What is Forminator in WordPress?

Forminator is a WordPress form builder plugin that allows users to create contact forms, payment forms, quizzes, polls, and surveys using a drag-and-drop interface.

Why do Forminator forms receive spam submissions?

Spam bots target online forms to send unsolicited messages, create fake registrations, or test payment forms. Without protection, Forminator forms can receive automated and manual spam.

How can I stop spam in Forminator forms?

You can stop spam by enabling Honeypot protection, using CAPTCHA integrations like reCAPTCHA, hCaptcha, or Turnstile, or installing dedicated anti-spam plugins such as CleanTalk or Akismet.

Does Forminator support Google reCAPTCHA?

Yes. Forminator supports Google reCAPTCHA integration, allowing administrators to verify users and reduce automated spam submissions.

Can I use hCaptcha with Forminator?

Yes. Forminator supports hCaptcha as a privacy-focused alternative to reCAPTCHA for protecting forms from bots and spam.

Does Forminator support Cloudflare Turnstile?

Yes. Cloudflare Turnstile can be integrated with Forminator to provide invisible bot protection without traditional CAPTCHA challenges.

What is Honeypot protection in Forminator?

Honeypot protection uses hidden form fields that are invisible to real users but detectable by bots. If completed, the submission is automatically identified as spam.

How does CleanTalk Anti-Spam work with Forminator?

CleanTalk provides cloud-based spam filtering that automatically blocks spam submissions without CAPTCHA, protecting contact forms, payments, surveys, and registrations.

Can Akismet protect Forminator forms?

Yes. Akismet can filter spam submissions by analyzing form content against its global spam database and blocking suspicious messages automatically.

Which anti-spam plugins are compatible with Forminator?

Forminator works with several anti-spam tools including CleanTalk, Akismet, WP Armour, OOPSpam, Maspik, and other universal WordPress anti-spam plugins.

Is CAPTCHA enough to stop spam in Forminator?

CAPTCHA helps reduce automated spam but cannot stop all attacks. Combining CAPTCHA with additional anti-spam tools provides more reliable protection.

How can I test Forminator spam protection?

You can test protection by submitting a form using known spam data or blocked email addresses and verifying that the submission is rejected.

Why are form notification emails going to spam?

Emails may go to spam if SMTP authentication is not configured. Using an SMTP plugin with a verified sender improves email deliverability.

What is the best spam protection setup for Forminator?

The most effective setup combines multiple layers such as Honeypot, a CAPTCHA or Turnstile verification, and a dedicated anti-spam plugin for advanced filtering.

Can spam protection improve form conversion rates?

Yes. Invisible spam protection solutions reduce friction for visitors, helping maintain a smooth user experience and improving form completion rates.

Does CleanTalk protect against donor email leaks?

Yes. Anti-Spam by CleanTalk helps protect against donor email leaks by obfuscating email addresses by default, including cases where emails may be exposed in HTML even if invisible on the page.

We received hundreds of spam donations immediately after installing GiveWP. How to fix it?

Install an anti-spam solution. As an additional mitigation, increase the minimum donation amount (for example to $10+) because bots often test donation forms with small amounts like $1–$5.

A donor is trying to submit recurring donations but the transaction isn’t being processed because the donor’s email is considered spam.

False positives can happen. Submit a support ticket or add the donor to the Allow list so their donations can go through.

Author: Denis Shagimuratov

Forminator Forms – Spam Protection Guide in 2026
If you use Forminator Forms, you may occasionally experience spam submissions. In the guide below, you’ll learn about several tools that help achieve complete spam protection for Forminator. In this post we will look at as built-in (in the plugin core) anti-spam tools like Honeypot, Google reCAPTCHA, hCaptcha, Cloudflare Turnstile. As well as, spam protection via third party plugins like Akismet, CleanTalk and OOPSpam.

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

First of all, let’s figure out what Forminator Forms are.

Forminator Forms is a powerful and user-friendly form builder plugin for WordPress that allows you to create contact forms, registrations, payment forms, quizzes, and polls without coding. Developed by WPMU DEV, the plugin has gained popularity for its flexibility and reliable spam protection designed to reduce spam submissions across websites. Since its release in 2018, Forminator has continued to evolve, introducing new integrations, improving usability, and strengthening tools that help website owners fight spam more effectively. The plugin supports payment providers such as Stripe and PayPal, enabling secure transactions while maintaining strong spam protection for payment and contact forms. Regular updates keep the plugin compatible with modern WordPress versions and current security standards, helping prevent spam attacks and automated bot activity.

As WordPress.org shows, Forminator is currently used on over 600,000 websites and has 2,034 user reviews with an average rating of 4.8.

Plugin Homepage at wordpress.org | Website wpmudev.com

Install Forminator Forms, Surveys, Quizzes, Polls, Calculations and More…
Installation is as easy as following these steps.

1. Search for the plugin in WordPress console -> Plugins -> Add plugin -> Search -> Type ‘forminator‘

Forminator search, install and activation.

2. Install and Activate the plugin.

3. Add the very first contact form in WordPress console -> Forminator > Forms -> +ADD NEW -> Customer service -> Contact form.

WordPress console -> Forminator > Forms -> +ADD NEW -> Customer service -> Contact form.

4. Click Publish in top-left corner.

5. That’s all! Your form is ready to go, just use a short code like this on any page or post of your site.
```
[forminator_form id="123"]
```
Form is ready to go, use shortcode.
Anti-Spam plugin by CleanTalk for WordPress

The next plugin we are going to use is the Anti-Spam plugin by CleanTalk. Here is a short description of it,
- CleanTalk is a cloud-based spam protection for websites, founded in 2012.
- It automatically blocks spam without CAPTCHAs or disrupting user experience.
- Protects multiple form types: contact forms, payment forms, registrations, comments, and surveys.
- Stops both automated bots and manual spam submissions.
- Uses advanced filtering algorithms and a global spam detection network.
- Detects spam activity based on IP addresses, email addresses, and behavioral patterns.
- Users can apply custom filtering rules.
- Allows filtering or blocking by IP, email, and country.
- Works automatically in the background with easy installation.
According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,165 reviews and an average rating of 4.8.

Plugin Homepage at cleantalk.org | Latest release at Github.com | Website cleantalk.org

Install the CleanTalk Anti-Spam plugin

Show Instructions

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you know how to completely protect your Forminator Forms from spam.

Check if spam protection works with Forminator Forms

The best way to text the spam protection by using a test email,

stop_email@example.com
1. Open page with your form (don’t forget to add the shortcode in the page content) in Incognito browser tab.
2. Fill out the Contact form using stop_email@example.com as sender’s email.
3. Send the form.
4. You should see a message from the Anti-Spam plugin confirming that a spam submission was blocked.
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

Spam submission was blocked in contact form by Forminator.

Cloud Dashboard

In addition, in the Cloud Dashboard you can find extra details regarding all submissions made via form,
- IP, Email of the sender. As well as history of activity a sender among other sites connected to CleanTalk’s cloud.
- Geolocation of the sender.
- Date and time of submission.
- Page (URL) of the submission.
- Cloud decision – Approved, Denied.
- Cloud explanation for the decision.
- Tools to move the sender to Block or Allow lists.
Anti-Spam Cloud Dashboard, Forminator form.

