Prevent Form & Comment Spam (for Free!) With Forminator

Prevent Form & Comment Spam (for Free!) With Forminator

Ridding your site of Spam comments and registrations is an on-going battle. But if you arm yourself with the best defenses, you’ll be much better poised to win the war.

Forminator is a free, easy-to-use WordPress form builder plugin that protects your forms from bogus comments and registrations at all times, using a combination of industry-leading anti-spam tools.

Preventing form and comment spam in WordPress starts by zeroing in on how it gets through. With spammers and bots growing by the day, tools that recognize (and stop) them with a high degree of accuracy is vital.

When creating a form in Forminator, like a new user registration, you can enable a combination of the most successful methods for eliminating spam.

In this article, we’re going to look at what the top tools of the trade are when it comes to the prevention of form and comment spam. Then we’ll see how to put each one into action in Forminator’s settings.

It won’t be long until you see that Forminator’s spam protections are fastidious and formidable.

Continue reading, or jump ahead using these links:

Let’s look at the tools in Forminator that help to keep spam at bay.

Triple Threat (Protection)

As the cunning moves spammers & bots use continue to rise, so do (thankfully) the tools to outsmart them.

Forminator takes full advantage of the most solid contenders available. The top three–while not foolproof—are highly popular and effective in their own right.

Captcha

Forminator has two different Captcha options available for you to implement: reCAPTCHA and hCaptcha.

ReCAPTCHA Banner
ReCAPTCHA Banner

Google’s reCAPTCHA has been at the forefront of bot mitigation for over a decade. Applying continuous machine learning to overcome the binary logic of traditional challenge-based detection technologies, it actively protects the data of five million sites.

Using an advanced risk analysis engine and adaptive challenges, reCAPTCHA keeps malicious software from engaging in abusive activities on your website. Meanwhile, legitimate users will be able to login, view pages, create accounts, and complete transactions with little to no fuss–especially with reCAPTCHA v3.

reCAPTCHA is free, even for Enterprise accounts–for up to 1 million Assessments per month.

hCaptcha Banner
hCaptcha Banner

hCaptcha, from Intuition Machines (IM), provides reliable bot detection while being simple for humans to solve. It presents Captcha challenges that are difficult for bots but easy for people, by collecting difficult-to-label data from machine learning problems and using it to distinguish whether a website or app visitor is human.

Both reCAPTCHA and hCaptcha come with visible or invisible options in Forminator. Sign-up is required for both, but is easy and free. You can use either one throughout your site on different forms, but only one per each form.

Akismet

Akismet Banner
Akismet Banner

The brainchild of Automattic CEO and WordPress co-founder Matt Mullenweg, Akismet is one of the most popular WordPress plugins on the WP.org repository, and has been leading the crusade against spam since 2005.

Automatically checking site comments and contact form submissions against their global database of spam, Akismet allows you to review the filtered comment spam it catches for any false positives you’d want to let through.

API keys are also needed to activate this tool, and are free for personal use. There are paid subscriptions available for Plus, Enterprise, and Enterprise Plus, with different features and price points for each.

Akismet is integrated into many of the most used plugins, making for a smooth user experience.

Honeypot

Whereas the two options we just discussed are specific products, Honeypot is a method. In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.

Honeypot uses a decoy operation to ward off spam, set up purely to attract and detect potential attackers. By monitoring the decoy, the owner of the system can detect if they are being targeted by cyber threats.

The process involves placing a hidden field using JavaScript, CSS (or similar). Spambots automatically search and fill every form, so if this form gets filled in, chances are very good that it was a spam submission.

By employing this simple coding strategy, bots landing on your website will reveal themselves; a simple and effective way to ensure that you only send messages to genuine subscribers/customers, protecting their privacy and your company’s reputation.

Forminator Banner
Forminator Banner

Set Up Spam Protections in Forminator

Now that we know the tools at our disposal in the Forminator plugin, let’s look at how we can implement each one.

You’ll need to create a form first, so we’ll have something to attach spam protections to.

This is an easy task that takes only seconds. First, make sure to install & activate Forminator, if you haven’t already.

WPMU DEV AccountPRO

Our best pro WP tools in one bundle

Try free for 7 days
30-day money-back

Create a Form

  1. Navigate to the WordPress Dashboard > Forminator > Forms, then click on the blue + Create button.
  2. Select Registration (it will turn blue and add a checkmark in the corner), then click the Continue button.
  3. Type in a name, then click the + Create button.

