When it comes to reducing the amount of contact form spam on your website, you have a few options to choose from or implement. Your first line of defense is setting up Google reCAPTCHA takes less than a minute or two. In most cases, this will be all you need, but if you find yourself being targeted by spambots here are a few more things to look into:
- Change WordPress Login & Registration URL — Another security measure that you can take is to change the URL of your login & registration pages. WPS Hide Login is a very lightweight plugin that lets you change the URL of the login & registration form pages easily and safely. No files in WordPress core are changed or renamed, and no rewrite rules are added. It simply intercepts page requests and works on any WordPress website.
- Use WordPress Antispam Plugins — Like Akismet, WordPress Zero Spam, and Antispam Bee, that protect your entire site from spam entries. They work independently of your forms, preventing spam comments on your website. A blacklist of words, names, and email addresses is used to compare submissions. Before you begin using any of these plugins, it is a good idea to read their instructions and details.
- Block Traffic by IP Address — If you notice a lot of spambot activity on your website, you can also block the IP addresses that they are coming from in order to protect your forms. The extra layer of security it provides can also block legitimate traffic from these IPs, so use it at your own risk. On the Discussion settings page of WordPress’ admin panel, add the IP addresses you want to block to the Comment Moderation field (screenshot). Site owners who are more advanced can do this through their host cPanel or a security plugin like Sucuri or Malcare.