Built-In Anti-Spam Protection

WPForms includes built-in anti-spam protection using a honeypot technique. This is enabled by default on all forms and works by adding a hidden field that bots fill in but real visitors can’t see. Any submission that fills in the hidden field is automatically flagged as spam.

CAPTCHA Options

WPForms supports multiple CAPTCHA types: Google reCAPTCHA (v2 and v3), hCaptcha, and Cloudflare Turnstile. Configure these under WPForms → Settings → CAPTCHA. Once set up, you can add the CAPTCHA field to any form from the Standard Fields panel.

Custom Anti-Spam Settings

In individual form settings (Settings → Spam Protection and Security), you can enable additional filters including keyword blocking, country-based filtering, and minimum submission time checks. These help catch spam that gets past the honeypot and CAPTCHA.

When to Contact InnerMedia

If spam is still getting through despite these protections, contact InnerMedia. We can implement additional server-level measures, Cloudflare rules, or custom validation to stop persistent spam attacks on your forms.