What is HappyForms in WordPress?

HappyForms is a WordPress form builder used to create contact forms, lead forms, quote requests, surveys, newsletter forms, and other custom forms. It allows website owners to collect submissions through public-facing forms and either save them in WordPress or send them by email.

Why do HappyForms forms receive spam?

HappyForms forms are public-facing and easy for bots and abusive senders to find. Once a form is available on a website, it can attract fake messages, junk submissions, irrelevant links, and low-quality leads. Without proper filtering, HappyForms can receive both automated and manual spam.

How can I stop spam in HappyForms?

The most effective way to reduce spam in HappyForms is to use a strong primary anti-spam layer such as CleanTalk and then add other controls only where they are truly needed. HappyForms also offers built-in honeypot protection and official Google reCAPTCHA integration, which can help reduce automated spam when used carefully.

How does CleanTalk Anti-Spam work with HappyForms?

CleanTalk works as a site-level anti-spam layer for WordPress forms, including HappyForms submissions. Once the plugin is installed and connected to the CleanTalk cloud, it can check form submissions before they are processed as normal messages. This helps block spam in the background without forcing visitors to solve CAPTCHA challenges.

Does HappyForms have built-in spam protection?

Yes, HappyForms includes built-in honeypot protection and also provides official Google reCAPTCHA integration. These tools can help reduce automated spam, but on websites with heavier spam pressure they are often stronger when combined with a broader WordPress anti-spam layer.

Should I use honeypot or reCAPTCHA in HappyForms?

They solve different parts of the problem. Honeypot is invisible and lightweight, which makes it useful as a first barrier against simple bots. reCAPTCHA adds another verification layer and can help reduce repeated automated abuse. In many cases, the best choice depends on how much spam the site receives and how much friction you are willing to add to the form experience.

Can CleanTalk protect HappyForms without CAPTCHA?

Yes. CleanTalk can protect HappyForms as a site-level anti-spam layer for WordPress and works in the background without requiring visitors to solve CAPTCHA challenges. This helps reduce spam while keeping forms easy to complete.

How can I test HappyForms spam protection with CleanTalk?

You can test spam protection by opening a page with your HappyForms form in an Incognito or private browser tab and submitting it with the test email address stop_email@example.com. If CleanTalk is working correctly, the message should be blocked or should not be processed as a normal form submission.

Can spam in HappyForms affect lead quality and workflow?

Yes. Spam in HappyForms can clutter inboxes, lower the quality of collected leads, waste time during manual review, and make real submissions harder to spot. Over time, this can hurt the efficiency of support, sales, and other workflows that depend on form submissions.

What is the best spam protection setup for HappyForms?

For most sites, the best setup is to use one strong primary anti-spam layer such as CleanTalk, keep HappyForms built-in honeypot enabled, and add Google reCAPTCHA only where extra verification is needed. Additional validation or tighter workflow controls can also help for quote forms, lead forms, or other higher-value submissions.

Can better spam protection improve HappyForms conversions?

Yes. When spam is filtered in the background and visitors are not forced to pass through unnecessary friction, forms are easier to complete. A smoother anti-spam setup can help reduce form abandonment and improve the quality of legitimate submissions.

Why does Contact Form 7 get spam so often?

Contact Form 7 forms are public-facing and easy for bots and abusive senders to find and submit at scale. Spam in Contact Form 7 is a normal operational issue, which is why the plugin supports multiple anti-spam layers instead of relying on a single defense.

What is the best way to stop spam in Contact Form 7 in 2026?

The most effective approach is a layered anti-spam stack. Inside the official Contact Form 7 ecosystem, the strongest starting point is usually Cloudflare Turnstile plus Akismet, supported by the disallowed list for repeated phrases, links, or IP-based abuse. CleanTalk can be added as an external no-CAPTCHA layer for broader WordPress-wide protection.

Should I choose Turnstile or reCAPTCHA for Contact Form 7?

If you want to stay within Contact Form 7's official CAPTCHA-style options, Cloudflare Turnstile is the better default choice. reCAPTCHA v3 is still supported, but it is mainly effective against bots and is weaker as a standalone layer against broader spam patterns.

Is Akismet enough on its own for Contact Form 7?

Akismet is one of the strongest native filtering layers in the Contact Form 7 stack, but it should not be treated as a complete one-plugin answer. It works best alongside another protection layer such as Turnstile, reCAPTCHA, or an external server-side anti-spam service.

Can CleanTalk protect Contact Form 7 without CAPTCHA?

Yes. CleanTalk works as an external server-side anti-spam layer for Contact Form 7 and WordPress more broadly. It blocks bot and human spam in the background without forcing visitors to solve CAPTCHA challenges.

How can I test Contact Form 7 spam protection with CleanTalk?

Open a page with your Contact Form 7 form in an Incognito or private browser tab, fill it out using the test email stop_email@example.com, and submit it. If CleanTalk is working correctly, the submission should be blocked and marked as spam.

