Docs Getting Started Protecting Your Site From Spam

Protecting Your Site From Spam

Want to learn how to protect your site from spam?

Spam can be a serious problem for website owners, potentially causing security risks and damaging your site’s reputation. Fortunately, there are several measures you can take to prevent spam from affecting your website.

In this tutorial, we’ll cover some helpful tips on protecting your site from spam.

How Spam Can Harm Your Website

Spammers often use automated scripts to send spam through a website’s contact or registration forms. If the site’s forms are unprotected, spammers can easily bypass security measures and fill your inbox with unwanted emails. These spam emails can pose security threats if they contain malicious links or malware.

Additionally, spammers can obtain real people’s email addresses by hacking, scraping websites, purchasing them illegally, etc. Spammers can use these email addresses to submit contact forms, making it appear that the submissions come from individuals whose email addresses were used. This can result in real users receiving unexpected emails from sites they don’t recognize, which they often mark as spam.

Each time a user marks an email sent from your site as spam, it counts toward your SendLayer spam complaint threshold. Exceeding this threshold can ultimately harm your site’s reputation, cause email deliverability issues, and lead to your SendLayer account being suspended.

Preventing Spam

We’ve covered various measures you can take to help prevent spam below:

  • Use captchas: Captchas are a simple way to verify that a user is a real person, rather than a spam bot. Many types of captchas are available, ranging from simple text-based challenges to more complex puzzles that require users to identify objects in an image.
  • Add a honeypot: Honeypots lure and capture spam bots through an invisible challenge that human users can’t see.
  • Regularly update your site: Outdated sites are at risk of security vulnerabilities. Updating your site regularly with bug fixes and security patches can help reduce the risk of being targeted by spammers.
  • Use a contact form plugin (for WordPress): Using a contact form plugin in WordPress is a simple way to create secure forms with several anti-spam measures, such as captchas, honeypots, spam filters, validation, and more.

In the following section, we’ll cover the top 5 contact form plugins you can use to help protect your WordPress site from spam.

Top 5 WordPress Contact Form Plugins With Spam Protection

An unprotected contact form is an easy target for spambots. Luckily, there are several contact form plugins available for WordPress that support various spam-filtering methods to eliminate spam.

1. WPForms


WPForms is the top-rated contact form plugin for WordPress. It comes with a comprehensive set of spam protection tools that offer several layers of security against spambots, including:

  • Form tokens (default)
  • Akismet
  • reCAPTCHA (v2 and v3)
  • Captcha
  • Cloudflare Turnstile
  • Custom Captcha
  • Country filter
  • Keyword filter

You can access all WPForms spam settings from a single menu in the form builder. Simply go to Settings » Spam Protection and Security menu.


From this menu, you can configure all of the above anti-spam features (reCAPTCHA and hCaptcha first require integration via an API key).

Accessing WPForms spam settings

If you need help setting up the different spam protection features of WPForms, you can check out this guide on preventing spam with WPForms.

Overall, WPForms is the best plugin to stop contact form spam because it supports various spam-filtering tools that you can combine to obtain extra security.

2. Formidable Forms

Formidable Forms is another popular contact form plugin that supports multiple spam-filtering methods.

You can turn on different spam features in Formidable Forms by going to Settings from the form builder screen.

Spam Settings for Formidable Forms

Once you’re in the Settings tab, scroll down to the ON SUBMIT section. Under this section, you can enable Akismet, Honeypot, and JavaScript to keep spambots at bay.

Activating Formidable Forms spam filters

Formidable Forms also supports reCAPTCHA and other anti-spam tools, but these require a little more configuration. You can see their guide to adding spam protection for more details.

3. Gravity Forms

If you’re using Gravity Forms on your site, the process of changing spam protection settings is similar to Formidable Forms.

The basic anti-spam honeypot feature can be enabled from the form builder. Hover your cursor over Settings to expand the menu. Then click on Form Settings.

Gravity Forms settings

When you’re in the Settings screen, scroll down to the Form Options section at the bottom. You can enable the anti-spam honeypot setting here.

