Knowledge Base Hub

Browse through our helpful how-to guides to get the fastest solutions to your technical issues.

Home  >  WordPress FAQ  >  Ways for Stopping Contact Form Spam in WordPress
Top Scroll

Ways for Stopping Contact Form Spam in WordPress

 6 min

Are you currently getting a lot of spam messages through the contact form put up on your WordPress site?

Contact form spam is one of the common issues most website owners deal with. This means some spambots keep sending excessive emails to your inbox. It makes it difficult for you to sort the genuine users from the thousands of spam entries.

Though the best news is that there are different automated ways through which you can easily stop the contact form spam on your WordPress site. Now you are ready to focus more on your business success.

In this guide, we will discuss the different methods through which you can stop the contact form spam on your WordPress site.

What’s Exactly the Contact Form Spam?

Before we go to the main point, let us first understand what contact form spam is and how it can affect your WordPress site and ultimately your business.

Contact form spam the word describes itself, meaning unwanted messages are continuously submitted through the contact form on your WordPress site.

As the contact forms have blank fields, any of the spam bots can fill out these fields in the way they like. Sometimes you just get one or 2 messages. But the thing is, at times you will also receive hundreds or even thousands of form submissions to your mailbox.

There are chances you might lose the real messages from the potential customers. For all this, the spam bots are responsible, now let’s get to know what are spam bots.

What are Spambots?                   

Spambots are basically automated computer programs that are built to submit the information to your contact form. Their main aim is to look for ways through which they can take control over your site, email address, or even server, and start spamming.

In the worst case, it can happen that the spambots can steal your email list. Thus, you need to keep your WordPress site away from spambots and prevent coming difficulties. Now that we have knowing everything about spam in WordPress.

Let’s get to know the different ways to stop spam on your WordPress site.

Ways to Stop Contact From Spam in WordPress

Here are the different ways through which you can stop the contact form spam in WordPress.

1. Make Use of the Invisible reCAPTCHA (Also called No CAPTCHA)

One of the methods to stop the contact form spam in WordPress is by using the invisible reCAPTCHA. It means you don’t get to see the CAPTCHA in reality, it’s invisible. With invisible reCAPTCHA, visitors will not be able to see the extra fields like the challenges or questions you usually get. Invisible reCAPTCHA works when any visitor tries to submit the contact form.It will complete the submission right away, if it thinks you are a human based on your behavior.

If it thinks you’re a bot, it will immediately start asking you challenging questions or check a box, you need to select the image-based questions.

invisible recaptcha

Related: How To Protect Your WordPress Website From Spam?

2. Blocking the IP Address

If you are getting a lot of spam traffic on your WP site, one way you can do this is simply to block the traffic from the IP addresses they are coming from to keep your contact form away from spammers thereby keeping it secure.

You can then add the IPs you want to block to the Comment Blacklist field which is present on the Discussion settings page of the WordPress dashboard.

3. Install the WordPress Antispam

One of the ways to stop contact form spam on WordPress is to install WordPress antispam plugins. And the most common plugins are Jetpack, Akismet and more.  You just need to install, activate it, and it doesn’t need any configuration!

These plugins help to protect your site from the spam comments and the contact form submissions. But one thing you need to do is, read the instructions and details of the plugins in-depth

Drive Your WordPress Passion with MilesWeb.!

4. Using the Custom CAPTCHA

If you are not willing to use the anti-spamming service from Google, you can even customize and apply a CAPTCHA to your contact forms.

It means you can customize word-based or random maths questions to your contact form. For this, visitors must first answer the custom questions rightly to submit the contact form. Say, for example, you can add 8+7, or 9-1, random questions likewise. There’s a plugin called WP forms, that lets you add different custom word questions that are randomly cycled on the form with each page loading.

Also, you can change the pattern of questions monthly, quarterly, or may be the way you like.

5. Using ReCAPTCHA Checkbox for Blocking Contact Form Spam

One of the easy ways to stop spambot activity on your site is using ReCAPTCHA.

This is basically a free tool from Google. And we can use it with the WPForms built-in-anti spam token system. When any user submits the forms, they click on the reCAPTCHA to prove that they are real humans. It automatically blocks if there are any spam attempts or spam submissions.

Sometimes entering the CAPTCHA can be very time-consuming for people. And this is Google has now changed it to v2. Most of the users now prefer the reCAPTCHA on their website.


In reCAPTCHA, instead of typing the entire word or text you just need to hover the mouse over the checkbox, and the tool understands that it’s not a spambot. If you go with the V2 CAPTCHA invisible version, you get to see an image-based question to ensure you’re not a spambot.

6. Go with the Honeypot Method

If you are not willing to go with the CAPTCHA or reCAPTCHA’s, you can try using the honeypot method.

Honeypots are generally small pieces of code that are used for catching the spambots by submitting a hidden contact form field only for the spam bots.

This code is responsible for doing the below things.

  • Deceives the Spambots: Honeypots display a duplicate, or say fake, contact form filed which the spambots fill out. As we all know the spambots are not humans, they fill all the fields and then click on “Submit.” When this takes place, the form submission gets immediately flagged as spam and is canceled.
  • Is Hidden from Humans: Honeypots are hidden from human visitors, so they do not know if there is a fake contact form field.  This means that people are not disturbed during the method of filling out your contact form.

7. Blocking the Copy & Paste IP Address in Your Contact Forms

Another way to stop the contact form spam on your WP site is to disable the right-click function on your WP site. This process will help you in controlling the human-spammers copy-pasting their information from any other site to your site. Additionally, you can prevent content from being stolen from your website. In order to accomplish this, you can install some tools or plugins from the WordPress directory.

Your website or form can be blocked from traffic coming from IP addresses if you have a lot of spambots blocking traffic. This is an option if there is no other way to control the massive amount of spam. Occasionally, it might block legitimate IP addresses from accessing your website.


This is how you can protect your WordPress site from contact form spam. With this, you can spend time growing the conversion on your website rather than worrying about the spambots. Just pick the method wisely from the above options and add it to your site today.

For our Knowledge Base visitors only
Get 10% OFF on Hosting
Special Offer!
Claim the discount before it’s too late. Use the coupon code:
Note: Copy the coupon code and apply it on checkout.