Google reCAPTCHA, hCaptcha, and Cloudflare Turnstile

Also, let’s have a look at cloud, anti-spam services that we have for Forminator forms,
1. The plugin has core integration with many CAPTCHA services,
  - Forminator integrates with Google reCAPTCHA, helping users reduce spam submissions while adding an extra layer of security to contact forms, registrations, and surveys. This allows website owners to protect their forms automatically without complex configuration. To activate this service obtain Site key and Secret key on the site.
  - hCaptcha support. Forminator users can reduce spam submissions while maintaining better privacy for visitors and improving overall form security.
    
    Key benefits of hCaptcha over reCAPTCHA,
    
    Better privacy for visitors. hCaptcha collects less user tracking data compared to Google reCAPTCHA, which is important for privacy-focused websites and GDPR-sensitive regions.
    
    Reduced dependence on Google services. Using hCaptcha allows Forminator users to avoid relying on Google infrastructure, which some organizations prefer for compliance or branding reasons.
    
    Potential monetization option. hCaptcha offers a program where site owners can earn small rewards for solving challenges, something reCAPTCHA does not provide.
    
    hCaptcha requires Site Key and Secret key as well, which can be obtained on site.
  - Cloudflare Turnstile. By integrating with Cloudflare Turnstile, Forminator users can protect their forms from spam and bots without showing traditional CAPTCHA challenges. Turnstile works invisibly in the background, helping improve user experience while maintaining strong spam protection for contact forms, registrations, payments, and surveys. This reduces friction for real visitors, increases form completion rates, and keeps submissions clean without interrupting the workflow.
    
    Main benefits of Cloudflare Turnstile over Google reCAPTCHA,
    
    Invisible verification. Turnstile works mostly in the background without puzzles or image challenges, so visitors can submit Forminator forms faster and with less frustration compared to reCAPTCHA.
    
    Higher form conversion rates. Because users are not interrupted by CAPTCHA challenges, contact forms, surveys, and payment forms typically see fewer abandoned submissions.
    
    Strong privacy approach. Turnstile is designed to minimize user tracking and does not rely on extensive behavioral profiling, which makes it more privacy-friendly than reCAPTCHA.
    
    Site Key and Secret key can be obtained on site.
  - All CAPTCHA services are aviable under settings Settings are under path WordPress console -> Forminator > Forms -> Settings -> CAPTCHA -> reCAPTCHA | hCaptcha | Turnstile.
Honeypot, Akismet and third-party Anti-Spam Plugins

Additionally, let’s consider standalone plugins and anti-spam mechanics that also works for Forminator forms,
1. Honeypot. Which is most simple anti-spam mechanic against primitive spam bots. It works by adding hidden fields that are only detected and filled by bots, allowing spam to be blocked automatically while legitimate users never see additional challenges. Because no CAPTCHA or interaction is required, honeypots help maintain a smooth user experience and improve form completion rates. This lightweight method is easy to enable and adds an extra layer of protection for contact forms, surveys, and registrations.
  - Settings are available per each individual form, the path is WordPress console -> Forminator > Forms -> FORM -> Settings -> Behavior -> Security. Please look at screenshots down below.
2. Third-party Anti-Spam plugins.
  - Akismet. Akismet helps Forminator users automatically filter spam submissions by analyzing form data against its global spam detection network. It works in the background to identify suspicious content and prevent unwanted messages from reaching your inbox or database. This reduces manual moderation and helps keep contact forms, surveys, and registrations clean. As a widely used WordPress anti-spam solution, Akismet is easy to enable and integrates naturally into existing WordPress workflows.
    
    In order to activate protection user must install, activate and get API key for third-party plugin Akismet and then turn integration under the settings WordPress console -> Forminator > Forms -> FORM -> Settings -> Behavior -> Security. Please look at screenshots down below.
  - WP Armour, OOPSpam, Maspik, and Simple CAPTCHA Alternative are universal anti-spam plugins for WordPress that provide reliable spam protection for Forminator users. All of these solutions can be found in the search results at wordress.org.
CAPTCHA services at Forminator settings. Google reCAPTCHA, hCaptcha, Cloudflare Turnstile.

Honeypot and Akismet in Forminator.

WP Armour, OOPSpam, Maspik, and Simple CAPTCHA Alternative.

Here is a guide by WPMU DEV. It tells how to protect Forminator with additional cloud services such as Honeypot (not as service), Google reCAPTCHA, hCaptcha, Cloudflare Turnstile. Third party plugins like Akismet, and OOPSpam.

Frequently Asked Questions (FAQ)
Cannot stop spam from coming through forms no matter what…

If nothing works in this guide, try a few more things,
1. Block spammers by particular IPs, Countries via Personal lists under your CleanTalk’s account.
2. Submit a support request, we will do our best to tune spam protection for your specific case.
v3 reCAPTCHA not saving in Forminator Settings. V2 shows ‘ERROR for site owner: Invalid key type’

Forminator’s team doesn’t have a solution for this error, but advices to switching to hCaptcha, read more.

Forminator x hCaptcha does not prevent spam

The main recommendation is to avoid relying on hCaptcha alone, enable Forminator’s honeypot protection, prevent plugin conflicts, and use layered anti-spam methods for better results. WordPress.org.

Emails from website contact form going to spam.

The recommended solution is to check SMTP configuration using a real email account so the website sends messages through authenticated mail servers instead of the default PHP mail system. Installing and configuring an SMTP plugin ensures proper email delivery and improves sender reputation, preventing form notifications from being marked as spam. WordPress.org.

Recommended Anti-Spam Stack for Forminator (2026)

Finally, no single anti-spam tool can stop every type of spam submission. The most reliable approach for Forminator users is a layered protection stack, where each tool blocks a different category of bots and spam behavior.

Recommended setup by site type
- Business website: CleanTalk + Honeypot.
- High-traffic landing pages: CleanTalk + Turnstile.
- Membership / registration sites: CleanTalk + Turnstile or hCaptcha.
By now, all spam issues in your Forminator contact, survey, poll, or quiz forms should be resolved. If not, Sign Up for an account and our support team will be happy to help you.

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking spam forms, surveys, polls and quiz answers — no CAPTCHA challenges and no impact on visitors.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 9, 2026
GiveWP – Spam Protection guide in 2026. Stop spam donations!
CleanTalk has added spam protection for GiveWP using direct form integration. This makes it a good opportunity to explore how to protect GiveWP against spam submissions using both built-in anti-spam tools integrated into the plugin core and third-party solutions. We will start with CleanTalk and then move on to Akismet, Google reCAPTCHA, Cloudflare Turnstile, honeypot techniques, and universal anti-spam plugins available on WordPress.org.

GiveWP banner at https://wordpress.org/plugins/give/

GiveWP – Donation & Fundraising Plugin for WordPress

In case of any misunderstanding or misinterpretation about which plugin we are referring to, allow me to provide a brief overview of GiveWP

GiveWP is a powerful WordPress donation plugin that helps nonprofits, charities, and organizations accept online donations directly on their websites. It allows you to create fully customizable donation forms and securely collect one-time or recurring donations without relying on third-party fundraising platforms. To maintain secure fundraising, GiveWP can be combined with spam protection solutions that help prevent fake donations, bot submissions, and fraudulent registrations. The plugin supports popular payment gateways such as PayPal and Stripe, making it easy for donors to contribute using their preferred payment method. Built-in reporting, donor management tools, and fundraising goal tracking help organizations monitor performance and grow contributions. With a wide range of add-ons and integrations, GiveWP scales from small campaigns to large nonprofit organizations while following WordPress best practices for reliability and security.

