Checkout the best WordPress Black Friday Deals

How to stop WordPress contact form spam using reCAPTCHA

Imagine receiving endless emails on your business email each day only to find that they are absolute junk. Not only do they not add any value to your business but also it makes it difficult for you to find and reply to legitimate emails.

Sometimes this number can go very well up to more than a few hundred emails a day if you’re unlucky. But hey, that’s what is bound to happen when your website has a contact form without an anti-spam mechanism in place.

I have been in the same situation and I understand that you don’t want to spend your time differentiating spam from real emails. In this article, I will be showing you how to stop WordPress contact form spam using checkbox and invisible reCAPTCHA. But before that, let’s see why people spam contact forms.

Why do bots spam contact forms

Nowadays, people are using bots to automate the whole process of spamming the web in the name of email outreach programs, business pitches, inquiries, and more.

Although manual spamming is still a thing, it is the bots that you should be afraid of. People get tired after a while or they just get bored of doing the same thing again and again. But bots don’t – that’s the difference. Large businesses with the resources hire people for manually sending out handcrafted emails.

But there are some malicious companies that outsource the whole process to shady agencies for a fraction of the cost. And depending on the bot’s configuration, it can even hammer your site down with spam if you don’t take action.

How to stop contact form spam

One of the simplest and most efficient methods to stop the bad bots from spamming your contact form is by enabling an anti-spam service with your contact form plugin. There are many anti-spam plugins out there available for WordPress but none of them matches the efficiency of reCAPTCHA.

Partly because it is developed by Google and partly because it’s been doing this job for quite some time. It also evolves constantly to stay updated on the latest spamming techniques to keep your site protected all the time.

What is reCAPTCHA

reCAPTCHA is a free anti-spam service provided by Google that can protect your WordPress site from contact form spam and automated abuse. It relies on a complex algorithm to differentiate between bots and real people.

With reCAPTCHA enabled on your site, you needn’t spend hours combing through your contact form submissions to weed out the spam form submissions. It automatically does the job for you by stopping the bots in the first place. In a few simple steps, you can also enable reCAPTCHA on your WordPress site to do all the work for you.

How to add reCAPTCHA to your contact forms

Now, let’s see how you can add a reCAPTCHA checkbox or invisible reCAPTCHA to your contact forms to stop contact form spam in WordPress.

Total Time: 15 minutes

Install and activate WPForms

WPForms is one of the best contact form plugins out there and it enables you to add reCAPTCHA to your WordPress forms no matter whether you are using the free plugin (Lite) or the Pro version. If you would like to learn more about WPForms, check out my complete WPForms review.wpforms logo

Configure reCAPTCHA settings

Once you have installed and activated WPForms in the previous step, navigate to the WPForms Settings page and click on the reCAPTCHA tab. Over here, choose Checkbox reCAPTCHA v2 as the desired reCAPTCHA version to add an interactive reCAPTCHA box (recommended).

If you want to use Invisible reCAPTCHA v2, I have covered it below this tutorial.wpforms recaptcha settings for wordpress forms

Access reCAPTCHA Admin console

Before you can start using reCAPTCHA on your website, you need to add your site using the reCAPTCHA Admin console. You can do this by visiting this page and clicking on the Admin console button in the recaptcha admin console

Register your website

Once you have logged into the reCAPTCHA admin console with your Google account, it will ask you to fill some essential information like your website name, domain name, and reCAPTCHA type. Under reCAPTCHA type, make sure you have chosen reCAPTCHA v2 and “I’m not a robot” Checkbox under it. Finally, hit the submit button.register new site on google recaptcha

Copy site key and secret key

It will validate the data you entered and display your site key and secret key for using reCAPTCHA on your WordPress site. Copy it to a safe place and don’t close this page as you will be needing it in the next step.recaptcha keys

Add keys to your WordPress site

Now, switch back to the WPForms Settings page which you had opened in Step 2 and paste your site key and secret key under the correct text boxes. And don’t forget to save the changes.recaptcha site keys for stopping spam

Add reCAPTCHA checkbox to your contact form

You can now start creating a new contact form on your site using WPForms and enable reCAPTCHA by selecting it from the Add Fields section (it’s as simple as clicking on the reCAPTCHA button). Once you have added the reCAPTCHA field, it will display a success message. If you are not sure if reCAPTCHA is active on your form, you can check for a reCAPTCHA enabled badge on your form preview. Most importantly, save the form.recaptcha enabled badge on form

Add the contact form to your site

Go to the page where you need the form to be displayed and embed the form using the WPForms Gutenberg block. Just insert the WPForms block and select your form from the dropdown. Now, you’re all set – just hit the publish button and view your contact form in action with reCAPTCHA.insert contact form using wpforms gutenberg block

If you look at it from the frontend, it should look like this –

recaptcha in wordpress form

How to add Invisible reCAPTCHA to your forms

Adding Invisible reCAPTCHA v2 to your contact forms is somewhat similar to the above process. First, choose Invisible reCAPTCHA v2 in Step 2 above and while registering your website in Step 4, choose reCAPTCHA v2 under reCAPTCHA type and select Invisible reCAPTCHA badge. Other than that, it’s the same.

Get WPForms now

Now that you have seen how to stop WordPress contact form spam using reCAPTCHA, it’s time for you to get WPForms. The free version is great. But if you are a power user or a business owner, you might want to get WPForms Pro. It comes with a lot of other useful features that can help grow and streamline your business process. My favorites are payment forms, electronic signatures, and conversational forms (Typeform-like experience).

2 thoughts on “How to stop WordPress contact form spam using reCAPTCHA”

  1. Thank you for this tutorial, Antony.

    Unfortunately, we are still getting spam after having configured and successfully tested reCAPTCHA v2.

    I’ve read reports of others sharing the same problem.

    Do you have any insight on that by any chance?
    Any idea of how spammers are “getting past” reCAPTCHA v2 challenges? Or do you think it’s actually humans submitting the message through a WPForm?

    Thank you for your help and leadership.


Leave a Comment