How To Stop Spam On Your WordPress Website — Part 1

March 22, 2017

Spamsters be warned. Your kind ain’t welcome here. My website’s contact form was not meant for your evil ways!

Do you suffer from SPAM?

I hate spam with a passion – who doesn’t – and we’ve learned a few tricks that will surely cure you of your spam. There’s nothing like waking up in the morning to find your inbox spam free.

What causes spam on a WordPress website?

Every spammer has a different intent:

  • To find website vulnerabilities
  • To sell you their services
  • To leech off your search engine ranking
  • To scam you or your visitors (did you know my uncle was a Nigerian prince?)

Regardless of their intent, one thing is clear — our lives would be better off without it.

Where does spam come from?

The majority of anti-spam measures prevent automated spam created by bots. Manual spam is a lot harder to identify as it’s created by real people.

Preventing contact form spam

WordPress has a lot of great form plugins – our favourites include Gravity Forms and Contact Form 7. There are a lot of extensions for these plugins to help prevent spam.

The honeypot

The honeypot method is one of my favourite methods to preventing automated spam. The concept is simple and unintrusive to your end users. The goal is to lure bots into filling out hidden fields on your form that normal users would never see. Since most bots automatically fill all fields with information it’s quite easy to trick them.

Once the field is submitted the form submission is prevented and your inbox is saved!

Gravity Forms

This anti-spam method is built into Gravity Forms and can be enabled by going to your form settings and checking off “Enable anti-spam honeypot”.

Contact Forms 7

Installing Contact Form 7 Honeypot is a breeze. You can find the plugin in the WordPress directory or by going to:

Once installed and activated all you need to do is add a honeypot field to your form. You will be asked to add a name for the field. I usually use a common field name like “name” or “email” as a way to further deceive the bot.


Using captchas is one of the most common ways to defeat spam — and my least favourite. Adding a captcha to your contact form require your visitor(s) to fill in an additional field that is often hard to answer. These fields ask your visitors skill testing questions or asks them to enter the text from a hard to read image.

The idea is that bots are not intelligent enough to fill in these fields automatically and would require a certain human element.

Gravity Forms

Enabling captcha’s is as easy as going to the Gravity Forms setting page and following a few steps to setup reCaptcha (a captcha service by Google). No additional WordPress plugin is required. Remember to add a reCaptcha field to your forms to prevent spam.

Contact Form 7

reCaptcha is integrated directly into Contact Form 7. Just go to the Contact Integration page to enable it. Remember to add a reCaptcha field to your forms to prevent spam.


Akismet is a free (they do ask for donations) plugin that uses artificial intelligence to detect spam. Your contact forms are sent over to the Akismet service and analyzed to determine if the submission is spam or not.

Use this service in conjunction with Honeypot or Captcha and you’ll be spam free!

Gravity Forms

Akismet is integrated directly with Gravity Forms. Just activate the WordPress Akismet plugin (comes with WordPress), and then activate Akismet in the Gravity Forms page.

Contact Form 7

Akismet is integrated directly with Contact Form 7. Just activate the WordPress Akismet plugin (comes with WordPress) and follow the instruction here:


One thing is for sure now — you’ll definitely be able to wake up tomorrow with a cleaner inbox. Take that spammers!

See part 2 on how to prevent comment spam on your WordPress blog.