According to WordPress.org, over 100,000 websites use this plugin.

Install GiveWP – Donation Plugin and Fundraising Platform

Show Instructions

To have the plugin installed follow this steps,

1. Search for the plugin in WordPress console -> Plugins -> Add plugin -> Search -> givewp

2. Install and Activate the plugin.

3. Add a campaign and forms in WordPress console -> GiveWP -> Campaigns -> Forms.

That’s all! GiveWP is installed.

Anti-Spam plugin by CleanTalk for WordPress

The next plugin we are going to use is the Anti-Spam plugin by CleanTalk. Here is a short description of it,

CleanTalk Anti-Spam plugin for WordPress protects your site from spam comments, contact forms, registrations, and fake donations without CAPTCHA. It uses cloud-based spam detection and real-time databases to block bots automatically while keeping the experience smooth for real users. CleanTalk works in the background and requires minimal setup, making it a reliable hands-off anti-spam solution.

CleanTalk has additional features like Block and Allow lists to manage specific Emails, IPs, Countries, custom frontend message to blocked donations and Emails obfuscation which might be helpful during fundraising events.

According to WordPress.org, over 200,000 websites use this plugin. All features of Anti-Spam plugin for WordPress.

How to install CleanTalk Anti-Spam plugin

Show Instructions

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! GiveWP is completely protected, let’s see how to test the protection.

How to check spam protection for GiveWP Forms

You can test the work of Anti-Spam protection for GiveWP by using a test email,

stop_email@example.com
1. First, open the form in an Incognito browser tab.
2. Choose amount to donate.
3. In the next step fill out the account name data and the stop_email@example.com.
4. You must see a message as below and in the screenshot.
*** Forbidden. Fraud prevention. Sender blacklisted. Anti-Spam by CleanTalk. ***

In addition, in the Cloud Dashboard you can find extra details regarding all submissions for the donation form,
- IP, Email of the donator. As well as history of activity a sender among other sites connected to CleanTalk’s cloud.
- Geolocation of the sender.
- Date and time of submission.
- Page (URL) of the submission.
- Cloud decision – Approved, Denied.
- Cloud explanation for the decision.
- Tools to move the sender to Block or Allow lists.
What additional anti-spam tools are available for GiveWP?

Here are a few more tools on the market,
1. Akismet is a cloud-based anti-spam service that works in the background and has excellent compatibility with WordPress. Most importantly, the GiveWP team has included Akismet integration directly in the core of the plugin, providing a seamless user experience for those who choose Akismet as their anti-spam solution. Akismet settings are located under WordPress console -> GiveWP -> Settings -> Advanced -> Akismet SPAM Protection. Here is full guide how to setup protection.
2. Honeypot anti-spam techniques protect websites by adding invisible form fields that real users never see but spambots automatically fill in. When these hidden fields are completed, the submission is flagged and blocked, stopping spam without CAPTCHAs or user interaction. GiveWP has built-in honeypot which is located under settings WordPress console -> GiveWP -> Settings -> Security -> Enable Honeypot Field. This option is On in default setting, so should filter some primitive spam bots out of the box.
3. reCAPTCHA is a spam protection technology by Google that helps protect WordPress websites by distinguishing real users from bots using challenges or behavioral analysis. It reduces automated spam submissions but may require user interaction, such as clicking a checkbox or solving a challenge. GiveWP supports reCaptcha in the core and settings are located by path WordPress console -> GiveWP -> Settings -> General -> Access Control -> reCaptcha. The first step to activate this protection is getting Site and Secret keys, which are available on website.
4. Turnstile by Cloudflare is another great anti-spam tool which is available for GiveWP. Protects WordPress websites by verifying visitors automatically without CAPTCHAs or puzzles. It blocks bots using browser and behavioral signals while keeping the experience seamless for real users. One drawback is to use Turnstile user must install extra plugin – ‘Give – Cloudflare Turnstile’. The full guide is here.
5. And we have bunch of standalone, universal, all-in-one plugins like Zero Spam, OOPSpam, hCaptcha for WP which provide anti-spam protection for GiveWP as well. Here is a link to download one of them.
Here are screenshots for tools above.

I have questions… (FAQ)

Does CleanTalk protect against donors emails leak?

In July 2025, a vulnerability in GiveWP led to an email data leak of Pihole donators. Yes, Anti-Spam by CleanTalk helps protect against such issues. In this case, email addresses were exposed in the HTML code, even though they were invisible on public pages. The plugin prevents this by obfuscating email addresses by default.

We received hundreds of spam donations immediately after installing GiveWP plugin. How to fix it?

If you do not have specific anti-spam tool installed. Increasing the minimum donation amount can help stop spam, as bots usually test forms with small payments like $1–$5. Setting a $10+ minimum helps filter out these low-effort automated attacks.

A donor is trying to submit recurring donations but the transaction isn’t being processed because the donor’s email is considered spam.

False/positives sometimes happen. In this case just post a support ticket or put this donor in Allow list.

Final thoughts

I hope this guide helped resolve all spam issues on your donation form. If not, Sign Up for an account and our CleanTalk team will be happy to help.

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking spam donations — no CAPTCHA challenges and no impact on visitors.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 9, 2026
Avada Form Builder – Spam protection guide in 2026
Avada Form Builder is a great choice when you need to create contact forms, surveys, quizzes, and more. In this post, we will review available anti-spam services such as Google reCAPTCHA and Cloudflare Turnstile, tools like honeypots, and anti-spam plugins including CleanTalk, Akismet, hCaptcha, and OOPSpam available to Avada users as of March 2026.

Avada Form Builder https://avada.com/feature/form-builder/

Avada Form Builder, Avada Website Builder, Avada WordPress Theme and Plugins

First, let’s take a closer look at what Avada is and how it works.

Avada Form Builder is a flexible drag-and-drop form solution built directly into the Avada WordPress theme, allowing users to create contact forms, registration forms, surveys, polls, quizzes, feedback forms, and other interactive form types without installing additional plugins. It offers an intuitive visual interface that makes form creation fast and accessible for both beginners and experienced website owners. To help protect websites from unwanted submissions, Avada Form Builder supports built-in spam protection features and integration with popular anti-spam services such as Google reCAPTCHA, Cloudflare Turnstile. With proper spam protection enabled, website owners can reduce bot submissions, fake registrations, and malicious form activity while maintaining a smooth experience for real visitors. This improves data quality, saves administrative time, and keeps communication channels reliable.

In my personal opinion, Avada is a very flexible theme that offers many features out of the box. However, one downside is that it may require some time to build and launch the first version of a website using this theme. I spent more than hour to launch a demo site (including purchasing the theme), it’s much more my average installation process for a theme, which usually takes 10-15 minutes.

The theme is premium and costs $69, with 6 months of support included. Its official website is avada.com, and it can be purchased and downloaded from Envato Market. Envato Market shows 1,054,005 sales, 26.5k reviews with average score 4.78.

Anti-Spam plugin by CleanTalk

As the anti-spam solution, I’m going to use the Anti-Spam by CleanTalk plugin for WordPress. Let’s see what this plugin is.