Contact Form 7 says the message was sent, but I never received the email. Is that a spam issue?

Not necessarily. In many cases this is a mail deliverability problem rather than a spam-filtering problem. The message may be accepted by the form but later filtered, lost, or mishandled by the site's mail setup.

How do I improve email deliverability for Contact Form 7 notifications?

Use a From address on your own domain, set a proper Reply-To header for the sender's real email, and configure SPF and DKIM. If the site's local mail setup is weak, routing mail through a properly configured SMTP or email provider is usually more reliable.

What is Formidable Forms in WordPress?

Formidable Forms is a WordPress form builder plugin used to create contact forms, quote request forms, surveys, quizzes, registration forms, calculators, payment forms, and other custom forms. It helps site owners build advanced form workflows without custom development.

Why do Formidable Forms receive spam submissions?

Formidable Forms often run on public-facing pages, which makes them a common target for spambots and abusive senders. Contact forms, quote requests, surveys, quizzes, and registration forms can all receive fake entries, junk leads, and repeated automated submissions if no dedicated spam protection is enabled.

How can I stop spam in Formidable Forms?

The most practical approach is a layered anti-spam setup. CleanTalk can work as the main background spam filter, while honeypot protection, reCAPTCHA, hCaptcha, or Cloudflare Turnstile can be added as extra layers on high-risk forms. This helps reduce spam without making every form harder for legitimate visitors to complete.

How does CleanTalk Anti-Spam work with Formidable Forms?

After the Anti-Spam plugin by CleanTalk is installed and connected, it starts checking Formidable form submissions automatically in the background. It helps block spam submissions before fake entries clutter the website inbox or database, while keeping the form experience simple for real users.

Should I use CAPTCHA together with CleanTalk for Formidable Forms?

For many standard contact forms, CleanTalk alone is enough. But if a site has registration forms, quote request forms, surveys, or other public forms that attract repeated attacks, adding reCAPTCHA, hCaptcha, or Cloudflare Turnstile as a second layer can improve protection.

Can I use honeypot protection with Formidable Forms?

Yes. Honeypot protection can be used as an additional anti-spam layer for Formidable Forms. It works by adding hidden fields that real visitors do not see, but simple bots often fill automatically. Honeypot is useful for catching basic bot traffic, but it works best together with a broader spam filtering solution such as CleanTalk.

How can I test whether CleanTalk is blocking Formidable spam?

You can test spam protection by opening a Formidable form in an Incognito or Private browser window and submitting it with the test email stop_email@example.com. If CleanTalk is working correctly, the submission will be blocked and an anti-spam message will appear instead of a successful submission.

Why would a legitimate Formidable form submission be blocked as spam?

False positives can occasionally happen with any anti-spam system. This may be caused by unusual sender behavior, shared networks, VPN usage, aggressive browser settings, or conflicts with other security or CAPTCHA plugins. In such cases, the submission should be reviewed in the CleanTalk dashboard and trusted senders can be added to the allow list if needed.

Why are Formidable form notification emails going to spam?

If notification emails from Formidable Forms are going to spam folders, the issue is usually email deliverability rather than form spam filtering. To improve delivery, the website should use SMTP instead of the default PHP mail function and the domain should have valid SPF, DKIM, and DMARC records.

What is the best spam protection setup for Formidable Forms?

The best setup for most websites is a layered anti-spam stack: CleanTalk as the main background spam filter, Formidable’s built-in checks or honeypot as a lightweight extra layer, and reCAPTCHA, hCaptcha, or Cloudflare Turnstile only on the forms with the highest spam risk. This keeps the user experience smoother while improving protection.

Can better spam protection improve conversions on Formidable Forms?

Yes. When spam is filtered quietly in the background and real visitors are not forced to solve unnecessary CAPTCHA challenges, forms are easier to complete. Lower-friction protection can help reduce abandonment and improve conversions on contact forms, quote requests, surveys, and registration forms.

What is HivePress in WordPress?

HivePress is a free WordPress plugin for building directory and listing websites, such as business directories, classifieds, job boards, real estate catalogs or rental marketplaces. It adds custom listing types, search filters and user accounts on top of WordPress.

Why do HivePress sites receive spam registrations and listings?

HivePress sites rely on public forms for user registration, login, contact messages and Add Listing submissions. Spam bots and human spammers target these open forms to create fake accounts, publish low-quality listings or send unsolicited messages. Without dedicated protection, HivePress forms can receive both automated and manual spam.

How can I stop spam in HivePress forms?

You can significantly reduce spam in HivePress by using a layered protection stack. The core element is the Anti-Spam plugin by CleanTalk, which filters HivePress registration and Add Listing forms in the background without CAPTCHAs. On top of that, you can enable Google reCAPTCHA in HivePress settings, optionally add hCaptcha or Cloudflare Turnstile via separate plugins, use honeypot protection where available and turn on listing moderation for additional control.

