Curious to know how to stop spam in your WordPress contact form? If yes, then it’s the right place for you as we have a complete guide on how to stop spam on the WordPress contact form.
Online contact forms are prone to get spammed. But if you choose the right form builder plugin and integrate some of the useful anti-spamming techniques, there is nothing to worry about. One such plugin is Everest Forms, which provides an essential add-on and integrates spam protection methods into the WordPress forms.
So, in this article, we’ll be using Everest Forms to apply different methods that you can use to block spam in WordPress contact forms.
What is Spam on WordPress Contact Form?
Spam on the WordPress contact form is the submission of unwanted content through the site’s forms by spammers. It includes phishing messages, advertising links, lottery scams, and so on. At the same time, it also contains viruses that can harm your website. The spammers generally send them with the intention of generating profit.
While you can report spam text and messages, it’s quite a hassle to report every spam you get through the contact form. Also, the number of spam you get through the contact form can be large.
On the other hand, different malicious programs have been designed as spambots with the sole intention of collecting email addresses and other useful data from the contact forms. So, it’s better to prevent spam from reaching your contact form instead of letting them enter and reporting them.
WordPress form builder plugins such as Everest Forms have been continuously working to prevent spam in the forms and integrate some of the best spam-prevention methods. That’s why it’s known as one of the best form builder plugins.
So, let’s learn how to stop spam from website contact forms using Everest Forms without any delay.
How to Stop Spam on WordPress Contact Form?
Here we’ve explained four different methods to stop spam on WordPress contact forms using Everest Forms. Let’s dive in!
Method 1: Using Custom Captcha Add-on by Everest Forms
WordPress doesn’t provide you with a built-in form; you must rely on the form builder plugin. But not all the form builder plugins provide you with enough features and add-ons, while Everest Forms does.
One such add-on Everest Forms provides is the Custom Captcha exclusively built to stop spam in the WordPress contact form. So, here is the step-by-step guide on how to stop spam on WordPress contact forms using the Captcha add-on by Everest Forms.
i. Install and Activate Everest Forms and Everest Forms Pro
Now, navigate to the Plugins >> Add New.
It directs you to the page with featured plugins and a search bar. Using the search bar, search for the Everest Forms plugin. Soon, it’ll display you with the Everest Forms plugin that has the Install Now button. So, click on the button.
Again, hit the Activate button to activate the plugin on your site.
You can now create a simple contact form on your WordPress site. However, you’ll need the Custom Captcha add-on to prevent spam which is available in the pro version of Everest Forms. Hence, you’ll now require installing the premium version.
The premium version of the Everest Forms has four plans: Personal, Plus, Professional, and Agency. Since the Custom Captcha add-on is available in all of these plans. So, you can buy a suitable plan as per your choice and budget.
To purchase Everest Forms Pro on your WordPress site, visit its official site and make a purchase. After purchasing the Everest Forms premium plan, you’ll be able to log in to your WPEverest account.
Next, from the WPEverest account dashboard, go to the Download tab and see the Everest Forms Pro. Now, download the file by clicking on the Download button, and it saves the files on your device in a zip format.
Also, under the License Keys tab of the same dashboard, you’ll see the license key for activating the Everest Forms in your WordPress site. Copy the key and go to your WordPress dashboard.
Next, go to Plugins >> Add New as before, click on the Upload Plugin, and choose the zip file you just downloaded. Now, hit on the Install Now button and then Activate Plugin button.
As you activate the plugin, a message pops up at the top asking you to enter your license key. So, paste the license key into the blank space under Everest Forms (Pro) plugin.
Therefore, the Everest Forms Pro in your WordPress site is ready to function.
ii. Install and Activate Custom Captcha Add-on
Now, it’s time to install and activate the Custom Captcha add-on on your WordPress site. So, go to Everest Forms >> Add-ons on your WordPress dashboard.
It takes you to the page that displays the available add-ons for Everest Forms. Now, scroll down until you find the Custom Captcha. As soon as you see it, hit on the Install Addon button.
Next, it shows you the Activate button; click on it to activate the add-on on your WordPress site.
iii. Create a New Contact Form
Now, it’s time to create a WordPress contact form where you can integrate Custom Captcha to block spam. For that, navigate to Everest Forms >> Add New.
A new interface shows you the pre-built templates available with Everest Forms. You can use any of the forms and customize them as per your wish.
