How To Stop Spam Form Submissions In WordPress Forms Using reCAPTCHA?

The downside of having forms on your website is that you often leave yourself open to spam. This is why it is crucial to stop spam form submissions. Unfortunately, there’s no one ultimate method to eliminate all spamin WordPress or block bots. But there are several different anti-spam measures available.

Each of them has its own unique advantages and disadvantages, so it is often a delicate balance between blocking as many spam messages as possible and not interrupting your site visitors.

Spam is rarely avoidable. Spam appears email, contact forms, comment sections, and any other website forms. Fortunately, there are solutions that can help reduce the amount of spam that we see regularly.


What is reCAPTCHA?

The CAPTCHA, also known as Completely Automated Public Turing test to tell Computers and Humans Apart, is one of the most popular methods for catching and stopping spam messages.

Websites using CAPTCHA require users to examine an automatically generated group of numbers and letters and then enter that combination into a text box.


captcha example
CAPTCHA example.


The original version was introduced in the early 2000s. It was not user-friendly because numbers and letters combinations were often edited and scrambled to confuse spam bots, but they also confused real people.

Many users abandoned those kinds of forms because of the difficulties in interpreting the numbers and letters that were presented. Spammers soon caught on to this and were able to hack these sites quite easily.

reCAPTCHA sought to alleviate these issues by displaying images of real text that people were supposed to enter into a text field. Unfortunately, it also experienced some of the same problems as its predecessor, because many of the words displayed were too hard to read.


reCAPTCHA example
reCAPTCHA example


Google bought reCAPTCHA and started making improvements immediately. The current version is reCAPTCHA version 3. It’s far easier than its predecessors for users. It’s just a checkbox asking if you’re a robot.


reCAPTCHA version 2 example
reCAPTCHA version 2 example.


This way of stopping spam may not seem like it would fool a computer, but the technology involved behind the “hood” is what is doing the job. Google monitors your IP address and web activity. If it sees you as a normal user, you’re assigned a checkbox.

If you’re considered to be “suspicious,” Google assigns you a puzzle. The puzzle usually involves selecting the right pictures from several photos assembled in a grid. The process takes more time and can be frustrating to users, especially if the API makes mistakes and shows the same images in a continuous loop.


google recaptcha issue
Example of what you see if you don’t pass the Google test.


I once had to complete this activity ten times in a row. It wouldn’t let me get any farther.

Thankfully, the new version of reCAPTCHA is much more user-friendly. It still gives users a score. This time, if you’re considered to be “human,” nothing else will display. No checkboxes, no nothing.

The assigned score allows users to complete different actions according to the types of forms that you fill out. For instance, if a user is attempting to fill out a longer form and fails the score, you can have them use two-factor authentication to proceed further.


Stop Spam Form Submissions Using WPForms Spam Protection

Most online forms are prime targets for spammers. WPForms (see difference between Gravity Forms vs WPForms) provides several convenient solutions for reducing spam. WPForms uses a smart honeypot technique to combat spam. You can also use WPForms to add reCAPTCHA to your online forms.

reCAPTCHA by Google is a free automated service and advanced risk analysis to combat spam efforts. It’s easy for people to bypass, but poses more of an issue for spam bots.


How to Add a reCAPTCHA Checkbox to Your WPForms?

The first thing you’ll need to do is install and activate the WPForms plugin. You can use the free WPForms Lite version. Next, you’ll need to create a WordPress contact form and configure reCAPTCHA settings in WordPress.

Start by going to the WPForms > Settings. You can then select the “reCAPTCHA” tab. Click on the, for example, reCAPTCHA v2 option to add reCAPTCHA to a form.


wpforms recaptcha


reCAPTCHA is a free service provided by Google. While it’s free to use, it requires both a secret key and a site key to operate. You can create those keys by going to reCAPTCHA’s setup page.

Once you’re on this setup page, click on the Admin console button in the top right corner. From there, log into your Google account. This will take you to a page where you can register your site for the reCAPTCHA service. Click the + sign located in the top right corner to add a site for reCAPTCHA service.


how to set up recaptcha wordpress


Enter the name of your website in the label field. Then select the reCAPTCHA option that you want to use. For instance, you may want to choose the v2 reCAPTCHA version and the “I’m not a robot” checkbox for your site.

After that, you need to add your website’s domain and click the Submit button. Copy your site and secret key information and return to WPForms > Settings.

Enter your secret key and site key underneath the reCAPTCHA settings section. Click on the “Save” button to save your settings.


invisible reCAPTCHA wordpress


To enable reCAPTCHA in the form, go to Settings » General in the form editor. Scroll to the bottom of the page, and click on the checkbox next to “Enable Google Checkbox v2 reCAPTCHA.”


adding reCAPTCHA v3 wordpress


Save your settings. This allows you to add your reCAPTCHA-enabled form to your website.

You can use the custom CAPTCHA add-on if you want to have an interactive reCAPTCHA element on your site and don’t want to use Google reCAPTCHA. This plugin can be used to add random math questions or create your own custom questions for site visitors to answer.

You can also add Invisible reCAPTCHA. Adding Invisible reCAPTCHA is an ideal solution for those who want to create WordPress contact forms that avoid spam but don’t disrupt the user experience. This option makes filling out online forms simple.

All you have to do is to follow the previously mentioned steps. The only difference this time is that you should click on the checkbox next to the “Enable Google Invisible reCAPTCHA” in the “Settings > General” section of the form editor. Make sure that you save your settings when finished.

Once you’ve done this, Google will investigate every form submitted on your site to determine whether or not it’s coming from a spambot. Your site users won’t see anything out of the ordinary. They will still be able to submit forms without any problems.


How to Enable Anti-spam Honeypot?

The honeypot tool is another excellent option to stop spam without using any form of CAPTCHA. Honeypot works by adding an extra field. Spambots will enter information in that field, which is hidden to valid users. The additional field is there to verify that an actual human is filling out the form.

If that honeypot field is filled in, the form will be automatically rejected as spam. This prevents the spambot from submitting the form.

Many website owners use Honeypot because it keeps their sites safe and doesn’t require any sort of CAPTCHA fields that could annoy or aggravate their users. This setting is enabled for all forms that you use by default in WPForms, even if you’re already using CAPTCHA, reCAPTCHA, or Custom Captcha addon.

You can check this setting by going into your form Settings > General menu. From there, scroll down to the right-hand preview panel. You will see that the “Enable anti-spam honeypot” option has already been enabled.


Stop Spam Form Submissions Final Words

No site owner wants their contact forms (or any other forms, for that matter) to be constantly under attack by spam bots. It takes away time and effort from running the website and focusing on different aspects of the site. Unfortunately, dealing with spam is something that all site owners have to deal with eventually.

While there is no “one size fits all” solution that will end spam entirely, it doesn’t mean that you have to give in to spam attacks, either. Be proactive. Look at how spam affects you as a site owner, and how it affects your site users.

Then take the necessary steps to protect your site. Don’t rely on a single strategy to defend your site. There are always newer and more clever ways that spammers are using to attack websites every day. Stay vigilant, and keep a constant eye out for spam.

DISCLOSURE: Posts may contain affiliate links. If you buy something through one of those links, I might get a small commission, without any extra cost to you. Read more about it here.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top