If there’s one thing that almost every website owner has encountered at some point in their life, it’s contact form spam! Like any contact form plugin for WordPress, Gravity Forms is prone to spam submissions.
The web is filled with bots that scour the internet looking for forms to submit. Spammers use bots to accumulate backlinks and promote their products and services. Dealing with spam is an unfortunate part of running your own website.
In this post, we’re going to explore the following six methods for reducing (and hopefully eliminating) Gravity Forms spam.
- Installing the free Gravity Forms Zero Spam plugin
- Hiding the submit button using conditional logic
- Enabling the Honeypot feature
- Using a paid service like Akismet
- Integrating Google’s reCAPTCHA
- Add a block list to Gravity Forms
By the end of this post, you will have significantly reduced, if not completely eliminated, your Gravity Forms spam! Keep reading to find out how 👇
1. Installing the free Gravity Forms Zero Spam plugin
The Gravity Forms Zero Spam plugin is the simplest and most elegant way to stop Gravity Forms spam.
Here’s why you should use Gravity Forms Zero Spam:
- It blocks spam without a CAPTCHA and has no impact on the user experience
- It doesn’t require users to solve puzzles or answer trivial questions
- It removes spam with minimal configuration or fuss
- It’s 100% free on WordPress.org!
We believe that spam prevention shouldn’t impact the user experience. That’s why we took over maintaining the Gravity Forms Zero Spam plugin in February 2021 and continue to update it regularly. This is definitely an effective way of removing spam (we even use it on our own website!). However, if you don’t want to install another plugin on your site, you can try one of the alternative methods below.
2. Hiding the submit button using conditional logic
One of the simplest ways to prevent Gravity Forms spam entries is by adding a test question to your form. The question should be something that’s easy for humans to answer, but difficult for bots to get right.
Here are some examples:
- 13 + 4 = ?
- What color is the sky?
- What’s the 5th letter of the alphabet?
After setting up your test question, you can use conditional logic to hide the “Submit” button until the question is answered correctly. This prevents bots from submitting your form in the first place.
To add conditional logic to your form’s “Submit” button, edit your form and click on the “Submit” button field at the bottom of the form editor to open the Field Settings panel on the right.
Now click on the tab that says “Submit Button Conditional Logic” to open the conditional logic settings. Here, you can hide the submit button until a certain condition is met.
In this example, we’re only displaying the “Submit” button when the answer to the test question “13 + 4 =” is the correct one (i.e., “17”).
If you’re not using Gravity Forms 2.6, you won’t find the “Submit” button in the form editor. Instead, you’ll need to go to your form settings, scroll down to the “Form button” section and add the same conditional logic rule there.
So, is this effective at preventing spam? While this method may be effective at reducing spam from bots, it may not be able to eliminate your form spam altogether. It’s also not the ideal solution from an accessibility point of view. As you can see, Gravity Forms displays a warning message about this.
3. Enabling the “honeypot” feature
Gravity Forms comes with a built-in anti-spam “honeypot” that helps to identify and prevent spam submissions. A honeypot is a hidden field that only bots can see. If a submission comes through with an answer supplied, it will be rejected as spam.
Honeypots are a good way to reduce form spam as they don’t impact the user experience. However, they aren’t perfect. For example, if a user’s browser auto-fills their submission, it may populate the hidden field, wrongly signaling that they’re a bot.
To enable the Gravity Forms honeypot field, go to your Form Settings, scroll down to “Form Options” and enable the Anti-spam honeypot option.
So is this method effective? You may find the anti-spam honeypot to be very effective, but it varies from website to website. For example, after enabling the feature on our own website, the amount of spam we received did not decrease.
4. Using a paid service like Akismet
Akismet is the most well-known anti-spam plugin for WordPress. It’s maintained by Automattic, the company behind WordPress.com. It’s also one of the few plugins that come pre-installed with WordPress itself.
To get started with Akismet, activate the plugin and create a free Akismet account. If you already have an account, simply enter your Akismet API key and click “Connect with API key”.
You may be wondering, when it comes to Gravity Forms spam prevention, is Akismet effective? The answer is yes! There’s a reason Akismet is the number one WordPress anti-spam plugin – it works. However, it’s also a paid solution and, depending on the size of your website, it can amount to a substantial monthly investment.
5. Integrating Google’s reCAPTCHA
Next on the list is the infamous Google reCAPTCHA. If you’re a regular internet user, you’ve probably encountered Google reCAPTCHA at least once before. In fact, many websites use it as their primary defense against spam.
Google’s reCAPTCHA technology requires users to check a box confirming they aren’t a bot. After doing that, Google receives all sorts of information about the user, including their IP address and mouse movements.
Google uses this information to identify bots and block them from sending form submissions. In some cases, Google struggles to make a prediction based on the information received and asks the user to complete a second challenge: image selection.
Gravity Forms supports Google reCAPTCHA v2 out of the box. To add a capture field to your form, open the Advanced Fields tab and select the CAPTCHA field.
For Google reCAPTCHA to work, you’ll need to sign-up for a reCAPTCHA API key pair and enter these keys in the reCAPTCHA settings on the Gravity Forms Settings page.
Gravity Forms also supports reCAPTCHA v3 but this requires you to install an add-on.
So, is reCAPTCHA effective? Well, most of the time it is. reCAPTCHA is not perfect though and as bots become more sophisticated, new vulnerabilities are found and exploited. Furthermore, CAPTCHAs require users to perform annoying tasks, negatively impacting the user experience. If Gravity Forms reCATCHA is not stopping spam, try another solution from this list.
6. Add a block list to Gravity Forms
The final way to block spam in Gravity Forms is by adding a block list that prevents submissions containing blocked words, phrases, or IP addresses.
To add a block list that checks for disallowed words and IP addresses, you can use the Gravity Forms Blocklist plugin by Gravity Wiz. This plugin allows you to validate a field’s value against the WordPress Disallowed Comment Keys validation.
Gravity Forms: stop spam submissions today!
Let’s face it, contact form spam is one of the most annoying things to deal with as a website owner. All websites are open to form spam, including WordPress websites running Gravity Forms.
In this post, we showed you five ways to reduce (and hopefully prevent) Gravity Forms spam. Our favorite way to reduce form spam is by using the Gravity Forms Zero Spam plugin. This plugin runs in the background, without impacting the user experience. It’s simple, elegant, and free to use!
So that’s it! No more tearing your hair out wondering just how to stop spam form submissions in Gravity Forms. Get started with Gravity Forms Zero Spam by downloading it from WordPress.org, or check out our full suite of essential add-ons for Gravity Forms.