If there’s one thing that almost every website owner has encountered at some point in their life it’s contact form spam! Like any contact form plugin for WordPress, Gravity Forms is prone to spam submissions.
The web is filled with bots that scour the internet looking for forms to submit. Spammers use bots to secure backlinks and promote their products and services. Dealing with spam is an unfortunate part of running your own website.
In this post, we’re going to explore five methods for reducing (and hopefully eliminating) Gravity Forms spam.
- Hiding the Submit Button Using Conditional Logic
- Enabling the Honeypot Feature
- Using a Paid Service like Akismet
- Integrating Google’s reCAPTCHA
- Installing the Free Gravity Forms Zero Spam Plugin
By the end of this post, you will have significantly reduced, if not completely eliminated, your Gravity Forms spam! Sound good? Keep reading to find out how.
1. Hiding the Submit Button Using Conditional Logic
One of the simplest ways to prevent spam is by adding a test question to your form. The question should be something that’s easy for humans to answer but difficult for bots to get right.
Here are some examples:
- 13 + 4 =
- What color is the sky?
- What’s the 5th letter of the alphabet?
After setting up your test question, you can use conditional logic to hide the “submit” button until the question is answered correctly. This prevents bots from submitting your form in the first place.
To add conditional logic to the form submit button, go to your form settings and scroll down to the “form button” section. Check the box that says “Enable conditional logic” and then add the appropriate condition.
In this example, we’re only displaying the “Submit” button when the answer to the test question (13+4) is the correct one (17).
Is it effective? While this method may be effective at reducing spam from bots, it may not be able to eliminate your form spam altogether. It’s also not the ideal solution from an accessibility point of view. As you can see, Gravity Forms displays a warning message about this.
2. Enabling the Honeypot Feature
Gravity Forms comes with a built-in anti-spam “honeypot” that helps to identify and prevent spam submissions. A honeypot is a hidden field that only bots can see. If a submission comes through with an answer supplied, it will be rejected as spam.
Honeypots are a good way to reduce form spam as they don’t impact the user experience. However, they aren’t perfect. For example, if a user’s browser auto-fills their submission, it may populate the hidden field, wrongly signaling that they’re a bot.
To enable the Gravity Forms Honeypot field, go to your Form Settings, scroll down to Form Options and enable the Anti-spam honeypot option.
So is this method effective? You may find the anti-spam honeypot to be very effective, but it varies from website to website. For example, after enabling the feature on our own website, the amount of spam we received did not decrease.
3. Using a Paid Service Like Akismet
Akismet is the most well-known anti-spam plugin for WordPress. It’s maintained by Automattic, the company behind WordPress.com. It’s also one of the few plugins that come pre-installed with WordPress itself.
To get started with Akismet, activate the plugin and create a free Akismet account. If you already have an account, simply enter your Akismet API key and click “Connect with API key”.
So when it comes to Gravity Forms Spam prevention, is Akismet effective? Yes! There’s a reason Akismet is the number one WordPress anti-spam plugin – it works. However, it’s also a paid solution and, depending on the size of your website, it can amount to a substantial monthly investment.
4. Integrating Google’s reCAPTCHA
Next on the list is the infamous Google reCAPTCHA. If you’re a regular internet user, you’ve probably encountered Google reCAPTCHA at least once before. In fact, many websites use it as their primary defense against spam.
Google’s reCAPTCHA technology requires users to check a box confirming they aren’t a bot. After doing that, Google receives all sorts of information about the user including their IP address and mouse movements.
Google uses this information to identify bots and block them from sending form submissions. In some cases, Google struggles to make a prediction based on the information received and asks the user to complete a second challenge: image selection.
Gravity Forms supports Google reCAPTCHA v2 out of the box. To add a capture field to your form, open the Advanced Fields tab and select the CAPTCHA field.
For Google reCAPTCHA to work, you’ll need to sign-up for a reCAPTCHA API key pair and enter these keys in the reCAPTCHA settings on the Gravity Forms Settings page.
Gravity Forms also supports reCAPTCHA v3 but this requires you to install an add-on.
So, is reCAPTCHA effective? Well, most of the time it is. reCAPTCHA is not perfect though and as bots become more sophisticated, new vulnerabilities are found and exploited. Furthermore, CAPTCHAs require users to perform annoying tasks, negatively impacting the user experience.
5. Installing the Free Gravity Forms Zero Spam Plugin
The Gravity Forms Zero Spam plugin is the simplest and most elegant way to stop Gravity Forms spam.
Here’s why you should use Gravity Forms Zero Spam:
- It blocks spam without a CAPTCHA and has no impact on the user experience
- It doesn’t require users to solve puzzles or answer trivial questions
- It removes spam with minimal configuration or fuss
- It’s 100% free on WordPress.org!
We believe that spam prevention shouldn’t impact the user experience. That’s why we took over maintaining the Gravity Forms Zero Spam plugin in February 2021 and continue to update it regularly.
Gravity Forms: Stop Spam Submissions
Let’s face it, contact form spam is one of the most annoying things to deal with as a website owner. All websites are open to form spam, including WordPress websites running Gravity Forms.
In this post, we showed you five ways to reduce (and hopefully prevent) Gravity Forms spam. Our favorite way to reduce form spam is by using the Gravity Forms Zero Spam plugin. This plugin runs in the background, without impacting the user experience. It’s simple, elegant, and free to use!