But for now, we’re showing you how to build the contact form from scratch. So, click on the Start From Scratch option and give a proper name to the form as we’ve named it New Contact Form.
It then takes you to the form editor with a drag and drop interface, where you can drag the fields from the left and drop it to your form on the right.
For a detailed guide, you can read our article on adding a contact form in WordPress.
iv. Add Captcha Field
As you’ve activated the Custom Captcha add-on in your WordPress site, you’ll see the Captcha field under the Advanced Fields.
Drag the field and drop it into your contact form.
When you finish adding the fields to your contact form, save the form by hitting the Save button in the top-right corner.
v. Customize Captcha Field
One of the best features of Everest Forms is that it lets you customize the form as per your need.
You can edit the captcha field using the Field Options tab for further customization. So, click on the captcha field on your contact field, and it directs you to the Field Options tab.
It has the following options for customization:
- Label: It allows you to change the text label in the Captcha field; by default, the label is Captcha.
- Format: It provides you with two options:
- Math: Math Captcha is autogenerated, which displays unique math Captcha to each user
- Question and Answer: This allows you to add custom questions and answers. You can also add more than one question by clicking on the ‘+’ sign. For removing questions, click on the ‘-’ sign. It shows only one random question in the front end among all the questions you add here.
- Description: You can describe the Captcha field of your form that appears at the bottom of the field.
- Advanced Options: It has three options:
- Placeholder Text: Here, you can enter the text to make users clearer about where they should enter their answers, or you can add anything you want to convey to your user.
- Hide Label: It lets you hide the Captcha label in the field. A simple check on the checkbox to hide.
- CSS Classes: It allows you to enter the CSS class name for the Captcha field container.
- Conditional Logic: Conditional Logic is one of the essential features that every form builder plugin must-have. This option allows you to hide or show the Captcha field based on the user’s input. You can set the conditional logic for the form’s fields.
After making all the changes save the form and add the contact form to your post or page. Since you have added the Captcha field in the form, the spambots have very few chances to submit the form with spam.
Method 2: Enabling Anti-spam Honeypot Using Everest Forms
The next method for spam prevention in the contact form in WordPress is to enable the anti-spam honeypot using the Everest Forms.
Since the field is invisible to humans, it doesn’t hamper their submissions. Thus, to enable an anti-spam honeypot, open the form you just created by navigating to Everest Forms >> All Forms.
Now, go to the Settings at the top, which takes you to the General interface. From here, scroll down below until you find the Enable anti-spam honeypot. Check the option to enable the anti-spam honeypot in your form
Save the settings after you’re done by hitting the Save button at the top-right corner.
Method 3: Enabling Google reCAPTCHA or hCaptcha to Your Contact Form
The third method to stop spam in the WordPress contact form is to enable Google reCAPTCHA or hCaptcha.
To integrate reCAPTCHA in your contact form, navigate to Everest Forms >> Settings. Click on the CAPTCHA tab.
Under the CAPTCHA Type, it has the following three options:
- reCaptcha v2: It verifies whether or not the interaction is legitimate using I’m not a robot checkbox and invisible reCAPTCHA badge challenges.
- reCaptcha v3: It verifies requests with a score and gives you the power to take action in the context of your site.
- hCaptcha: It’s a service provided by Intuition Machines Inc that provides reliable bot detection while being simple for a human to solve. It uses an advanced machine learning algorithm for detection. Also, unlike reCAPTCHA, it doesn’t sell users’ data to any third party.
i. Add reCAPTCHA to Prevent Spam in Everest Forms
Once you decide to use the reCAPTCHA version, you’ll require to add Site Key and Secret Key. And to create these keys, first of all, visit Google’s overview page.
Google reCAPTCHA is a free service from Google that uses an advanced engine for risk analysis and adaptive challenges to prevent malicious software programs from accessing your website. It blocks all the fake users while keeping the legitimate users.
Now, click on the v3 Admin Console tab at the top.
Next, add a label in the Label field and choose the reCAPTCHA type.
Meanwhile, reCAPTCHA v2 has three options:
- “I’m not a robot” Checkbox: A checkbox saying I’m not a robot is displayed to the user, and they have to check it.
- Invisible reCAPTCHA badge: Validates requests in the background.
- reCAPTCHA Android: Validates requests in your android app.
Choose the one that you’re comfortable with and proceed on.
