Do you get spam through your website contact form? Depending on how high-profile your company is, you can receive anywhere from a daily barrage to a slow trickle of spam. Though it’s nearly impossible to completely stop spam, we can take steps to reduce it. Here’s what we suggest.
Install a Contact Form
First and foremost, we recommend using a contact form instead of an email address. When you put your email address anywhere on your website, regardless of whether it’s a link or plain text, spambots will harvest it. You can obfuscate your email address to make it harder for spambots to find by using a plugin such as Email Address Encoder. However, it’s not likely to fool all spambots forever. Therefore, a contact form is a more effective option.
At OptimWise, our favorite contact form plugin for WordPress is Gravity Forms. It’s a premium plugin, meaning that it costs money, but it’s well worth it.
Enable Anti-Spam Honeypot
The first step is to enable the anti-spam honeypot. According to Gravity Forms, the honeypot field is “a hidden field that tricks a spam bot into filling it out when it should really be left blank.”
- WordPress admin menu > Forms.
- Hover over the form you want to edit, then hover over Settings, and click Form Settings.
- At the bottom, check the box for Enable Anti-Spam Honeypot.
- Click Update Form Settings.
Sometimes that’s enough to significantly reduce the amount of spam you receive. Wait a few days after enabling it. Then, if you’re still receiving too much spam, try the next step.
reCAPTCHA is an improvement over standard CAPTCHA (where you need to figure out the letters and numbers in an image). That’s because reCAPTCHA is simpler for humans. According to Google (its developer), reCAPTCHA “uses an advanced risk analysis engine and adaptive CAPTCHAs … while letting your valid users pass through with ease.”
It’s a bit more work to add reCAPTCHA to a form than to add a CAPTCHA. However, your site visitors will appreciate the comparative ease of reCAPTCHA.
Generate reCAPTCHA Keys
First, you need to generate your reCAPTCHA keys.
- Log into reCAPTCHA admin, using your Google account. We recommend using the same account that’s linked to your domain, which is probably your work email.
- Under Register a new site, set the Label to the URL (web address) of your website, or something else descriptive.
- Choose reCAPTCHA V2.
- Under Domains, enter the domain of your website.
- Complete the rest of the form, then click Register.
Add reCAPTCHA Keys to Website
Next, you need to add the reCAPTCHA keys to your website. Here’s how.
- You’ll see the Adding reCAPTCHA to your site section.
- Copy the Site key.
- Back in your website, go to WordPress admin menu > Forms > Settings. Scroll down to reCAPTCHA Settings.
- Paste the Site key you copied into the Site Key field.
- In reCAPTCHA, copy the Secret Key.
- Paste it into WordPress in the Secret Key field.
- Click Save Settings.
Add reCAPTCHA Field to Contact Form
Next, you need to add the reCAPTCHA field to your contact form. Follow these step-by-step instructions.
- WordPress admin menu > Forms.
- Click the form you want to edit.
- Expand Advanced Fields, and drag CAPTCHA to the bottom of your form.
- Click the field to edit it.
- Change the Field Label to something like “Please confirm your humanity.”
- Click Update.
That’s usually enough to significantly reduce the amount of spam you receive. Wait a few days after enabling it. Then, if you’re still receiving too much spam, try the next step.
Increase reCAPTCHA security
By default, reCAPTCHA strikes a balance between security and user-friendliness. If you get too much spam, then increase the security. Here’s how you do it.
- Log into reCAPTCHA admin using the same Google account you used earlier.
- Under Your reCAPTCHA sites, click your website.
- Scroll down to Key Settings.
- Click Advanced Settings to expand it.
- Under Security Preference, drag the slider to the far right (Most secure).
- Click Save Changes.
Spam Shields Up!
Another option is to use Akismet, a service from Automattic (the company behind WordPress). It integrates with many free and paid plugins, including Gravity Forms. Akismet is free for personal sites. There are paid plans for commercial sites.
Interested in Internet Security?
If you’re interested in Internet security, check out the educational resource Defending Digital!
As a business person, you have better things to do than fight spam coming through your website. Let OptimWise handle it for you. We provide comprehensive website maintenance. Sign up for your WordPress Maintenance Plan today.