Anti-Spam by CleanTalk is a cloud-based spam protection plugin that automatically blocks spam submissions on WordPress websites without using CAPTCHAs. It protects contact forms, registration forms, comments, surveys, polls, and other interactive elements from both automated bots and manual spam. Avada users can also protect Avada Form Builder forms, including contact forms, feedback forms, surveys, and registration forms, without adding extra CAPTCHA challenges for visitors. The service analyzes submissions using advanced filtering algorithms and a global spam database that tracks suspicious activity by IP addresses, email addresses, and other parameters. CleanTalk works in the background, allowing real visitors to submit Avada forms normally while blocking spam attempts automatically. Website owners can also review detailed logs of blocked submissions and manage personal allow and deny lists for IP addresses, email addresses, and countries.

According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,168 reviews and an average rating of 4.8.

Plugin Homepage at cleantalk.org | Latest release at Github.com | Website cleantalk.org

How to install CleanTalk Anti-Spam plugin

Click to see the Installation guide.

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now your WordPress website and Avada forms are protected from spam.

How to check spam protection

You can test the work of anti-spam protection for your Avada forms by applying a test email,

stop_email@example.com

Test sequence is,
1. Open a page with your form in Incognito Window.
2. Fill out the form with any valid data plus stop_email@example.com in the Email field.
3. Submit the form.
4. You should get a message like this,
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

Spam (test) submission is blocked at Avada form.

Cloud Dashboard

In the Cloud Dashboard you can find extra details regarding all submissions made via form,
- IP, Email of the sender. As well as history of activity a sender among other sites connected to CleanTalk’s cloud. Geolocation of the sender. Date and time of submission.
- Tools to move the sender to Block or Allow lists.
Cloud Dashboard, Anti-Spam Log, spam submission is blocked for an Avada form.

If you have any questions, add a comment and we will be happy to help you.

Create your Cleantalk account – Register now and enjoy your spam-free Avada forms.

You may view a complete list of CleanTalk Anti-Spam plugin features here. https://cleantalk.org/help/introduction

Google reCAPTCHA, and Cloudflare Turnstile

There are two anti-spam services integrated into the Avada forms core,
1. Google reCAPTCHA is the first services, that we have in the core. By analyzing user behavior and verifying whether a visitor is human, reCAPTCHA adds an extra layer of security to contact forms, registration forms, surveys, and other form types created with Avada. It is widely used and easy to integrate, making it a convenient option for many website owners. reCAPTCHA can help reduce the number of fake submissions and automated attacks targeting Avada forms. However, depending on the version used, it may also add additional steps for visitors, such as solving challenges or running background behavioral analysis.
  - Service is available under settings Settings are under path WordPress console -> Avada > Maintenance -> Forms -> Google reCaptcha.
  - To activate this service obtain Site key and Secret key on the site.
2. Cloudflare Turnstile provides an easy way for Avada Form Builder users to protect their forms from automated spam and bot submissions. Unlike traditional CAPTCHAs, Turnstile verifies visitors quietly in the background, helping reduce friction for real users filling out contact forms, registrations, surveys, or polls created with Avada. It integrates easily into websites and focuses on privacy by avoiding invasive tracking methods. For Avada users, this means stronger bot protection while maintaining a smoother and more user-friendly form experience.
  - Main benefits of Cloudflare Turnstile over Google reCAPTCHA.
    
    One of the main benefits is a better user experience, as Turnstile verifies visitors automatically in the background without showing image puzzles or interactive challenges.
    
    It also focuses more on privacy, because it does not rely on extensive user tracking or Google cookies.
    
    Turnstile is designed to be lightweight and fast, which can help maintain page performance on Avada-based websites.
  - Service is available under settings Settings are under path WordPress console -> Avada > Maintenance -> Forms -> CloudFlare Turnstile.
  - Site Key and Secret key can be obtained on site.
Cloudflare Turnstile settings. Avada theme.

Google reCAPTCHA settings. Avada theme.

Honeypot, Akismet, and Anti-Spam plugins

Here we have few additional anti-spam mechanics available for Avada users.
1. Akismet is one of the most popular anti-spam services for websites, with background spam checking as its key feature. Unfortunately,Akismet is not available for Avada users, either as an element or as an integration within the plugin, and I have found no evidence that such integration exists.
2. Honeypot is a simple anti-spam technique that works silently in the background. It adds an invisible field to your Avada forms that real visitors never see, but spam bots often fill out automatically. When the hidden field is completed, the submission is identified as spam and blocked before it reaches your website. The main benefit for Avada users is that honeypot protection does not require CAPTCHA or extra steps from visitors, helping keep the form experience fast and user-friendly while reducing automated spam.
  - This technique works through a form element. This is the best guide to activate a honeypot for your form
3. Also in the market we have universal, anti-spam plugins SilentShield, OOPSpam, hCaptcha and a few more that protects Avada users against spam. These plugins are listed in wordpress.org.
SilentShield, OOPSpam, hCaptcha as anti-spam plugins for Avada users.

Frequently Asked Questions (FAQ)

Is WP Armour compatible with Avada?

There is no evidence that WP Armour support Avada users.

I have problems with the reCaptcha, I have registered and put the key ods, but it’s not working.

You have to all the form elements enabled from the builder options. Here is the guide.

Does this come with captcha? or can google captcha work and be added to contact form?

Yes, you can definitely add Google reCaptcha to your contact form or login element with Avada.

Recommended Anti-Spam Stack for Avada Form Builder (2026)

Finally, here in March 2026 I can recommend the following anti-spam stack for Avada users.
1. Small Websites and Personal Blogs: CleanTalk Anti-Spam + Avada Honeypot field.
  - For small websites, portfolios, and personal blogs using Avada Form Builder, CleanTalk alone is often enough to stop most automated spam and manual submissions.
2. High-Traffic Websites, Agencies: CleanTalk Anti-Spam + Cloudflare Turnstile + CleanTalk personal allow/deny lists.
  - High-traffic Avada websites and agency projects often experience both automated and manual spam attacks. In this setup, CleanTalk performs the main filtering, SpamFireWall blocks bot traffic early, and Turnstile provides an additional verification step for sensitive forms such as registrations or payments. Website administrators can further refine protection using CleanTalk’s logs and personal filters by IP address, email, or country.
By this point, spam issues should be resolved on your site. If not, Sign Up for an account and our support team will be happy to help you.

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking spam forms, surveys, polls and quiz answers — no CAPTCHA challenges and no impact on visitors.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 5, 2026
reCAPTCHA v3 always returns 0.9 score. Avoid false positives
Many reCAPTCHA v3 users complain about always receiving a score of 0.9 despite multiple attempts and changes in their Google Cloud integration. In this article, we reproduce this issue and explain why reCAPTCHA always returns a score of 0.9.

Research Objective

Users complain that when testing reCAPTCHA v3, they always receive the same score of 0.9. However, in the same environments with reCATPCHA v2, the score varies.

What is a Score?

The score is the result of the reCAPTCHA check. The closer it is to 1, the more likely the visitor is human. The closer it is to 0, the more likely the visitor is a bot.

How reCAPTCHA v3 Works

Note: The following findings are based on publicly available code and our interpretation.
1. A user integrates the ReCaptcha script on a form page.
2. A unique frontend token is added to each form.
3. The script loads additional obfuscated code.
4. The obfuscated code collects frontend data (a “black box” not accessible due to Google’s code obfuscation).
5. Aggregated and encoded data + frontend token is sent to Google’s cloud to get a result token.
6. The result token is sent to the backend of the testing environment.
7. The backend validates the token via Google’s API, sending the backend token, result token, and the visitor’s IP address.
8. Based on the score result, the backend environment can decide whether to allow the visitor to proceed.
The backend environment decides whether to allow the visitor to proceed based on the score.