Form created! That simple. The default template added a few fields for you, which you can add to, or remove from.

Creating a Registration Form
Creating a Registration Form with a template… done with a few clicks!

There are a stunning array of options and personalizations in Forminator, so making it your own is a lot of fun. For now, we’ll turn our focus back to the anti spam tools.

Enable a Captcha

  1. From the Edit Form page, click the Edit button next to your form.
  2. Click the purple + Insert Fields button.
  3. Select Captcha (it will turn blue and add a checkmark in the corner), then click the Insert Fields button.
  4. Next, you’ll select which Captcha type/version n you want to use, a threshold tolerance, and more. Of importance here, we need to input the API keys for it.
recaptcha setup
API keys need to be entered to use reCAPTCHA in forms.

Note: Each different Captcha type will require its own keys in your global settings. If you haven’t yet created APIs for your site, head over to your Google reCAPTCHA or hCaptcha and set them up (takes less than a minute), then return to Forminator to finish the configurations.

  1. Enter both of your API keys, then click the blue Save Settings button.

Setup complete. You can now check out a preview of what your form reCAPTCHA looks like.

recaptcha preview
Looks nice! We chose the v3 reCAPTCHA.

Enable Honeypot and Akismet

In order to use Akismet’s features in Forminator, you will need to install & activate the plugin, so make sure to do that first.

  1. Navigate to Forminator’s Dashboard, then open the form you created.
  2. From the Edit Form page, click Behavior from the left sidebar menu, then scroll down to Security.

    enable honeypot & akismet
    Honeypot & Akismet one-click settings in Forminator.
  3. Toggle the Enable Honeypot protection button ON (it will go from gray to blue).
  4. Toggle the Enable Akismet spam protection button ON (it will go from gray to blue).
  5. In the Akismet section, you will see two options for how Forminator should handle spam submissions:
    1. Fail Submission – This is the message visitors will see if they fail the spam check. You can customize this to say whatever you like; just type your desired text in the corresponding field.
    2. Mark as Spam – Entries marked as spam will be captured in the database, but not shown in Submissions. Additionally, Payments, Notification emails, and other automatic processes will be blocked.
  6. Enable logged in submission only – Toggle this feature ON, if you want to allow only registered users to submit forms.

Additional Settings

There is an abundance of options available for your form.

So many, in fact, it would require another tutorial completely—and we already have several great ones—so I won’t go into further detail here.

I will however, quickly list some of the many other features, so you can get an idea just how robust forms in Forminator can be.

  • Lifespan – choose your form’s expiry (never, by date, or by number of submissions)
  • After Submission Behaviors – use AJAX, or reload the page
  • Email Notifications – send customized emails to post form submission (includes advanced features)
  • Third-party Integrations – connect to apps via their APIs (Zapier, MailChimp, Google Sheets, Slack, & more)
  • Database Storage – set auto-deletion time; multiple option values
  • Submissions Privacy – choose retention length; handling of erasure requests
  • Fields – 25 (and growing!); plus e-signatures* (*Pro version only)
  • Appearance – design style, colors, fonts, container padding, custom CSS, & more

Forminator is more than just a great form builder with powerful spam tools baked in.

It also comes loaded with capabilities to create interactive polls, fun quizzes, feedback widgets, and some popular payment options. Truly, something for everyone.

Spam Distress? Try Forms with Finesse

While there’s no way to completely eradicate spam from the web, at least not that we know of presently, there are some incredibly effective tools that you can use.

One great option is to use a robust security plugin—Defender, for example, which uses IP Banning.

Another is to use a Web Application Firewall, which most good hosts nowadays will provide. WAFs often have country lock-out capabilities, so known locations of spammers and bots can be completely cut off.

And of course, as showcased in this post, you can use a plugin that enables a Captcha, Akismet, or Honeypot. With Forminator, you get all three of these top-of-their-game tools, along with easy options to implement them.

Forminator will make a big difference in shoring up your defenses against the nuisance of comment & registration spam, providing a strong—and free—resource, right at your fingertips.

Has your form and comment spam gotten worse lately? What tools do you use to cut down (or eliminate) them? Let us know in the comments below.

Janette Burhans

Janette Burhans Janette Burhans is a blog writer, WhiP & Roundup contributor, and content creator at WPMU DEV. Her professional career as an author and artist spans over two decades, half of those in the world of WordPress. Her writing has been featured in Glamour magazine, and her personal blog, Platinum Pink. Connect with Janette on Twitter & LinkedIn.