How to add spam protection to forms in WordPress
October 9, 2020 | Beaver Builder, Tips & Tricks, WooCommerce, WordPress
Gravity forms
reCAPTCHA
Gravity Forms integrates with reCAPTCHA, a free CAPTCHA service that uses an advanced risk analysis engine and adaptive challenges to keep automated software from engaging in abusive activities on your site. Please note, only v2 keys are supported and checkbox keys are not compatible with invisible reCAPTCHA. These settings are required only if you decide to use the reCAPTCHA field. Read more about reCAPTCHA. This option allows the reCAPTCHA field to be used in any form once its set.
- How to enable: go to dashboard > forms > settings > scroll down to reCAPTCHA settings and add information > save
- Requirements: site key, secret key – the customer must register their keys and provide both of them to the builder
Anti-spam honeypot
This option allows you to enable the honeypot spam protection technique, which is an alternative to the reCAPTCHA field. This option is enabled individually per form.
- How to enable: go to dashboard > forms > hover on one of the forms over the form’s individual settings > click form settings > scroll down to the bottom and enable the anti-span honeypot > save
- Requirements: n/a
Email Subscribe forms
Standard subscribe form module
The default beaver builder subscribe form module has a tab called “Captcha” which allows you to enable the reCAPTCHA field. There are 3 validation options: I’m not a robot checkbox (V2), invisible (V2) or invisible (V3). After enabling the reCAPTCHA field, paste the keys into the fields to activate the feature. Register keys for your website at the Google Admin Console. You need a different key pair for each reCAPTCHA validation type. More info about v3 reCAPTCHA.
- How to enable: beaver builder editor > subscribe form module > captcha tab > show reCAPTCHA field > select validation type > enter keys > save
- Requirements: site key, secret key – the customer must register their keys and provide both of them to the builder
PowerPack, UABB subscribe form modules
These modules do not include the option to enable reCAPTCHA
Registration forms
There are 2 different options for setting up a registration form with spam protection:
- Use the gravity forms user registration addon and enable reCAPTCHA or honeypot via gravity forms OR
- Use the UABB user registration form module and enable reCAPTCHA or honeypot from the anti-spam protection tab
Gravity form with user registration addon
For this option, install and activate the user registration addon. Then create the form in gravity, go to its settings and follow the same instructions listed above in the gravity forms section to enable reCAPTCHA or anti-spam honeypot.
- Requirements for reCAPTCHA: site key, secret key – the customer must register their keys and provide both of them to the builder
- Requirements for honeypot: n/a
UABB user registration form
For this option, add your UABB user registration form to a page, then from the anti-spam protection tab choose to either enable honeypot or to enable reCAPTCHA. This module lets you choose between reCAPTCHA versions V2 or V3 but you still need to register and enter the keys for it to work. Please register keys for your website at Google Admin Console.
- Requirements for reCAPTCHA: site key, secret key – the customer must register their keys and provide both of them to the builder
- Requirements for honeypot: n/a
Blog comments
In order to avoid spam, it’s a good idea to change some of the discussion settings in WordPress to disallow comments from just anyone. If the site has the ability to log in, enable the option “Users must be registered and logged in to comment,” then for the user registration, use one of the options listed above to make sure that the person creating their account to post a comment isn’t a bot. If the site is not one where logins are available, you can modify the discussion settings to best avoid spam. For example, you can modify the comment moderation settings, disallow comments entirely, enable the setting for comments to be manually approved, make people type in their email and name before leaving a comment, or disable them entirely by unchecking “Allow people to submit comments on new posts.”
- How to get here: dashboard > settings > discussion > modify and save
- Requirements: instructions from customer on how they want their comments to work
Facebook Comments
Another option for comments is to remove the comment box in themer, and replace it with the Facebook comments module. This allows readers to comment on your posts and pages using their Facebook Profile. No more struggles with Spam Comments. However, using the Facebook modules may require a Facebook APP ID to work properly.
Product reviews
Similar to blog comments, there are options that can be used to help reviews get left by people who aren’t bots. If the site allows logins, enable the option: Reviews can only be left by “verified owners.” Or disable product reviews and use a separate plugin like Yotpo.
- How to get here: dashboard > woocommerce > settings > products > general > scroll down for reviews, then modify and save
- Requirements: instructions from customer on how they want their product reviews to work – if yotpo, then additional reqs are needed