We believe reCAPTCHA v3 relies on machine learning based on the traffic environment. The exact decision-making algorithms are proprietary and remain a trade secret of Google.

Why You Always Get a Score = 0.9 in reCAPTCHA v3

ReCaptcha v3 relies on machine learning based on traffic data.

A consistent score of 0.9 indicates the system lacks sufficient data about your typical traffic to make an accurate decision. To avoid false positives, the system grants a 0.9 score to all visitors until trained.

Why You Get Score <> 0.9 in reCAPTCHA v2

ReCaptcha v2 does not use machine learning for decision-making. It operates in one of two modes:
1. in the user interaction mode (presence of click-the-flag mechanism on the page).
2. In silent mode (reCaptcha v2 badge on the page).
The data collection and processing occur in real time, allowing for accurate, immediate results. Learn more: https://developers.google.com/recaptcha/docs/versions.

Our Testing Process

Test Environment
- A PHP website running WordPress 6.2.
- ReCaptcha v3 integrated according to instructions.
Bot

A simple bot created in Python using Selenium. The bot was run from three IP addresses, emulating the following parameters
- headless
- user agents
- headers
- clicks
- form submissions
Process

The bot ran for 24 hours, performing sequential visits and form submissions with random parameters. No live traffic was sent to the site.

Results
- All bot requests returned a score of 0.9.
- The score did not change over time.
- No statistics appeared in Google Analytics.
  We hypothesize that traffic presence, volume, and quality in Google Analytics may act as a training marker for the ReCaptcha system.
How to Get an Accurate Score in a Test Environment

The reCAPTCHA v3 model assumes long-lasting training on live traffic. This means that the test environment must be loaded in the same way as the production environment. Which will undoubtedly cause some difficulties in deploying such an environment and getting the payload.

We believe that to get the right score a user will have to turn to testing in a productive environment. However, the policy of most companies we know of (including CleanTalk of course) restricts any testing in a production environment.

Unfortunately, we couldn’t find specific terms for the duration of training in Google’s official documentation. We believe that the duration of training depends on the following parameters:
- Traffic load
- Ratio of bots to real users
- Percentage of “intelligent” bots among total bot traffic
Without live traffic, no settings or configurations will yield an accurate score in a test environment.

CleanTalk’s Solutions
If you would like to try a reCAPTCHA alternative, please find more details about CleanTalk’s solutions below. There, we explain how to use the API, plugins, and ready-to-use libraries to protect against spam bots without issues such as a 0.9 score being assigned to every visit.

Here we show all the differences between CleanTalk as reCAPTCHA alternative.

CleanTalk Check Bot
- Decisions are made online without machine learning.
- Simpler integration—no need to manually add tokens to forms.
- Extensive documentation available: GitHub CleanTalk API
- Immediate and relevant testing results.
- Technical support response within 24 hours.
Anti-Spam Cloud for CMS

CleanTalk provides a cloud-based Anti-Spam service for websites, blocking spam in real time without CAPTCHAs. It integrates with CMS platforms like WordPress, Drupal, Joomla, and etc. Securing comments, registrations, and contact forms. Features include SpamFireWall, email validation, and detailed logs, ensuring seamless protection and improved user experience.

The best way to connect your site is to install one of our Anti-Spam plugins.

Anti-Spam CleanTalk API

CleanTalk offers a suite of APIs that integrate anti-spam functionalities into various applications. The Anti-Spam API includes methods like,
- check_newuser() for registration checks;
- check_message() for evaluating comments and contact form submissions;
- send_feedback() for moderator inputs.
The Database (Blacklists) API provides
- spam_check() to verify IP and email records against CleanTalk’s database;
- backlinks_check() to detect domains associated with spam;
- the ip_info() method returns country codes for IP addresses.
For managing personal lists and uptime monitoring, the Dashboard API offers dedicated methods. These APIs enable developers to enhance their applications’ security and spam prevention capabilities effectively.
March 4, 2026
Why do contact form 7 users prefer Anti-spam by CleanTalk against reCAPTCHA?
As a WordPress user let me share my experience of using CAPTCHA less and CAPTCHA style Anti-Spam tools on the example of Contact form 7.

Is reCAPTCHA good or bad for Contact form 7?

Contact Form 7 users may prefer Anti-Spam plugin by CleanTalk over reCAPTCHA for several reasons, as each solution has its own advantages and disadvantages. Here are some potential reasons why some users prefer Anti-spam by CleanTalk:
1. Simplicity: Anti-spam by CleanTalk offers a simpler and more user-friendly solution compared to reCAPTCHA. It doesn’t require users to solve puzzles or click checkboxes, which can be seen as an added step that may deter some visitors from submitting forms.
2. Reduced User Friction: reCAPTCHA can sometimes lead to a less than ideal user experience, especially for those who find it challenging to complete the visual or interactive challenges. Anti-spam by CleanTalk doesn’t require any user interaction, so it doesn’t add any friction to the form submission process. More drawbacks of CAPTCHA/reCAPTCHA.
3. Invisible to Users: Anti-spam by CleanTalk works invisibly in the background, so users are not aware of its presence. In contrast, reCAPTCHA typically requires users to complete a task to prove they are not a bot.
4. Accessibility: Some users have accessibility concerns with reCAPTCHA, as it relies on visual verification. Anti-spam by CleanTalk does not present accessibility challenges in the same way, making it a more inclusive solution.
5. Accuracy: Anti-spam by CleanTalk uses a combination of methods, including machine learning and a vast database of known spam sources, to identify and block spam submissions. This approach can be effective in detecting and preventing spam without relying on user interaction.
6. Reduced False Positives: reCAPTCHA, while effective at blocking bots, may occasionally generate false positives, blocking legitimate users. Anti-spam by CleanTalk aims to minimize false positives, ensuring that genuine inquiries are not inadvertently marked as spam.
7. Customization: Users have the ability to customize Anti-spam by CleanTalk settings to meet their specific needs and preferences, tailoring the spam protection to their site’s requirements.
8. Integration: Anti-spam by CleanTalk is designed to seamlessly integrate with Contact Form 7 and other popular form plugins, making it easy for users to implement spam protection without significant configuration.
Anti-Spam by CleanTalk

It’s important to note that the choice between Anti-spam by CleanTalk and reCAPTCHA may depend on the specific needs and preferences of individual website owners. Some users may prioritize ease of use and a seamless user experience, while others may prioritize the high level of bot detection offered by reCAPTCHA. Ultimately, the choice between these solutions should align with your website’s goals and the user experience you want to provide. Additionally, some users may opt to use both solutions in combination to enhance spam protection further.

How to install Anti-Spam by CleanTalk?

To install and configure the “Anti-Spam by CleanTalk” WordPress plugin for your website, follow these steps:

1. Log in to Your WordPress Dashboard:

Navigate to your WordPress admin dashboard by entering your site’s URL followed by “/wp-admin” (e.g., “https://yourwebsite.com/wp-admin“).

2. Access the Plugins Section:

In the WordPress dashboard, locate and click on the “Plugins” option in the left-hand menu.

3. Click “Add New”:

On the Plugins page, click the “Add New” button at the top of the screen. This will take you to the Add Plugins page.

