through the contact form can be large.

On the other hand, different malicious programs have been designed as spambots with the sole intention of collecting email addresses and other useful data from the contact forms. So, it’s better to prevent spam from reaching your contact form instead of letting them enter and reporting them.

WordPress form builder plugins such as Everest Forms have been continuously working to prevent spam in the forms and integrate some of the best spam-prevention methods. That’s why it’s known as one of the best form builder plugins. 

Everest Forms Plugin

So, let’s learn how to stop spam from website contact forms using Everest Forms without any delay.  

How to Stop Spam on WordPress Contact Form? 

Here we’ve explained four different methods to stop spam on WordPress contact forms using Everest Forms. Let’s dive in!

Method 1: Using Custom Captcha Add-on by Everest Forms 

WordPress doesn’t provide you with a built-in form; you must rely on the form builder plugin. But not all the form builder plugins provide you with enough features and add-ons, while Everest Forms does. 

Everest Forms is one of the best WordPress form builder plugins available. It’s user-friendly and provides various add-ons that a WordPress site requires when using a contact form plugin.  

One such add-on Everest Forms provides is the Custom Captcha exclusively built to stop spam in the WordPress contact form. So, here is the step-by-step guide on how to stop spam on WordPress contact forms using the Captcha add-on by Everest Forms. 

i. Install and Activate Everest Forms and Everest Forms Pro 

You’ll first require to install the plugin to use the Everest Forms’s features and add-ons. Therefore, find your WordPress login URL and log in to your WordPress site.  

Now, navigate to the Plugins >> Add New.  

Navigate Plugins then Add New

It directs you to the page with featured plugins and a search bar. Using the search bar, search for the Everest Forms plugin. Soon, it’ll display you with the Everest Forms plugin that has the Install Now button. So, click on the button.

Search and Install Everest Forms Plugin

Again, hit the Activate button to activate the plugin on your site.

Activate Button for Everest Forms

You can now create a simple contact form on your WordPress site. However, you’ll need the Custom Captcha add-on to prevent spam which is available in the pro version of Everest Forms. Hence, you’ll now require installing the premium version. 

The premium version of the Everest Forms has four plans: Personal, Plus, Professional, and Agency. Since the Custom Captcha add-on is available in all of these plans. So, you can buy a suitable plan as per your choice and budget.  

To purchase Everest Forms Pro on your WordPress site, visit its official site and make a purchase. After purchasing the Everest Forms premium plan, you’ll be able to log in to your WPEverest account. 

Next, from the WPEverest account dashboard, go to the Download tab and see the Everest Forms Pro. Now, download the file by clicking on the Download button, and it saves the files on your device in a zip format.  

Download Everest Forms Pro File

Also, under the License Keys tab of the same dashboard, you’ll see the license key for activating the Everest Forms in your WordPress site. Copy the key and go to your WordPress dashboard. 

Copy License Keys for Everest Forms Pro

Next, go to Plugins >> Add New as before, click on the Upload Plugin, and choose the zip file you just downloaded. Now, hit on the Install Now button and then Activate Plugin button.  

Upload then Install Everest Forms Plugin

As you activate the plugin, a message pops up at the top asking you to enter your license key. So, paste the license key into the blank space under Everest Forms (Pro) plugin. 

Paste License Key for Everest Forms Pro

Therefore, the Everest Forms Pro in your WordPress site is ready to function. 

ii. Install and Activate Custom Captcha Add-on 

Now, it’s time to install and activate the Custom Captcha add-on on your WordPress site. So, go to Everest Forms >> Add-ons on your WordPress dashboard.  

Navigate to Everest Forms and Add-ons

It takes you to the page that displays the available add-ons for Everest Forms. Now, scroll down until you find the Custom Captcha. As soon as you see it, hit on the Install Addon button.  

Install Custom Captcha Add-on

Next, it shows you the Activate button; click on it to activate the add-on on your WordPress site. 

Activate Custom Captcha Add-on

iii. Create a New Contact Form 

Now, it’s time to create a WordPress contact form where you can integrate Custom Captcha to block spam. For that, navigate to Everest Forms >> Add New.  

Navigate to Everest Forms and Add New

A new interface shows you the pre-built templates available with Everest Forms. You can use any of the forms and customize them as per your wish.

Everest Forms Templates

But for now, we’re showing you how to build the contact form from scratch. So, click on the Start From Scratch option and give a proper name to the form as we’ve named it New Contact Form

Name the Anti Spam Contact Form

It then takes you to the form editor with a drag and drop interface, where you can drag the fields from the left and drop it to your form on the right.  

For a detailed guide, you can read our article on adding a contact form in WordPress

iv. Add Captcha Field 

As you’ve activated the Custom Captcha add-on in your WordPress site, you’ll see the Captcha field under the Advanced Fields

Captcha Advanced Fields

Drag the field and drop it into your contact form.  