How does CleanTalk Anti-Spam work with HivePress?

The Anti-Spam plugin by CleanTalk has a direct integration with HivePress. Once the plugin is installed and connected to the CleanTalk cloud, it automatically checks HivePress registration and Add Listing submissions before a new user account or listing is created. CleanTalk analyzes IP, email and form data in the cloud and blocks spam without showing CAPTCHAs, so HivePress forms stay protected and user-friendly.

Does HivePress support Google reCAPTCHA?

Yes. HivePress has a native integration with Google reCAPTCHA v2. Administrators can add their Site Key and Secret Key in WordPress under HivePress → Settings → Integrations → reCAPTCHA and choose which HivePress forms to protect, such as registration, login and listing submission. reCAPTCHA helps reduce automated spam while CleanTalk handles deeper spam filtering in the background.

Can I use hCaptcha or Cloudflare Turnstile with HivePress?

HivePress does not include native hCaptcha or Cloudflare Turnstile settings, but you can add these services through separate WordPress plugins. After installing an hCaptcha or Turnstile plugin, you enter your Site Key and Secret Key and enable protection for the forms used on your site. These tools can work alongside CleanTalk as additional CAPTCHA-style or invisible bot protection layers.

What is honeypot protection on HivePress forms?

Honeypot protection uses hidden form fields that are invisible to real users but detectable by bots. When a bot fills these hidden fields, the submission is automatically treated as spam and blocked. On HivePress sites, honeypot fields are usually added by security or form plugins at the WordPress level and can be used together with CleanTalk to catch simple automated bots without adding extra friction for visitors.

Can Akismet help protect HivePress sites from spam?

Yes. Akismet is a popular WordPress anti-spam plugin that analyzes submissions against its global spam database. It is especially useful for filtering blog comments and basic contact forms on HivePress-based sites. Akismet can be used together with CleanTalk: CleanTalk focuses on HivePress registration and listing spam, while Akismet helps keep comments and generic forms clean.

How can I test HivePress spam protection with CleanTalk?

You can test CleanTalk protection by submitting a HivePress registration or Add Listing form with the special test email address provided in the Anti-Spam plugin settings, for example stop_email@example.com. If CleanTalk is working correctly, the submission will be blocked with an anti-spam message and you will see this attempt logged as Denied in your CleanTalk cloud dashboard.

Why are notification emails from HivePress going to spam?

Notification emails from HivePress, such as new registration or listing alerts, may go to spam if your site is sending mail via the default PHP mail function and does not use proper SMTP authentication. To fix this, you should install and configure an SMTP plugin, send emails from a verified address and set up SPF, DKIM and DMARC records for your domain to improve deliverability.

What is the best spam protection setup for HivePress?

The most effective setup for HivePress is a layered anti-spam stack. Typically this includes CleanTalk Anti-Spam as the main filter for HivePress registration and Add Listing forms, Google reCAPTCHA enabled in HivePress settings for visible verification where needed, optional hCaptcha or Cloudflare Turnstile for privacy-focused or invisible checks, honeypot protection from security plugins and HivePress listing moderation for final content review.

Can better spam protection improve conversions on HivePress sites?

Yes. When spam is filtered in the background by tools like CleanTalk and visitors are not forced to solve multiple CAPTCHAs, registration and listing forms are easier to complete. Invisible or low-friction spam protection helps maintain a smooth user experience, reduces form abandonment and can improve conversions for directories, marketplaces and other HivePress-based projects.

Category: WordPress

AWeber Forms Spam Protection in 2026: How to Stop Fake Subscribers, Bot Signups, and Junk Leads

If you use AWeber forms on a WordPress website, spam will eventually become a real problem. Fake subscribers, bot signups, junk leads, and low-quality email addresses can quickly pollute your list and make your marketing data less reliable.

This guide explains how to set up AWeber forms spam protection using CleanTalk as the main filtering layer on your website, together with additional tools such as AWeber’s form options, double opt-in, frontend verification where appropriate, and stronger list-quality controls.

This approach can be applied to inline forms, pop-over forms, lightbox forms, popup forms, and AWeber forms embedded on WordPress sites.

AWeber Forms for WordPress

Before looking at protection methods, it helps to understand how AWeber forms are commonly used on WordPress websites.

AWeber offers sign-up forms for list growth and email marketing. Its WordPress plugin allows users to embed AWeber forms and landing pages on a WordPress site, while AWeber’s own documentation explains that forms can be placed through widgets, shortcodes, pages, posts, and other theme areas.

In practice, AWeber forms can help website owners:

collect email subscribers
grow lists through embedded or popup forms
run split tests on forms
send captured contacts directly into AWeber lists

That flexibility is exactly why spam becomes an issue. Once a form is publicly available, it can attract bots, fake signups, disposable email addresses, and repeated low-quality submissions.

