Gravity Forms is a great plugin for WordPress websites that allows you to create forms and collect data. Unfortunately, spammers have found ways to use the form builder tool as well, which can lead to an increase in spam submissions on your website. This article will discuss how we stopped Gravity Forms spam by creating captchas and setting up a honeypot field.
Spammers repeatedly filling out your website forms can be problematic and annoying; it’s best to stop it at the source.
Identifying Spammy Forms
Before you start, make sure you know where the spam is coming from. You can do this by adding a descriptive notification email subject line & adding a hidden referer tag on your form.
Adding a descriptive subject line:
Adding a hidden refer to the form:
The subject lines + hidden referrers will show you where the spam is coming from.
It’s easy to have a Gravity Form set up on an old PPC lander or an old staging server allowing spam form entries. Knowing where the form is letting in the majority of the spam could save you hours of troubleshooting time.
How to stop spam form entries:
*You can do all steps at once or one at a time until the spam stops.
1. Add a HoneyPot
A honeypot is an invisible field within the code. Humans cannot see the field, but robots can; if the field is filled out, the website knows it’s a spam bot.
How to enable honeypots in Gravity Forms:
- In WordPress, go to Forms >> Select a Form >> Form Settings.
- Towards the bottom of the page, you will see Form Options:
- At Anti-spam honeypot, Enable anti-spam honeypot.
- Update Form Settings (Save).
- Repeat for each form you’ve created.
2. Install Akismet
To use Akismet, install the WordPress Plugin.
Then under Forms >> Settings. Click Yes on Akismet Integration.
3. Add Google ReCaptcha
ReCaptcha is a free service provided by Google. It’s usually my last option because, depending on theme setups, it could create errors. These errors are few and far between but still are known to happen on poorly developed themes.
To install, sign up for a v2 ReCaptcha key, entering the keys into Gravity Forms Settings.
Things to remember for Google ReCaptcha:
- Only v2 keys are supported
- Checkbox keys are not compatible with invisible reCAPTCHA
Please note: If spam is backlogged in your email provider, it could take up to 24hrs for spam to stop coming through to your inbox.
Spam can be troublesome and annoying, please contact us if you need additional assistance.