Drag and Drop Captcha Field in Contact Form

When you finish adding the fields to your contact form, save the form by hitting the Save button in the top-right corner. 

Save Contact Form

v. Customize Captcha Field 

One of the best features of Everest Forms is that it lets you customize the form as per your need.  

You can edit the captcha field using the Field Options tab for further customization. So, click on the captcha field on your contact field, and it directs you to the Field Options tab.  

Field Options for Captcha Field

It has the following options for customization: 

  • Label: It allows you to change the text label in the Captcha field; by default, the label is Captcha.  
  • Format: It provides you with two options: 
    1. Math: Math Captcha is autogenerated, which displays unique math Captcha to each user  
    2. Question and Answer: This allows you to add custom questions and answers. You can also add more than one question by clicking on the ‘+’ sign. For removing questions, click on the ‘-’ sign.  It shows only one random question in the front end among all the questions you add here. 
  • Description: You can describe the Captcha field of your form that appears at the bottom of the field.  
  • Advanced Options: It has three options:  
    1. Placeholder Text: Here, you can enter the text to make users clearer about where they should enter their answers, or you can add anything you want to convey to your user.  
    2. Hide Label: It lets you hide the Captcha label in the field. A simple check on the checkbox to hide.  
    3. CSS Classes: It allows you to enter the CSS class name for the Captcha field container. 
  • Conditional Logic: Conditional Logic is one of the essential features that every form builder plugin must-have. This option allows you to hide or show the Captcha field based on the user’s input. You can set the conditional logic for the form’s fields.  

After making all the changes save the form and add the contact form to your post or page. Since you have added the Captcha field in the form, the spambots have very few chances to submit the form with spam.   

Method 2: Enabling Anti-spam Honeypot Using Everest Forms 

The next method for spam prevention in the contact form in WordPress is to enable the anti-spam honeypot using the Everest Forms. 

Honeypot is the field added to the form with some CSS or Javascript codes, which hides the field from the users. Interestingly, the field is visible to the spambots and lures them to fill it. So, when the spambots fill the fields, the form recognizes them and prevents them from submitting the form.  

Since the field is invisible to humans, it doesn’t hamper their submissions. Thus, to enable an anti-spam honeypot, open the form you just created by navigating to Everest Forms >> All Forms.  

Navigate to Everest Forms and All Forms

Now, go to the Settings at the top, which takes you to the General interface. From here, scroll down below until you find the Enable anti-spam honeypot. Check the option to enable the anti-spam honeypot in your form 

Captcha Field Settings

Save the settings after you’re done by hitting the Save button at the top-right corner.  

Method 3: Enabling Google reCAPTCHA or hCaptcha to Your Contact Form 

The third method to stop spam in the WordPress contact form is to enable Google reCAPTCHA or hCaptcha.  

To integrate reCAPTCHA in your contact form, navigate to Everest Forms >> Settings. Click on the CAPTCHA tab. 

Navigate to Everest Forms Settings and Captcha

Under the CAPTCHA Type, it has the following three options: 

Captcha Type Options
  • reCaptcha v2: It verifies whether or not the interaction is legitimate using I’m not a robot checkbox and invisible reCAPTCHA badge challenges. 
  • reCaptcha v3: It verifies requests with a score and gives you the power to take action in the context of your site. 
  • hCaptcha: It’s a service provided by Intuition Machines Inc that provides reliable bot detection while being simple for a human to solve. It uses an advanced machine learning algorithm for detection. Also, unlike reCAPTCHA, it doesn’t sell users’ data to any third party. 

i. Add reCAPTCHA to Prevent Spam in Everest Forms 

Once you decide to use the reCAPTCHA version, you’ll require to add Site Key and Secret Key. And to create these keys, first of all, visit Google’s overview page.  

Google reCAPTCHA is a free service from Google that uses an advanced engine for risk analysis and adaptive challenges to prevent malicious software programs from accessing your website. It blocks all the fake users while keeping the legitimate users. 

Now, click on the v3 Admin Console tab at the top.  

v3 Admin Console

Next, add a label in the Label field and choose the reCAPTCHA type.  

Google reCaptcha Settings for your Site

Meanwhile, reCAPTCHA v2 has three options:  

  • “I’m not a robot” Checkbox: A checkbox saying I’m not a robot is displayed to the user, and they have to check it. 
  • Invisible reCAPTCHA badge: Validates requests in the background. 
  • reCAPTCHA Android: Validates requests in your android app. 

Choose the one that you’re comfortable with and proceed on. 

Likewise, add your domain under the Domains field and check the box saying Accept the reCAPTCHA Terms of Service. Once you finish setting up, hit the Submit button.  

Submit Google reCaptcha Settings

Instantly, it redirects you to the page where there are Site Key and Secret Key. Now copy them and keep them safe.  