As WordPress.org shows, the official AWeber WordPress plugin is currently used on over 9000 websites and has a rating of 2.6 out of 5 based on 25 reviews.

Plugin Homepage at WordPress.org | Documentation at AWeber Help Center

Why AWeber Forms Attract Spam

AWeber forms are designed to make subscribing easy. That is good for real visitors, but it also makes them attractive to bad traffic.

In real-world use, the most common issues usually include:

fake subscribers
automated bot signups
disposable email addresses
repeated submissions tied to incentives, lead magnets, or list-growth campaigns

This matters because spam does not only create clutter. It can lower lead quality, distort list growth metrics, reduce campaign efficiency, and make engagement data harder to trust.

Anti-Spam by CleanTalk

The main tool we’re going to use here is CleanTalk Anti-Spam.

CleanTalk is a cloud-based anti-spam service for WordPress sites. In practical terms, it helps filter suspicious signups before they become normal subscribers, checks sender reputation and email quality, detects automated and repeated abuse patterns, and reduces junk leads before they reach your AWeber list.

That matters because the real cost of AWeber spam is not only a messy list. It also means weaker segmentation, noisier reporting, and lower-quality marketing automation.

According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with thousands of reviews and an average rating around 4.9 out of 5.

Plugin Homepage at cleantalk.org | Latest release atGitHub.com

Install the CleanTalk Anti-Spam plugin

Show Instructions

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you know how to completely protect your HivePress from spam.

How to Check Whether Spam Protection Works

A simple way to test the setup is to use the following test address:

stop_email@example.com

Open the page with your AWeber form in an Incognito or private browser window.

Submit the form using that email address.

If everything is configured properly, the signup should be blocked or should not appear as a normal subscriber in your AWeber list.

When testing, check both sides of the process:

the frontend, to see whether the form accepts the submission
the AWeber list or email destination, to verify that the contact was not processed as a normal signup

This matters because a form may appear to submit on the surface while the real question is whether the contact actually made it into the list workflow.

Cloud Dashboard and Monitoring

Blocking spam is only one part of the job. Good protection also gives you visibility into what is happening.

In the anti-spam dashboard, it is useful to review:

sender IP and email
submission time
source page
approval or denial status
the likely reason a signup was flagged

This makes it easier to spot recurring spam waves, identify weak pages, and understand which forms attract the most junk traffic.

That visibility helps you fine-tune the setup over time instead of relying on guesswork.

How CleanTalk Fits into the AWeber Workflow

AWeber forms can be embedded on a WordPress website through the official plugin, widgets, shortcodes, or other placement methods. That means the strongest place to apply spam protection is before the submission is treated as a normal signup.

If your site uses the AWeber WordPress plugin, a site-level anti-spam layer can help stop suspicious signups before they are accepted as normal subscribers.

If the website uses custom placement, widgets, or shortcode-based form display, the filtering layer should still be applied before the submission is accepted into the list-growth workflow.

That is the key principle: do not wait until junk has already entered the list. Stop it earlier in the process.

Form Types, Double Opt-In, and Additional Anti-Spam Options

Besides CleanTalk, AWeber also offers several practical controls that affect spam risk and list quality.

Form Types

AWeber supports several sign-up form types, including inline, pop-over, lightbox, and popup forms.

These display options can affect both conversion and spam exposure. A highly visible popup may collect more subscribers, but it can also attract more low-quality submissions if it appears too aggressively on public pages.

Double Opt-In

Double opt-in is one of the most useful list-quality controls when the goal is not only to collect more contacts, but to collect better ones.

This is especially helpful when:

you want to reduce fake or mistyped email addresses
you care more about lead quality than raw signup volume
you want an extra confirmation step before a contact becomes fully active

Double opt-in will not block every kind of abuse, but it can significantly improve the quality of the subscribers who actually make it into your list.

Widgets, Shortcodes, and Placement Controls

AWeber forms can be placed through widgets, shortcodes, pages, posts, and other theme areas. That flexibility is useful for testing form performance, but it also means you should pay attention to where your highest-risk forms appear.

For example, aggressively displayed popups on public traffic pages may attract more junk than a quieter embedded form on a more targeted page.

Why AWeber Form Spam Becomes a Bigger Problem Over Time

Spam in AWeber forms is not just a temporary annoyance. It tends to become a list-quality problem.

Once junk subscribers start slipping through, they can:

clutter your list with low-value contacts
reduce trust in your growth numbers
waste time on cleanup and segmentation
make campaign performance harder to interpret

This is especially important for email marketing, where list quality often matters more than raw list size.