Gravity Forms anti-spam honeypot
Gravity Forms also supports Akismet, and reCAPTCHA, and has several other addons that give you additional spam filtering features, as explained in their guide to preventing spam.

4. Ninja Forms

Ninja Forms uses honeypot spam filtering, which is always enabled by default.

But Ninja Forms has a few additional anti-spam tools as well. You can simply drag and drop the Anti-Spam field onto your form. This field is equivalent to the WPForms Custom Captcha field, as they both let you create a simple question or math sum to stop bots.

Ninja Forms anti-spam field

You can also block spam submissions in Ninja Forms by adding reCAPTCHA v2, v3, or Akismet.

5. HubSpot Forms

HubSpot Forms is a very limited tool, and it doesn’t offer much in terms of spam protection beyond reCAPTCHA.

You can add reCAPTCHA while you’re editing a form in HubSpot. In the left-hand pane, scroll down to the Other Form Elements section and click on it to expand options. Then, click the toggle switch next to CAPTCHA (spam prevention).


How to Prevent Registration Form Spam

Spambots love to target registration forms because these are often unprotected. Without protection, your registration forms can easily get overwhelmed by spambots making fake registrations on your site.

Generally, Google reCAPTCHA is a good solution against registration form spam.

Google reCAPTCHA

If you own a WordPress website, you have several more options available to you for preventing registration form spam depending on the plugins you’re using.

Below we’ll discuss how you can prevent spam in registration forms built using some of the most popular WordPress plugins.

1. Default WordPress Registration Form

The default WordPress registration form of most sites is frequently targeted by spammers. This is why it’s vital to protect your core WordPress registration page with a spam filter.

WordPress default registration form

Although WordPress lacks native support for captcha services, you can still add these to your registration forms using a separate plugin.

Stop Spammers Security is an easy-to-use plugin that lets you add different captcha options to your default WordPress registration forms.

Stop Spammers Security Captcha options

This plugin monitors every user for suspicious behavior while they’re filling out your registration form. Your chosen captcha option is only displayed as a second chance to the user if the plugin detects signs of spam activity.

If you’re looking for a spam blocker that works silently in the background to spot spambots, you can consider using the CleanTalk plugin.

CleanTalk registration form anti-spam

CleanTalk doesn’t require users to solve any image or math challenges. This makes for an improved and distraction-free user experience.

2. WooCommerce

WooCommerce doesn’t include any spam protection features by default. As a result, WooCommerce is highly vulnerable to experiencing registration form spam.

Thankfully, you can use third-party plugins to filter registration form spam in WooCommerce effectively.

Earlier, we mentioned CleanTalk as one of our recommended anti-spam solutions for WordPress registration forms.

But the good thing is that CleanTalk also integrates with WooCommerce natively to block fake registrations.

All you need to do is install and activate the plugin on your site, and it will automatically start protecting your WooCommerce registration forms along with other types of forms and comments.

CleanTalk for WooCommerce
Another option for blocking WooCommerce registration form spam is to use the Zero Spam for WordPress plugin. This plugin works right out of the box with your WooCommerce installation, allowing you to add a spam filter for registration forms using a simple toggle switch.
Zero Spam for WordPress

If you’ve been facing a lot of WooCommerce registration spam, these two tools should help you take care of spambots abusing your registration forms.

3. Easy Digital Downloads

Easy Digital Downloads (EDD) is popularly used by eCommerce sites selling digital products. Unfortunately, EDD is also prone to experiencing checkout and registration form spam from malicious actors.

You can add a spam filter to your EDD registration forms using a third-party plugin called WP Armour. This plugin adds a honeypot field inside forms that’s only visible to spambots, which easily get trapped by filling out this field.

WP Armour

You’ll need a premium WP Armour subscription in order to access spam protection features for EDD checkout and registration forms.

That’s it! Now you know various ways to protect your site from spam.

Next, would you like to learn how to prevent SendLayer from sending emails to addresses that could damage your sending reputation? Check out our tutorial on managing your suppression list for more information.