4. Search for “Anti-Spam by CleanTalk”:

In the search bar on the Add Plugins page, type “Anti-Spam by CleanTalk” and press Enter. The search results will appear.

5. Install the Plugin:

Locate the “Anti-Spam by CleanTalk” plugin in the search results. Click the “Install Now” button next to the plugin’s name.

6. Activate the Plugin:

After installation, a new button will appear that says “Activate.” Click this button to activate the Anti-Spam by CleanTalk plugin.

7. Enter Your Access Key:

Once the plugin is activated, you’ll need to enter your access key to enable the anti-spam features. You can obtain the access key by signing up for CleanTalk on their website (https://cleantalk.org/) and subscribing to their service. After subscribing, you’ll receive an access key via email.

a. In the WordPress dashboard, go to “Settings” in the left-hand menu.

b. Click on “Anti-Spam by CleanTalk” from the submenu.

c. Enter your access key in the provided field.

d. Click the “Check Access Key” button to validate your access key.

8. Configure Settings:

Once your access key is validated, you can configure the plugin settings according to your preferences. The settings allow you to customize the anti-spam protection for your site, including options for comments, registrations, contact forms, and more.

9. Save Changes:

After configuring your settings, don’t forget to click the “Save Changes” button to apply your chosen anti-spam settings.

10. Verify That It’s Working:

To ensure that the plugin is effectively blocking spam, just use email stop_email@example.com in a contact form 7. You have to see a special response from Anti-Spam by CleanTalk that describes a reason for blocking.
```
*** Forbidden. Sender blacklisted. ***
```
Anti-Spam by CleanTalk shows the reason of blocking form submission.

11. Periodic Review:

Periodically review the plugin’s dashboard to check its performance and verify that it’s actively blocking spam submissions. CleanTalk provides statistics on the number of spam attempts blocked.

That’s it! You’ve successfully installed and configured the “Anti-Spam by CleanTalk” plugin on your WordPress website. This plugin will help protect your site from unwanted spam submissions and improve the overall security and user experience of your WordPress site.
February 25, 2026
WordPress CAPTCHA: Should You Use It or Not? Pros and Cons Explained
In today’s digital landscape, protecting your WordPress website from spam and malicious activities is paramount. One of the most common tools used to achieve this is CAPTCHA. However, whether to use CAPTCHA or not can be a topic of debate among website owners. This article will explore the pros and cons of using CAPTCHA on your WordPress site, helping you make an informed decision.

What is CAPTCHA?

CAPTCHA, which stands for “Completely Automated Public Turing test to tell Computers and Humans Apart,” is a security measure used to determine whether the user is a human or a bot. It typically requires users to solve puzzles, enter text from distorted images, or check a box to verify their humanity.

Types of CAPTCHA

Before diving into the pros and cons, it’s useful to understand the different types of CAPTCHA you might encounter:
1. Text-based CAPTCHA
  Users are asked to enter characters from a distorted image.
2. Image-based CAPTCHA
  Users select images that match a given description (e.g., select all images with traffic lights).
3. Checkbox CAPTCHA (CAPTCHA)
  Users simply check a box to confirm they are not a robot.
4. Invisible CAPTCHA
  This version works in the background and only challenges the user if it detects suspicious behavior.
Pros of Using CAPTCHA on WordPress
1. Spam Protection
  Benefit: CAPTCHA effectively prevents automated bots from submitting forms, which is crucial for reducing spam in comments, registration forms, and contact forms.
  Explanation: Bots often target forms to post spammy content or create fake accounts. CAPTCHA acts as a gatekeeper, allowing only genuine human interactions.
2. Enhanced Security
  Benefit: By blocking automated scripts and bots, CAPTCHA adds an extra layer of security to your WordPress site.
  Explanation: This can be particularly important for sites that process sensitive information or have user registration features, as it helps prevent brute-force attacks and data scraping.
3. Reduced Server Load
  Benefit: Limiting spam and bot traffic can reduce the load on your server, improving overall site performance.
  Explanation: Bots generating excessive requests can slow down your site or even crash it. CAPTCHA helps mitigate this risk by filtering out non-human interactions.
4. User Verification
  Benefit: CAPTCHA ensures that submissions (like comments or sign-ups) are made by real users, maintaining the quality and integrity of your site’s content.
  Explanation: This is especially useful for sites with user-generated content, where maintaining a community of genuine users is crucial.
5. Flexible Integration
  Benefit: Many WordPress plugins offer easy CAPTCHA integration for various forms and functionalities.
  Explanation: Popular plugins like Contact Form 7, WPForms, and others allow you to add CAPTCHA to protect your forms with minimal effort.
Cons of Using CAPTCHA on WordPress
1. User Experience Impact
  CAPTCHA can create friction in the user experience, potentially deterring visitors from completing forms or engaging with your site. Users may find solving CAPTCHA puzzles frustrating or time-consuming, leading to higher abandonment rates, especially on mobile devices.
2. Accessibility Issues
  CAPTCHA can pose significant challenges for users with disabilities, making it difficult or impossible for them to interact with your site. Visually impaired users, for example, may struggle with image-based CAPTCHAs, while others with cognitive disabilities may find the puzzles confusing. Even audio CAPTCHAs can be problematic for those with hearing impairments.
3. False Positives
  Sometimes, legitimate users can be incorrectly flagged as bots, preventing them from completing their intended actions. This can happen due to various reasons, such as users failing to solve the CAPTCHA correctly or using certain browser extensions that interfere with CAPTCHA detection.
4. Maintenance and Compatibility
  CAPTCHA implementations may require ongoing maintenance and updates to remain effective and compatible with your WordPress site. As bots evolve, CAPTCHAs must also be updated to stay ahead. Additionally, plugin conflicts or updates can sometimes cause compatibility issues, requiring troubleshooting and technical know-how.
5. Increased Load Time
  Adding CAPTCHA can slightly increase page load times, which might impact your site’s performance. Each CAPTCHA requires additional resources to render and validate, which can contribute to longer loading times, particularly if not optimized.
Alternatives to CAPTCHA

Given the potential drawbacks, you might wonder if there are alternatives to CAPTCHA that can provide security without compromising user experience. Here are a few options:

1. Anti-Spam Plugins

How it works: Plugins like CleanTalk analyze form submissions and user behavior to filter out spam without the need for CAPTCHA.
Benefit: They offer seamless protection with minimal impact on user experience.

After the Anti-Spam is installed and activated, it protects your website and all forms from spam bots, keeping them from overloading your site. That’s how the website “looks” for spam bots:

Protection of your forms will also triggered even before a form is submitted, thus protecting your forms from getting spammed. That’s how it “looks”:

“Also, take a look at what we think about the pros and cons of reCAPTCHA in our dedicated post, reCAPTCHA Alternative.”

2. Honeypot Fields

How it works: Hidden form fields are added that human users can’t see but bots will fill out. If these fields are completed, the submission is flagged as spam.
Benefit: This method is invisible to users and doesn’t affect their experience.

3. Time-Based Methods

How it works: Measures the time taken to complete a form. Bots typically submit forms almost instantly, whereas humans take longer.
Benefit: This is a passive method that doesn’t require any action from the user.

4. JavaScript-Based Solutions

How it works: Uses JavaScript to detect bots based on behavior and patterns that are unusual for human users.
Benefit: These solutions operate behind the scenes, making them less intrusive for users.