Comparison of Anti-Spam Approaches for AWeber Forms

Solution	Main role	Strengths	Limitations	Best use case
CleanTalk	Core site-level anti-spam filtering	Filters suspicious submissions before they become normal subscribers, works without classic CAPTCHA friction	Usually strongest when combined with list-quality controls	Sites that want the main anti-spam layer to protect AWeber list quality
AWeber double opt-in	Subscriber confirmation layer	Helps reduce fake or mistyped email addresses and improves list quality	Does not block every kind of spam before submission	Sites that prioritize lead quality over raw signup volume
AWeber form types and placement controls	Visibility and conversion control	Lets you manage where and how forms appear, can reduce abuse through more careful placement	Not a full spam filter on its own	Sites testing inline, popup, lightbox, or pop-over signup flows
Frontend verification tools	Extra anti-bot checkpoint	Can add an additional visible or invisible barrier against automated traffic	Can introduce friction and should not be the only protection method	Sites that need extra frontend verification on high-risk forms

In practice, the strongest starting point is to use one reliable primary anti-spam layer and then add confirmation or frontend controls only where they are truly needed.

Frequently Asked Questions

Why am I getting fake subscribers through my AWeber form?

This usually happens because the form is public, easy to submit, and not filtered strongly enough before the signup reaches your list. Bots, disposable emails, and low-quality manual submissions can all get through if the site relies only on basic frontend controls.

Why do new AWeber subscribers look real, but still hurt campaign performance?

Because not all bad signups look obviously fake. Some contacts use valid-looking addresses, but they never engage, never confirm, or only subscribed to claim a lead magnet or discount. Over time, these low-quality subscribers can distort list growth and weaken campaign results.

Is double opt-in enough to stop spam in AWeber?

Not by itself. Double opt-in helps improve list quality by filtering out mistyped or low-intent addresses, but it does not stop every fake signup before submission. It works best as a quality-control step, not as the only protection layer.

Why do I still get spam signups even after adding reCAPTCHA or other frontend checks?

Because frontend verification only handles part of the problem. It can reduce some automated traffic, but it does not always stop disposable emails, repeated submissions, or more advanced abuse. Sites with heavier spam pressure usually need a stronger site-level filtering layer as well.

How can I tell whether spam is affecting my AWeber list?

Common warning signs include sudden spikes in subscribers, low engagement from new contacts, poor list quality, unusual growth from one form, and subscribers who never behave like real leads. If list size is growing but campaign quality is getting worse, spam or low-quality signups may be part of the problem.

What is the best low-friction setup for AWeber forms?

For most websites, the best low-friction setup is to use one strong background filtering layer, then add double opt-in only where list quality matters most, and keep extra frontend verification limited to higher-risk forms. This helps protect the list without making the signup process harder than it needs to be.

How can I test whether AWeber form protection is actually working?

Open the form page in an Incognito or private browser tab and submit it with the test email stop_email@example.com. Then check both sides of the process: whether the form accepts the submission on the frontend and whether the contact appears in your AWeber list. If the setup is working properly, the signup should be blocked or should not enter the list as a normal subscriber.

What should I do if real subscribers are being blocked together with spam?

Review the protection layers one by one. Check whether your filtering is too aggressive, whether frontend verification is set too strictly, and whether double opt-in or other rules are causing confusion. In most cases, the answer is not to remove protection completely, but to tune it more carefully so real signups can pass while junk is still filtered out.

Recommended Anti-Spam Stack for AWeber Forms (2026)

Use case	Recommended setup	Why it works
Standard email signup website	CleanTalk as the main anti-spam filtering layer + optional double opt-in	Helps block obvious spam and improves list quality
Lead magnet or incentive-based signup page	CleanTalk as the main anti-spam filtering layer + double opt-in + tighter form placement	Reduces fake signups and repeated low-quality submissions
High-traffic popup or lightbox forms	CleanTalk as the main anti-spam filtering layer + selective frontend verification	Balances strong filtering with practical frontend protection
Sites focused on low friction	CleanTalk as the main anti-spam filtering layer + inline or carefully placed forms	Adds protection while keeping the signup experience smoother
Split-test-driven list growth sites	CleanTalk as the main anti-spam filtering layer + AWeber split-test forms + list-quality review	Helps compare form performance without letting junk traffic distort results

Final Thoughts

No single anti-spam tool can stop every kind of unwanted AWeber form submission.

Some controls are better at improving list quality after signup. Others are better at reducing bad submissions before they ever reach the list. The most reliable approach is to combine one strong primary anti-spam layer with the signup and confirmation controls that make sense for your form strategy.

For most WordPress websites using AWeber forms, the strongest setup is to use CleanTalk as the main site-level anti-spam layer, then use double opt-in where necessary, and apply extra frontend controls only where they improve protection without adding too much friction.

This combination helps reduce fake subscribers, protect list quality, and keep your signup data more useful for real email marketing work.

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking fake subscribers, bot signups, and junk leads sent through AWeber forms — no CAPTCHA challenges and no extra friction for real visitors.

API Plugins

April 27, 2026

HappyForms Spam Protection in 2026. How to Stop Fake Messages, Bot Submissions, and Junk Entries

If you use HappyForms on a WordPress website, spam will eventually become a real problem. Fake messages, bot submissions, promotional junk, and low-quality entries can quickly start filling your inbox and wasting time.