Likewise, add your domain under the Domains field and check the box saying Accept the reCAPTCHA Terms of Service. Once you finish setting up, hit the Submit button.
Instantly, it redirects you to the page where there are Site Key and Secret Key. Now copy them and keep them safe.
It’s now time to go to your dashboard in WordPress. To add reCAPTCHA to your contact form, navigate to Everest Forms >> Settings and click on the CAPTCHA tab. Now, select the Captcha type and paste the Site Key and Secret Key for your site.
At the same time, Everest Forms also provides the option for enabling invisible reCAPTCHA; you can enable it as per your wish.
As you finish adding the reCAPTCHA, save by clicking on the Save Changes button.
Now, open the form you want to prevent spam and click on the Settings tab, it takes you to the General interface. Keep scrolling down below until you find the Enable Google reCAPTCHA v2 or v3. Check the option to enable it in your form.
ii. Add hCaptcha into Your WordPress Form
To add hCaptcha into your WordPress form, you again require Site Key and Secret Key. But this time, you’ll need to visit hCaptcha.com and sign up. Once you create an account, you can generate the Site Key and the Secret Key.
Now, visit your WordPress dashboard and go to Everest Forms >> Settings >> CAPTCHA. Choose hCaptcha as your CAPTCHA Type.
And just like the process for the reCAPTCHA, copy and paste those keys.
Save the changes after you’re done.
To integrate hCaptcha to your form, open the form you created and click on the Settings tab, which takes you to the General settings options. Scroll down until you see Enable hCaptcha with the checkbox. Thus, tick the option, and the hCaptcha gets enabled in your WordPress form.
Save the changes you just made to block spam in the WordPress contact form using hCaptcha.
Method 4: Using Whitelisted Domains
Whitelisting domain is another method you can use in Everest Forms to stop spam in your form.
It’s a specific feature designed for the Email field, where the domain is the deciding factor for the form to either accept or reject the submission. Whitelisted Domains allow you to set the trusted or untrusted domains to receive or deny the form of the user, respectively.
The Whitelisted Domains of Everest Forms has two options:
- Allowed Domains: You can assign the domains you trust as Allowed Domains so that users with email addresses in the same domain can easily submit the form. For example, gmail.com, outlook.com, etc., can be considered allowed domains.
- Denied Domains: Here, you can assign the domains that you can’t trust or through which you’ve been receiving multiple spams. When you assign domains as Denied Domains, users can’t submit their form if they use the same domains for their email. For example, if you assign gmail.com as Denied Domains, the user with the email address in gmail.com can’t submit the form.
To use the Whitelisted Domains feature, open the form you’ve created by navigating Everest Forms >> All Forms as shown in method 2 above.
If you’ve already added the Email field to your form, it’s okay, but if you haven’t, drag and drop the Email field to your form.
Now, click on the Email field on your form, which takes you to the Field Options on the left side of the form. Next, navigate to the Advanced Options and click on its drop-down menu. From here, scroll down until you find the Whitelisted Domains option.
Remember that the Whitelisted Domains feature is only available in Everest Forms Pro. So, if you’re using the free version of this plugin, you’ll have to upgrade to a premium plan.
Now using the drop-down menu, select either Allowed Domains or Denied Domains.
If you use the Allowed Domains, you can set the domains from where you want to receive the form entries. For example, gmail.com and outlook.com are the allowed domains for the form below:
After that, users can submit the form only if they use the Allowed Domains.
If users have submitted the form using the allowed domains, they get a success message as below.
While, if they use other domains for email, they’ll be unable to submit the form.
On the other hand, if you use Denied Domains, you can receive the form submission from all the other domains but not from those you have assigned as Denied Domains.
For example, in the below image xyz.com is the denied domain for the form.
On the front end, users might get the error message like below if they use the denied domain:
Save the form once you’re done.
These are the different methods that you can use to block spam in the WordPress contact form. Out of all these methods, you can implement one or more depending upon your need.
With that, we’ve come to the end of this article. We hope you can now easily stop spam in the WordPress contact form. If you still have any confusion or queries regarding the Everest Forms, its support team is always online to help you.
Before we wrap up, let’s inform you that apart from stopping spam in WordPress contact forms, Everest Forms also lets you integrate online payment gateways, repeater fields, and many others. So, get the plugin today and leverage its benefits to the fullest.