Combating SPAM Form Submissions for WordPress

Spam is a major pain in the you-know-what for most website owners. From comments to form submissions, spam can often overwhelm your website. One of the worst situations is when your contact or other important forms get hammered with spam, causing you to miss out on actual messages you should be seeing. Sometimes, those important messages let lost in all the garbage that is pouring in. So, how do we stop this?

Akismet may be your best friend.

Akismet is an anti-spam service powered by the WordPress team at Automattic. With over 5 million installations world-wide, Akismet filters billions of comment submissions, removing those known as spammers. This is quietly done behind the scenes, and requires no programming on your end to accomplish. If you are using Gravity Forms, Akismet can even filter your form submissions to keep the spam at bay!

To bring the powers of Akismet to your WordPress website, there are a couple very easy steps:

  1. Install the Akismet plugin on your WordPress website.
  2. Activate the plugin and obtain an API Key for the service.

That’s it! To obtain the API Key for Akismet, you will need to sign up for the service, but you can choose the free Personal plan. If your website is more of a business website, Akismet does ask that you sign up for a commercial plan, but they do rely on customers to self-select their plans. This means you can choose the Personal plan for a business website, although keep in mind that Akismet may do a periodic audit of accounts to ensure a correct plan was chosen.

Akismet is connected to a WordPress.com account… and you should be aware that this is not the same thing as a self-hosted WordPress website. WordPress.com is a hosted version of WordPress, managed by Automattic, and offers “free” WordPress.com accounts and blogs, but with major limitations. The purpose here of signing up for the WordPress.com website is merely to obtain an API for Akismet.

If you have Gravity Forms as your form plugin, you may also want to add their Akismet Add-on to help facilitate the connection between Gravity forms and Akismet, ensuring your forms are protected from spam.

Gravity Forms Zero Spam

Another option for Gravity Forms users is the Gravity Forms Zero Spam plugin. This plugin can help remove the need for reCaptcha fields, which can often become cumbersome for some users. This plugin is really easy to use… simply install and activate, and the plugin does the rest.

Gravity Forms Zero Spam works by using JavaScript to append a custom input to the form; if the input is not found in the submission or value does not match the expected value the submission is marked as spam. It can also be used in addition to other techniques, such as Gravity Form’s Honeypot technique, an anti-spam question with conditional logic applied to the Submit button, and many others.

Antispam Question with Conditional Logic Technique

Another way to help prevent spam on your form submissions is to use the Antispam Question with Conditional Logic technique for your Submit button. This includes adding a simple question to your form that requires an answer before the form submit button is displayed. Under the form settings, you can apply conditional logic to the form submit button, requiring that the anti-spam question you have added is answered correctly before the button will even show. A few examples:

  • An input box with a math question: 1+3= (4 is the expected answer)
  • A dropdown with multiple options: What is the second month of the year? (February is the expected answer)

This is a great technique to help combat automated “bot” submissions, as they will not be able to answer the questions correctly. However, this can be defeated by a human that is intent on spamming your forms.

Honeypot

A final option to include would be the Honeypot technique built right into Gravity Forms. This technique adds a hidden field to the form that humans will not see. The intention is that when the form is submitted, this field should remain empty. However, bots typically fill in all fields of a form not knowing exactly which is which, so if the field has any value at all, it is an indication that the submission was not done by a human, and thus the submission is ignored.

Not Using Gravity Forms?

Some of the techniques above can be employed on any form. If you are using a plugin for your forms, and the plugin offers conditional logic, you can usually employ both the Antispam Question with Conditional Logic ands Honeypot techniques. These techniques can also be programmed into self-developed forms that do not use a plugin.

Akismet may or may not integrate with other form plugins, so check with your plugin developer to determine if it does. Either way, a free Personal Akismet account is an easy way to see if you notice a drop in spam.

Choose Better

If your plugin is not capable of employing these techniques or options, you may want to look at an alternative plugin. We really love what Gravity Forms offers, and since they have a major presence in the WordPress ecosystem, we don’t expect them to go away any time soon.

 

Comments are closed.