This guide explains how to set up HappyForms spam protection using CleanTalk as the main filtering layer on your website, together with additional tools like HappyForms’ built-in honeypot, Google reCAPTCHA, and other practical controls. HappyForms is a WordPress drag-and-drop form builder for contact forms and other custom forms, and its plugin pages highlight one-click HoneyPot spam prevention plus the ability to save submissions in the WordPress database or send them to your inbox.

This protection approach can be applied to standard contact forms, lead forms, quote requests, newsletter forms, surveys, and other public-facing forms created in HappyForms.

HappyForms for WordPress

First, it helps to understand what HappyForms is and why spam protection matters here.

HappyForms is a WordPress form builder designed for creating many kinds of forms, from simple contact forms to surveys, applications, and other custom forms. Its WordPress.org listing presents it as a drag-and-drop builder, while the plugin FAQ states that submissions can be saved in the WordPress database or sent to your inbox.

In practice, HappyForms can help website owners:

create contact and inquiry forms

collect leads and subscriber details

receive quote requests and support messages

save submissions in WordPress or send them by email

That flexibility is exactly why spam becomes an issue. Once a form is publicly available, it can attract bots, automated scripts, and low-quality submissions.

As WordPress.org shows, HappyForms is currently used on over 20,000 websites and has 157 user reviews with an average rating of 4.8.

Plugin Homepage at WordPress.org | Documentation at Happyforms Help Center

Why HappyForms Attracts Spam

HappyForms is easy to publish and easy to use, which is good for real visitors but also appealing to bad traffic.

In real-world use, the most common issues usually include:

automated bot messages
junk promotional submissions
repeated inquiries with irrelevant links
fake leads or low-quality contact requests

This is not limited to one form type. The same risk applies whether you are running a basic contact form, a request form, a survey, or a lead-generation form.

Anti-Spam by CleanTalk

The main tool we’re going to use here is CleanTalk Anti-Spam.

CleanTalk is a cloud-based anti-spam service for WordPress sites. Its official WordPress plugin page positions it as CAPTCHA-free spam protection for forms, comments, registrations, subscriptions, fake orders, and other submission types, and the current listing shows more than 200,000 active installations.

In practical terms, CleanTalk helps by:

filtering suspicious submissions before they are processed

checking sender reputation and email quality

detecting automated and repeated abuse patterns

reducing junk entries that would otherwise reach HappyForms inboxes or saved submissions

That matters because the real cost of HappyForms spam is not only inbox clutter. It also means wasted time, lower lead quality, and more manual cleanup inside your workflow.

How CleanTalk Fits into the HappyForms Workflow

HappyForms runs inside WordPress, so the most effective place to apply protection is before the submission is treated as a normal message.

That means the focus should not be only on what the form looks like on the frontend. The more important point is what happens when the submission reaches WordPress.

If a site uses HappyForms for contact requests or lead capture, a site-level anti-spam layer can help stop suspicious submissions before they become normal entries.

If the website uses custom handling, automation, or extra logic after submission, the filtering layer should still be placed before the message is accepted into the workflow.

That is the key principle: do not wait until junk has already reached your inbox or saved entries. Stop it earlier in the process.

According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with thousands of reviews and an average rating around 4.7 out of 5.

Plugin Homepage at cleantalk.org | Latest release at GitHub.com

If your forms are built with HappyForms on WordPress, the simplest setup is to use the CleanTalk WordPress plugin.

Install the CleanTalk Anti-Spam plugin

To install the Anti-Spam plugin, go to your WordPress admin panel→ Plugins→ Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s all – Contact Form 7 are now protected From this moment,CleanTalk automatically protects the Contact Form 7 registration form (REST route /wp-json/Contact Form 7press/v1/users/), and the Add Listing form used to submit new listings.
You don’t need to paste any shortcodes – just use Contact Form 7 as usual, and CleanTalk will filter spam in the background.

Once that is done, your website has a background anti-spam layer that can help reduce suspicious HappyForms activity before unwanted messages reach their destination.

How to Check Whether Spam Protection Works

A simple way to test the setup is to use the following test address:

stop_email@example.com

Open the page with your HappyForms form in an Incognito or private browser window.

Submit the form using that email address.

If everything is configured properly, the submission should be blocked or should not appear as a normal legitimate entry in your form workflow.

When testing, check both sides of the process:

the frontend, to see whether the form accepts the submission
the form entries or email destination, to verify that the message was not processed as a normal inquiry

This matters because a form may still appear to submit on the surface while the real question is whether the message actually made it into your workflow.

Cloud Dashboard and Monitoring

Blocking spam is only one part of the job. Good protection also gives you visibility into what is happening.