Generate Site Key and Secret Key

It’s now time to go to your dashboard in WordPress. To add reCAPTCHA to your contact form, navigate to Everest Forms >> Settings and click on the CAPTCHA tab. Now, select the Captcha type and paste the Site Key and Secret Key for your site.  

Paste Site Key and Secret Key

At the same time, Everest Forms also provides the option for enabling invisible reCAPTCHA; you can enable it as per your wish.  

Save Changes

As you finish adding the reCAPTCHA, save by clicking on the Save Changes button.  

Now, open the form you want to prevent spam and click on the Settings tab, it takes you to the General interface. Keep scrolling down below until you find the Enable Google reCAPTCHA v2 or v3. Check the option to enable it in your form. 

Enable Google Invisible reCaptcha v2

ii. Add hCaptcha into Your WordPress Form 

To add hCaptcha into your WordPress form, you again require Site Key and Secret Key. But this time, you’ll need to visit and sign up. Once you create an account, you can generate the Site Key and the Secret Key.  

Sign Up for hCaptcha

Now, visit your WordPress dashboard and go to Everest Forms >> Settings >> CAPTCHA. Choose hCaptcha as your CAPTCHA Type.

Choose hCaptcha

And just like the process for the reCAPTCHA, copy and paste those keys.  

Site Key and Secret Key for hCaptcha

Save the changes after you’re done. 

To integrate hCaptcha to your form, open the form you created and click on the Settings tab, which takes you to the General settings options. Scroll down until you see Enable hCaptcha with the checkbox. Thus, tick the option, and the hCaptcha gets enabled in your WordPress form. 

Enable hCaptcha

Save the changes you just made to block spam in the WordPress contact form using hCaptcha.

Method 4: Using Whitelisted Domains  

Whitelisting domain is another method you can use in Everest Forms to stop spam in your form.  

It’s a specific feature designed for the Email field, where the domain is the deciding factor for the form to either accept or reject the submission. Whitelisted Domains allow you to set the trusted or untrusted domains to receive or deny the form of the user, respectively.  

The Whitelisted Domains of Everest Forms has two options: 

  • Allowed Domains: You can assign the domains you trust as Allowed Domains so that users with email addresses in the same domain can easily submit the form. For example,,, etc., can be considered allowed domains. 
  • Denied Domains: Here, you can assign the domains that you can’t trust or through which you’ve been receiving multiple spams. When you assign domains as Denied Domains, users can’t submit their form if they use the same domains for their email. For example, if you assign as Denied Domains, the user with the email address in can’t submit the form. 

To use the Whitelisted Domains feature, open the form you’ve created by navigating Everest Forms >> All Forms as shown in method 2 above.

If you’ve already added the Email field to your form, it’s okay, but if you haven’t, drag and drop the Email field to your form.  

Email Field

Now, click on the Email field on your form, which takes you to the Field Options on the left side of the form. Next, navigate to the Advanced Options and click on its drop-down menu. From here, scroll down until you find the Whitelisted Domains option. 

Advanced Options Whitelisted Domains

Remember that the Whitelisted Domains feature is only available in Everest Forms Pro. So, if you’re using the free version of this plugin, you’ll have to upgrade to a premium plan. 

Now using the drop-down menu, select either Allowed Domains or Denied Domains.  

Allowed Domains

If you use the Allowed Domains, you can set the domains from where you want to receive the form entries. For example, and are the allowed domains for the form below: 

Set Allowed Domains

After that, users can submit the form only if they use the Allowed Domains

Allowed Domain

If users have submitted the form using the allowed domains, they get a success message as below.

Success Message

While, if they use other domains for email, they’ll be unable to submit the form.

On the other hand, if you use Denied Domains, you can receive the form submission from all the other domains but not from those you have assigned as Denied Domains.

Set Denied Domains

For example, in the below image is the denied domain for the form.

Denied Domain

On the front end, users might get the error message like below if they use the denied domain: 

Submission Denied

Save the form once you’re done. 

Wrapping Up! 

These are the different methods that you can use to block spam in the WordPress contact form. Out of all these methods, you can implement one or more depending upon your need.  

With that, we’ve come to the end of this article. We hope you can now easily stop spam in the WordPress contact form. If you still have any confusion or queries regarding the Everest Forms, its support team is always online to help you.  

Before we wrap up, let’s inform you that apart from stopping spam in WordPress contact forms, Everest Forms also lets you integrate online payment gateways, repeater fields, and many others. So, get the plugin today and leverage its benefits to the fullest.  

If you still have time, you can explore our blog page and find interesting articles on making money online, changing your WordPress login page URL, and more.   


ThemeGrill Author

We are a team of SEO copywriters and editors who work both individually and in the team. ThemeGrill author is where one of the editors here is working on one project personally. Write to us @themegrill_blog in Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top

Pin It on Pinterest