Conclusion

CAPTCHA is a simple and free tool that will help you eliminate most spam bots. It is very useful for users in the first stage of launching their WordPress website.

However, in the next step, you may need a more advanced solution. For example, one that will give much more protection against spam bots to increase the speed of your site, and also, will be completely invisible to save precious time of your site visitors. As such a solution, we recommend CleanTalk Anti-Spam, a service we have been improving for more than 10 years. The full list of features can be found here.

Consider your audience and the nature of your site when deciding. If your site handles sensitive information or has high spam vulnerability, CAPTCHA could be beneficial. However, for sites focused on user engagement and accessibility, exploring alternatives might be more appropriate.

Try Anti-Spam by CleanTalk for Free
February 24, 2026
wpForo Forum – Spam Protection
CleanTalk added spam protection for wpForo Forum multi-layout bulletin board using direct form integration. So in case, you prefer using wpForo be sure to use the most effective Anti-Spam plugin. Read the guide below and learn 4 steps to protect your wpForo Forms from spam.

Once the CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be wpForo forms but also many others.

Download CleanTalk Anti-Spam plugin | Download wpForo Forum

How to install CleanTalk Anti-Spam plugin

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you know how to completely protect your wpForo Forum plugin from spam.

How to check spam protection for wpForo Forms

You can test the work of Anti-Spam protection for your СonvertKit Forms by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

If you have any questions, add a comment and we will be happy to help you.

Create your CleanTalk account – Register now and protect your СonvertKit Forms from spam in 5 minutes

Update

The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

Additional features
- CleanTalk protects all forms at once: comments, registrations, feedbacks, contacts, reviews.
- Installation takes about 1-2 minutes.
- Smart 99% protection against spambots.
- Always online – 24/7 technical support.
- Logs, SpamFireWall, personal lists, country filters, stop-words, and many others.
Discover CleanTalk Anti-Spam plugin features.
February 19, 2026
How to Check wp-content for Malware with Security by CleanTalk?
WordPress powers a significant portion of the internet, making it an attractive target for cyberattacks. Ensuring the security of your WordPress website is paramount. One essential aspect of WordPress security is regularly checking your wp-content directory for vulnerabilities. In this article, we’ll guide you through the process of safeguarding your wp-content folder using the powerful Security by CleanTalk plugin.

Why Checking wp-content for Malware is Crucial?

Your website’s wp-content directory is a critical part of your WordPress installation. It contains themes, plugins, and uploaded media files, making it an attractive target for hackers. Malicious actors often seek vulnerabilities in this directory to compromise your website’s security.

Checking wp-content is vital because it allows you to:
1. Detect Unauthorized Access: Regular checks help you identify any unauthorized changes or suspicious files within your wp-content folder.
2. Prevent Malware Infections: Detecting malware early can prevent it from spreading throughout your site, damaging your reputation and potentially harming your visitors.
3. Maintain Website Performance: A compromised wp-content directory can slow down your site and disrupt its functionality. Regular checks help maintain optimal performance.
4. Protect Sensitive Data: Your wp-content directory may contain sensitive information. Ensuring its security safeguards your data and user information.
Introducing Security by CleanTalk

To streamline the process of checking your wp-content directory and enhancing your WordPress security, we recommend installing the “Security by CleanTalk” plugin. This comprehensive security plugin offers a wide range of features to protect your website, including:
1. Real-time Firewall: Defends your site against malicious traffic and hacking attempts in real-time.
2. Spam Protection: Blocks spam comments and registrations to keep your site’s content clean.
3. Malware Scanner: Regularly scans your website for malware, vulnerabilities, and unsafe permissions.
4. Login Page Security: Protects your login page from brute force attacks.
5. Two-Factor Authentication (2FA): Adds an extra layer of login security for administrators.
6. IP and Country Blocking: Allows you to block specific IP addresses or entire countries to prevent malicious access.
7. Security Audit Trails: Keeps a record of all security-related events on your site for monitoring and analysis.
How to Install Security by CleanTalk

Follow these simple steps to install and activate Security by CleanTalk on your WordPress website:
1. Login to Your WordPress Admin Dashboard: Navigate to your WordPress dashboard by entering your site’s URL followed by “/wp-admin” (e.g., “https://yourwebsite.com/wp-admin“).
2. Go to Plugins: In the left sidebar, click on “Plugins.”
3. Add New Plugin: Click the “Add New” button at the top of the Plugins page.
4. Search for “Security by CleanTalk”: In the search bar, type “Security by CleanTalk” and press Enter.
5. Install and Activate: When you see the plugin in the search results, click “Install Now,” and then click “Activate” once it’s installed.
6. Configure Settings: Visit the “Security by CleanTalk” settings page in your WordPress dashboard to configure the plugin’s settings to your liking. Be sure to set up the malware scanner to check your wp-content directory regularly.
7. Enjoy Enhanced Security: With Security by CleanTalk in place, your WordPress website is now fortified against threats, and your wp-content directory will be regularly monitored for vulnerabilities.
Security by CleanTalk at WordPress.

The Malware scanner checked and found an issue with wp-content.

The Malware scanner cured files at wp-content.

Conclusion

Regularly checking your wp-content directory is an essential part of maintaining a secure WordPress website. To simplify this process and ensure comprehensive protection for your site, we recommend installing the “Security by CleanTalk” plugin. With its wide range of security features, this plugin will help you safeguard your website, keeping it safe from threats and ensuring the integrity of your wp-content directory.

Anyway, if you are unsure how to identify, remove, or clean malware using the plugin, you can book a WordPress malware removal with our Security & Pentest team.

Don’t leave the security of your WordPress site to chance—take proactive steps today by installing Security by CleanTalk and regularly checking your wp-content folder for peace of mind and a secure online presence.
February 18, 2026

Why Even the Best Free Malware Removal Tools Can’t Cure Your Website Completely

If your website was developed using one of the popular CMS like WordPress or others, there are various security plugins for them, which provide permanent protection from malware. But what to do if your site is unprotected and you suspect that it has been infected? Let’s find out together.

6 signs that your website may be infected

First of all, let’s break down when it’s really time for you to think about cleaning your site of malware.

Unusual activity in Server logs
Server logs contain access logs that display the users who have recently accessed your website.
Your website is slow
Hackers deploy DoS attacks to overload your server resources, thus impacting your website speed and performance.
Emails ending in the Spam folder
This happens when your web server is infected with malware. As a result, email servers categorize your emails as “spam”.
Pop-up and Spam Ads
Usually happens when you have installed an insecure plugin or theme. Hackers earn money when visitor clicks on them.
Modified website files
To insert backdoors and other malicious code in your site, hackers often modify your website core files.
Website being redirected
Hackers often deploy cross-site scripting (or XSS) attacks to send your website traffic to unsolicited websites.

What is a manual malware removal

During a manual malware removal, a dedicated cybersecurity specialist is assigned to your site to work on your site from start to complete site cleanup.

Step 1: Clean up the bad stuff
Using SSH and admin access, the specialist reaches your website hosting and gets rid of all viruses, malware, malicious code, and bad links on your website.

Step 2: Restore the site from backup
In case you have a backup he restores the site from backup. Otherwise, he works with the site’s current version.

Step 3: Protect it from future infections
The specialist installs a permanent Security protection plugin to avoid infecting in the future.