In the anti-spam dashboard, it is useful to review:

sender IP and email
submission time
source page
allow or deny decisions
the likely reason a message was flagged

This makes it easier to spot recurring spam waves, identify weak pages, and understand which forms attract the most junk traffic.

That visibility helps you adjust the setup over time instead of guessing.

Honeypot, Google reCAPTCHA, and Additional Anti-Spam Options

Besides CleanTalk, HappyForms also includes or supports other useful anti-spam measures.

Honeypot

HappyForms highlights one-click HoneyPot spam prevention on its official plugin page. That makes honeypot the most natural built-in first layer against simple automated spam.

Honeypot is especially useful when:

you want an invisible anti-spam measure
you do not want to interrupt the user experience
you need a lightweight first barrier against simple bots

Its limitation is that it works best against simpler automation, not every type of spam.

Google reCAPTCHA

HappyForms provides official reCAPTCHA integration. Its help documentation shows that you can configure reCAPTCHA from Forms – Integrations, choose the version, and for reCAPTCHA v3 set a minimum accepted score.

reCAPTCHA can be helpful when:

you want a familiar anti-bot checkpoint
your site is seeing repeated automated submissions
you need an additional visible or score-based verification layer

At the same time, reCAPTCHA has tradeoffs. It can add friction and it should not be treated as the only line of defense.

Other Supporting Controls

Depending on the site, extra protection may also include:

stricter field validation
limiting exposed public forms
email quality checks
more careful handling of forms tied to incentives or lead capture

These do not replace anti-spam filtering, but they can make the overall setup more resilient.

Why HappyForms Spam Becomes a Bigger Problem Over Time

Spam in HappyForms is not just a temporary annoyance. It tends to become an operational problem.

Once junk submissions start slipping through, they can:

clutter inboxes and notifications
reduce the quality of collected leads
waste time on manual review
make real messages harder to notice

This is especially important if the site uses HappyForms not only for contact forms, but also for quote requests, support flows, surveys, or other business-critical communication.

Comparison of Anti-Spam Approaches for HappyForms

Solution	Main role	Strengths	Limitations	Best use case
HappyForms Honeypot	Built-in invisible anti-bot layer	Easy to enable, no visible friction, good against simple bots	Limited against more advanced spam patterns	Sites that want a lightweight first layer inside HappyForms
Google reCAPTCHA	Familiar anti-bot verification	Officially documented in HappyForms integrations, widely recognized, useful as an extra checkpoint	Can add friction and should not be the only protection method	Sites that want a built-in additional anti-bot layer
CleanTalk	Core site-level anti-spam filtering	Filters suspicious submissions before they become normal entries, reduces junk leads, works without classic CAPTCHA friction	Usually strongest when combined with other layers	Sites that want the main filtering layer to protect HappyForms submissions
Stricter validation and workflow controls	Supporting quality-control layer	Helps reduce low-quality entries and detect tighter abuse patterns.	Not a full spam filter on its own	Lead forms, quote forms, or higher-value submission flows

In practice, the most dependable starting point is to use one strong primary anti-spam layer and then add extra controls only where they are truly needed. For many WordPress sites, CleanTalk can serve as that main filtering layer, while HappyForms’ built-in honeypot, reCAPTCHA, and stricter validation can be added selectively if they improve protection without causing conflicts or unnecessary friction.

Frequently Asked Questions

HappyForms is receiving too much spam. Where should I begin?

Start with the form flow itself.

Check whether the built-in honeypot is enabled, review whether reCAPTCHA is active, and make sure there is a stronger filtering layer in place before submissions are treated as normal messages.

If junk keeps getting through, the problem is usually not the form design. It is the lack of enough filtering before the message is accepted.

Why do spam messages still appear even though HappyForms has built-in protection?

Because one built-in measure is rarely enough on its own.

Honeypot can catch simple bots, and reCAPTCHA can reduce some automated traffic, but neither one guarantees that all unwanted submissions will disappear. Sites with heavier spam volume usually need a stronger site-level filtering layer as well. HappyForms’ own materials show honeypot and reCAPTCHA as anti-spam options, not as a guaranteed all-in-one answer.

We enabled reCAPTCHA, but fake submissions still come through. What could explain that?

Usually, it means one layer is handling only part of the problem.

reCAPTCHA can help reduce automated abuse, but it does not automatically solve every case of junk submissions, repeated manual spam, or low-quality lead traffic. That is why it works better as a supporting layer than as the entire strategy.

Does honeypot still matter if I already use another anti-spam solution?

Yes, it can still be useful.

Honeypot is lightweight and invisible, so it can help catch simpler bot behavior before stronger filters even need to act. It is not enough by itself in every case, but it is still a worthwhile extra layer.

What setup works best for HappyForms in 2026?

For most websites, the strongest setup is layered.

A site-level anti-spam filter should do the main screening, HappyForms’ built-in honeypot can provide a frictionless first barrier, and reCAPTCHA can add an extra checkpoint when needed. HappyForms officially documents both honeypot on the plugin page and reCAPTCHA in the help center.

