Tutorials -

How to… Prevent Spam Form Entries

By Brenda Barron Published June 29, 2021

While forms are a necessary component of your website, getting spam submissions can be very frustrating and a huge drain on time and resources. However, the good news is that there are numerous strategies you can implement to protect your forms from spam entries.

In this post, we’ll talk about what form spam is, why form spam happens, and how you can prevent it. We’ll discuss Gravity Forms’ newest add-on, Google reCAPTCHA, which supports Google reCAPTCHA v3, as well as some built-in features like honeypot and conditional logic. We’ll also share some news about the Gravity Forms Akismet Add-On, coming soon!

Let’s get started…

What Are Spam Form Entries?

In layman’s terms, spam form entries are any unwanted messages that end up in your WordPress admin and in your inbox through your website’s forms.

In technical terms, form spam happens when malicious internet users or bots submit unwanted messages using online forms with the end goal of phishing, hacking, scamming, or sending abusive messages.

Why and How Does Form Spam Happen?

Form spam can happen in two ways: manual spamming and spam bots. Let’s explain the differences between the two…

Manual Spam

Manual form spam happens when companies hire people to fill out forms with information that’s irrelevant to the article topic. Those are pretty generic looking comments and they often link back to the company that hired them.

This type of spam is the most annoying and the most time-consuming as humans can get through all of the roadblocks that you decide to use to prevent spam form submissions. This type of spam is mostly associated with comment forms.

Spambots

Spambots are more likely to hit the actual forms on your website. This includes contact forms, payment forms, application forms, and any other type of form you have on your site.

Spambots will use the forms to submit information and will, in some cases, try to inject malicious scripts that can infect your website and your server. Spambots “work” faster than humans and can often hit millions of websites per day.

This type of spam is easier to combat as spam bots are unlikely to successfully get around various spam-preventing measures.

How to Prevent Spam Form Entries With Gravity Forms

So now that you know what form spam is, let’s talk about how you can actually prevent it.

Gravity Forms has a selection of built-in anti-spam features and integrates with numerous add-ons that will help you to prevent spam form entries. Many of these add-ons and features can be used in conjuntion with each other to further protect your forms. Let’s take a look…

Google reCAPTCHA 3

reCAPTCHA has been around for quite a while now and the latest version is Google reCAPTCHA v3. This method returns a score for each request which is based on how a user interacts with your website. It never interrupts your visitors so there is no friction involved. This allows you to run it whenever you want without the reCAPTCHA having a negative impact on your conversions.

If you want to implement Google reCAPTCHA 3 on your website, Gravity Forms has you covered. We have a brand new reCAPTCHA Add-On that supports Google reCAPTCHA v3. This add-on is available to all customers – simply install and configure the Google reCAPTCHA Add-On and use it to protect your forms from spam entries.

reCAPTCHA v3 works by tracking actions on your site – Google then uses the data collected to identify possible spam or bot activity. All interactions on your site are given a score, with 1.0 being a likely good interaction, and 0.0 probably a bot.

When a form entry is submitted, the Google reCAPTCHA score that is generated by the interaction is then stored with the form entry. Gravity Forms will compare the score to the threshold established in your settings, and if the entry is less than or equal to that threshold, the entry will be sent to spam.

As mentioned, using Google reCAPTCHA v3 not only helps identify spam entries, it also ensures that your users aren’t interrupted during a form submission, which could lead to higher conversion rates. However, it is important to note that the use of reCAPTCHA v3 requires the sending of user behavior information from your site pages to Google servers.

Find out more information about Gravity Forms and Google reCAPTCHA v3.

Google reCAPTCHA 2

With Gravity Forms, you also have the option of adding Google reCAPTCHA v2 to your forms to help prevent spam entries. Google reCAPTCHA 2 offers several different methods for verifying your visitors are actual humans and not bots. You can choose between an invisible reCAPTCHA badge and the “I’m Not A Robot” checkbox.

The invisible reCAPTCHA badge works in the background which means your visitors don’t have to click on a checkbox to confirm they’re real users. Rather, the invisible badge is invoked directly when a user clicks on a button.

The “I’m not a robot” checkbox requires user interaction. They have to check the box to confirm they are real users. The user is then passed immediately or they have to complete additional verification such as checking all the squares that contain a car on an image.

For more information on Google reCAPTCHA v2, check out the Gravity Forms documentation.

Honeypot

Using the honeypot spam protection technique is a good accessible alternative to reCATPCHA.

The honeypot method relies on an extra field that’s added to your forms. The extra field is invisible to real users, thus it should be blank upon a legitimate submission of the form.

Bots, on the other hand, can see it and are not smart enough to leave the field blank. As a result, if the field is filled, then the form submission will be ignored and you won’t get a notification for it. Likewise, form entries will not be saved and add-ons won’t process the submitted information.

Gravity Forms has a built-in honeypot field that can be enabled for each individual form – for more information check out this documentation.

Conditional Logic On The Submit Button

Aside from dedicated spam-fighting features described above, there is another feature in Gravity Forms that can help you prevent spam form entries. The feature in question is conditional logic.

For example, you can add a simple question to your form that a human visitor can easily answer but a bot couldn’t. Then, enable the conditional logic for the submit button to only display if the question was answered correctly.

Here are some examples of simple questions you could ask:

• A panda is black and _____
• 4 + 7 = _____
• What goes up, must come _____
• A cow has how many legs? _____

Without the correct answers, bots won’t be able to submit forms, thus reducing the number of spam form entries on your website.

Akismet Anti-Spam

If you’ve been blogging for your business, you’ve probably come across the advice to install the Akismet Anti-Spam plugin on your website. The main role of this plugin is to prevent and filter out spam contact form entries and comments on your blog posts so you don’t have to deal with them.

Akismet works by checking form submissions and comments against its own global database of spam. It then returns a thumbs up or thumbs down and the submissions or comments get automatically marked as a legitimate or spam.

With the new Gravity Forms Akismet Add-On, you can now send more accurate data to Akismet which will check the submissions against its global database of spam – training, identifying and filtering out malicious entries. This will help identify spam form entries more accurately and, best of all, it all happens in the background so you can focus on growing your business.

For more information on the Gravity Forms Akismet Add-On, check out this article – How to Filter Spam Form Entries with Akismet.

Anti-Spam Add-Ons from the Certified Developers

On top of Gravity Forms Add-Ons and built-in features, our certified developers have also created a few plugins to help prevent spam form entries…

• Gravity Forms Zero Spam by GravityView uses JavaScript to append a custom input to the form; if the input is not found in the submission or value does not match the expected value the submission is marked as spam.
• Gravity Perks Limit Submissions by Gravity Wiz can be used to limit the number of entries that can be submitted by almost anything (user, role, IP, URL, field value) for almost any time period.
• Gravity Perks Blocklist by Gravity Wiz can be used to validate submissions against the WordPress Disallowed Comment Keys.

Ready to Stop Form Spam In Its Tracks?

Preventing form spam is a breeze with Gravity Forms! Find out how easy it is to implement the features discussed in this article by signing up for a free personalized Gravity Forms demo. Build forms with our drag-and-drop form builder and explore all the features the plugin has to offer.

Get Started with Your Free Gravity Forms Demo.