Reasons to use manual malware removal instead of automatic

Sometimes automatic solutions can be enough to find the most known viruses and malware and often are low cost or free.

Automatic free malware removal tools can be effective at identifying and removing known malware from a website, but there are several reasons why they may not completely cure a website of all security threats.

Over-insurance and possible data loss
The problem is that they often over-insure and accept your files as bad ones, causing large file and data losses during automatic site cures. A specialist can always distinguish your files from malicious ones even if it’s a custom code.
Evolving Malware
Malware is constantly evolving, with new variants and techniques being developed by cybercriminals. Automatic tools may not always be able to keep up with the latest malware threats.
Hidden Malware
Some malware is designed to be stealthy and can hide in obscure locations within a website’s code or files. Automatic tools may not always detect these hidden threats.
False Positives
Automatic tools may sometimes flag legitimate code or files as malware, leading to false positives. This can result in the removal of essential components of the website, causing functionality issues.
Complex Infections
In some cases, websites may be infected with complex malware that requires manual intervention to fully eradicate. Automatic tools may not have the capability to address these intricate infections effectively.
Vulnerability Patching
While malware removal tools can remove existing infections, they may not address the underlying vulnerabilities that allowed the malware to compromise the website in the first place. It’s essential to also address security vulnerabilities and implement robust security measures to prevent future infections.
Human Expertise
Manual inspection and intervention by cybersecurity experts are often necessary to thoroughly assess the extent of an infection, identify potential backdoors, and ensure that the website is fully secure.

In conclusion, while automatic malware removal tools are valuable for initial detection and removal of known threats, they may not be sufficient to completely cure a website of all security issues. Manual inspection, ongoing security measures, and expert intervention are often necessary to ensure comprehensive protection against malware and other security threats.

Why it is profitable for you to use CleanTalk malware removal

100% refund in case of unsuccessful We will manually clean your site from viruses and malware or refund your money.	10+ years fighting malware of fighting malware and spam all over the Internet. We are aware of all the dangers that can threaten your website and how to deal with them.
30-day support Free 30-day help with reinfection. As a guarantee of our work we continue to be with you and will get back to work if needed.	50+ CVE reports published And we continue to share found vulnerabilities in our blog.
10 000+ active users A lot of loyal users that trust our experience and use our Security protection.	1 year of free Security Plugin Order your Malware Removal now and get 1 year of free Security plugin.

Clean your site from malware today

And get CleanTalk Security Plugin for 1 year for FREE

ORDER MALWARE REMOVAL

February 18, 2026

User Registration & Membership – Spam Protection Guide in 2026
CleanTalk has added spam protection for the User Registration & Membership WordPress plugin by WPEverest through direct form integration. If you use this plugin, be sure to enable the highly effective CleanTalk Anti-Spam solution. In this post, we also review all anti-spam options available for User Registration & Membership.

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

First of all let’s see what this plugin is,

User Registration & Membership by WPEverest is a powerful WordPress plugin for creating custom user registration forms, login pages, and membership websites without coding. It features a drag-and-drop form builder, user profile management, content restriction, and payment integrations for subscription-based sites. Ideal for communities, online courses, and client portals, the plugin helps website owners manage users and memberships efficiently while improving user experience.

According wordpress.org, this plugin is installed on 60,000+ sites. All features of Anti-Spam plugin by CleanTalk for WordPress.

Installing User Registration & Membership

There are few steps to be this plugin installed,
1. Go to WordPress console -> Plugins -> Add plugin, type ‘user’.
2. Install ‘User Registration & Membership’ by WPEverest and activate the plugin.
3. Next you see a setup screen, that can be skipped on this moment.
4. That’s all the plugin is installed!
On the next steps we work with page YOUR-SITE.COM/registration/.

By the if you want place the registration form on another page,
1. Follow to WordPress console -> User Registration & Membership -> Registration form.
2. Copy shortcode like this [user_registration_form id=”8″] from the right/top corner of screen and place on any other page you want to.
Anti-Spam plugin by CleanTalk for WordPress

In beginning a few words about the plugin that we are going to use against spam,

CleanTalk Anti-Spam plugin for WordPress automatically protects your website from spam comments, registrations, contact forms, and fake orders without using CAPTCHA. It uses cloud-based spam detection and real-time databases to block bots in the background while keeping the experience smooth for legitimate visitors.

According wordpress.org, this plugin is installed on 200,000+ web sites. To install the plugin please follow this guide.

The next step is testing the anti-spam protection.

How to check spam protection for User Registration & Membership

We are going to test protection and the most important step in this process to do it as a regular visitor, not as as authorized user/administrator in WordPress console!

Follow this,
1. Jump to YOUR-SITE.COM/registration/ in incognito mode in your browser.
2. Fill up the form using test email address s@cleantalk.org. This is a service email, using which do not cause block listing your IP in CleanTalk’s cloud.
3. You see response from the cloud like this,
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

That’s all! The protection is active and ready to go. If you have any questions, add a comment and we will be happy to help you. In addition, in the Cloud Dashboard you can find extra details regarding all submissions for registration form.

What additional anti-spam tools are available for User Registration & Membership?

On this day on the market there are a few more tools to protect User Registration & Membership against spam bots. As well as this plugin has some built-in tools. Let’s see what we have,
1. This plugin has built-in integration with Google reCaptcha version 2 and 3. reCAPTCHA by Google helps protect WordPress registration forms from spam by verifying that users are real people using behavioral analysis or interactive challenges. It blocks automated bot sign-ups and reduces fake registrations while allowing legitimate users to register securely.
  The settings located are here WordPress console -> User Registration & Membership -> Registration & Login -> Captcha. The Site and Secret keys are available on website.
2. The next tool is hCaptcha. hCaptcha is a privacy-focused CAPTCHA solution that protects WordPress registration forms from spam by requiring users to complete human verification challenges, helping block automated bot sign-ups. Unlike reCAPTCHA by Google, hCaptcha places stronger emphasis on user privacy and data control, making it a popular alternative for websites that want effective spam protection with less tracking.
  The settings located are here WordPress console -> User Registration & Membership -> Registration & Login -> Captcha. The Site Key and Secret key are available on website.
3. Next is Turnstile by Cloudflare. It protects WordPress registration forms from spam by automatically verifying visitors using browser and behavioral signals without showing CAPTCHA challenges. Unlike reCAPTCHA, Turnstile is designed to be privacy-friendly and frictionless, reducing spam registrations while keeping the signup process seamless for real users.
  The settings located are unde same path as tools before WordPress console -> User Registration & Membership -> Registration & Login -> Captcha. The Site Key and Secret key are available on website.
4. There are also bunch of universal anti-spam plugins like Simple CAPTCHA Alternative by Elliot Sowersby, WP Armour and etc. All of them can be found on wordpress.org.
As my research shows there is no plugins or direct integration with Akismet.

I have questions…

What if I don’t use User Registration & Membership plugin, but still have spam registrations (users)?

In this case, Anti-Spam by CleanTalk is the best way to get rid of standard wordpress registration forms spam.

Does this guide work for WPforo plugin?

No, it does not. Read this guide instead to protect WPforo Forum against spam registrations.

How about spam protection for s2Member plugin?

Please use another guide in order of s2member spam protection.

Final thoughts

I hope this guide helped resolve all spam issues on your registration form. If not, Sign Up for an account and our CleanTalk team will be happy to help.
February 15, 2026