block spam

How to Block Spam Contacts in WordPress

Posted on by Prakash Tiwari

Spam contacts are a big problem for many WordPress websites. You probably know the frustration if you run a blog, a business site, or an online store. You set up a contact form to hear from real people. Instead, you get fake messages, scams, and junk emails.

Spam wastes your time, fills up your inbox, and, if it is cumbersome, even crashes your email system.

The good news is that you can block spam contacts in WordPress. You can do it easily with the correct settings, plugins, and small tricks. In this guide, I will show you how to block spam contacts on your WordPress site.

Why Do You Get Spam Contacts in WordPress?

Spammers use automated bots to scan websites. They look for contact forms, comment forms, and registration pages. Once they find a form, they fill it with fake information and send it.

  • No spam protection on your forms.
  • Using simple forms that are easy to target.
  • Leaving comment forms open without any filters.
  • Not using CAPTCHA or other verification tools.

Now, let’s see how you can stop them.

Step 1: Use a Good Contact Form Plugin

The first step to blocking spam is using a suitable form plugin.

Recommended Form Plugins:

  • WPForms
  • Contact Form 7
  • Ninja Forms
  • Gravity Forms

These plugins have built-in tools to fight spam.

What to Look for in a Form Plugin:

  • Spam filters
  • CAPTCHA support
  • Honeypot technique
  • Email address validation

If you already have a form plugin, check if it supports these features.

Step 2: Add CAPTCHA to Your Forms

CAPTCHA is a simple tool that checks if a visitor is real.

You can add:

  • reCAPTCHA v2 (“I’m not a robot” checkbox).
  • reCAPTCHA v3 (invisible protection).
  • hCaptcha (an alternative to reCAPTCHA).

How to Add CAPTCHA in WPForms:

  1. Install and activate WPForms.
  2. Go to WPForms > Settings > CAPTCHA.
  3. Choose reCAPTCHA or hCaptcha.
  4. Follow the instructions to get your site key and secret key.
  5. Add CAPTCHA to each form.

Now, bots will have difficulty sending spam through your contact forms.

Step 3: Use the Honeypot Technique

A honeypot is a hidden field in your form. Humans cannot see it. Bots see it and try to fill it. When a bot fills the hidden field, the system knows it’s spam and blocks the message.

Most good form plugins offer honeypot protection.

How to Enable Honeypot in WPForms:

  1. Edit your form.
  2. Go to Settings > General.
  3. Find the Enable Anti-Spam Honeypot option.
  4. Make sure it’s turned on.

No extra work for users. No visual challenge like CAPTCHA. But very effective against bots.

Step 4: Limit Form Entries

Another way to fight spam is to limit how many times someone can submit a form.

You can:

  • Limit one entry per IP address.
  • Set time delays between form submissions.

How to Limit Entries:

If your form plugin supports it, go to form settings. Set rules to block multiple submissions from the same user within a few minutes.

This stops bots from sending dozens of spam messages at once.

Step 5: Block Bad IP Addresses

You can block spam manually if you notice spam coming from the same IP address.

How to Block IPs in WordPress:

  1. Go to your hosting control panel (like cPanel).
  2. Find IP Blocker or IP Deny Manager.
  3. Add the IP addresses you want to block

You can also block IPs with security plugins like:

These plugins automatically detect lousy behavior and block spammy IPs.

Step 6: Use Akismet to Block Spam Comments

If you get spam through comment forms, Akismet is your best friend.

Akismet is a plugin built by the WordPress team. It checks every comment and filters spam automatically.

How to Set Up Akismet:

  1. Go to Plugins > Add New.
  2. Search for Akismet Anti-Spam.
  3. Please install and activate it.
  4. Connect to Akismet using an API key (free for small sites).

Now your comments section will stay clean without fake messages..

Step 7: Disable Comments on Old Posts

Spammers often target old blog posts where you don’t expect much activity.

You can close comments on posts after a certain number of days.

How to Disable Comments on Old Posts:

  1. Go to Settings > Discussion.
  2. Check automatically close comments on posts older than.
  3. Could you set it to 30 or 60 days?

This reduces the chances of receiving spam comments.

Step 8: Use a Firewall to Block Bots

A good firewall stops terrible bots before they reach your forms.

Some good firewall plugins are:

  • Wordfence
  • Sucuri
  • Cloudflare (with free bot protection)

They protect your entire site, not just forms.

Step 9: Add Email Verification for Registrations

If your site allows user registrations, make sure to add email verification. This stops bots from signing up with fake emails.

Use plugins like:

  • WPForms (with user registration addon).
  • User Registration Plugin.
  • Ultimate Member.

These plugins send a confirmation email before allowing access.

Conclusion

Blocking spam contacts in WordPress is not hard when you take the proper steps. You can protect your forms, comments, and user registrations with tools like CAPTCHA, honeypots, firewalls, and good plugins.

Keep your site secure and well-maintained to stay one step ahead of spammers. Set up these protections today, and enjoy a spam-free WordPress site.