Why does HappyForms spam become harder to manage over time?

Because the damage is cumulative.

At first, junk entries may only seem annoying. Over time, they start affecting inbox quality, lead review, team workflow, and the ability to find real messages quickly. The longer they are allowed through, the more cleanup they create.

What should I do if real submissions are being blocked together with spam?

Review the protection layers one by one.

Check whether reCAPTCHA is configured appropriately, confirm that your stricter validation rules are not too aggressive, and look at the site-level filtering settings. In most cases, the answer is not to remove protection, but to tune it more carefully.

Recommended Anti-Spam Stack for HappyForms (2026)

Use case	Recommended setup	Why it works
Standard contact website	CleanTalk as the main anti-spam filtering layer + HappyForms honeypot + optional reCAPTCHA	Helps block obvious spam, reduce junk messages, and keep contact flows cleaner
Business website with valuable inquiries	CleanTalk as the main anti-spam filtering layer + Google reCAPTCHA + tighter field validation	Reduces bot submissions while improving lead quality
High-traffic public forms	CleanTalk as the main anti-spam filtering layer + HappyForms honeypot + reCAPTCHA	Balances strong filtering with practical frontend protection
Lead generation or quote request forms	CleanTalk as the main anti-spam filtering layer + stricter validation + optional reCAPTCHA	Helps reduce fake leads and low-quality entries before they reach the team
Sites focused on low friction	CleanTalk as the main anti-spam filtering layer + HappyForms honeypot	Adds protection while keeping the form experience as smooth as possible

Final Thoughts

No single anti-spam tool can stop every kind of unwanted HappyForms submission.

Some methods are better at catching simple bots. Others help add visible or invisible verification at the form level. The most reliable approach is to combine several layers so that each one covers a different part of the problem.

For most WordPress websites using HappyForms, the strongest setup is to use a site-level anti-spam layer such as CleanTalk, keep HappyForms’ built-in honeypot enabled, and add Google reCAPTCHA where extra verification is needed. HappyForms itself documents honeypot and reCAPTCHA as anti-spam measures, while CleanTalk provides broader site-level filtering for WordPress forms.

This combination helps keep bad submissions out of your workflow, reduces noise in your inbox, and makes it easier to focus on real inquiries.

If spam is still getting through, review the current setup and make sure you are not depending on only one control. In most cases, stronger protection comes not from adding more friction everywhere, but from placing the right filtering layers in the right parts of the submission flow.

Stop spam before it reaches your HappyForms inbox

Create your CleanTalk account and start blocking spam messages, fake leads, and junk submissions sent through HappyForms — no CAPTCHA challenges and no extra friction for real visitors.

API Plugins

April 21, 2026

How to Stop Spam in Contact Form 7: Best Protection Methods in 2026
Contact Form 7 remains one of the most widely used contact form plugins in the WordPress ecosystem, with more than 10 million active installations listed in the official WordPress plugin directory. It has stayed popular for years because it gives site owners a practical, lightweight, and flexible way to add contact forms without switching to a heavier all-in-one form builder. WordPress.org also notes that the plugin uses its own Schema-Woven Validation technology, which shows that Contact Form 7 is built not just as a basic form tool, but as a structured system for handling user input reliably.

In 2026, however, popularity also means exposure. Public-facing contact forms are easy for bots and abusive senders to find, test, and submit at scale, which is why Contact Form 7 gets spammed so often. Contact Form 7’s own documentation treats spam as a normal operational issue, not a rare exception: the plugin officially supports multiple anti-spam layers, including Akismet, Cloudflare Turnstile, the disallowed list, and reCAPTCHA v3. The project also explicitly warns that weak protection or unsafe mail configuration can allow spammers to abuse a form and send messages through the site itself.

That is why Contact Form 7 spam should not be framed as a plugin defect or an unusual technical failure. It is a predictable consequence of running a highly visible form on a public website. In practice, especially in 2026, the real question is not whether a Contact Form 7 form can attract spam, but which protection stack is strong enough to block automated submissions without creating unnecessary friction for real users. Contact Form 7 itself recommends combining different types of spam protection rather than relying on a single mechanism alone.

Contact form 7 at https://wordpress.org/plugins/contact-form-7/

Common types of spam in Contact Form 7 (CF7)

Spam in Contact Form 7 is not limited to one obvious pattern. The most common and best-documented category is automated bot spam – scripts that submit forms at scale faster than a human team can review them manually. Google has explicitly warned that bots are commonly used to fill out web forms automatically, which is one of the main reasons public-facing forms become a frequent target for abuse. Contact Form 7 reflects the same reality in its own documentation by offering multiple official anti-spam options and integrations rather than treating spam as an exceptional case.

Another important category is human spam or human-assisted spam. Contact Form 7’s own reCAPTCHA FAQ explains that CAPTCHA tools can block spambots effectively but are “helpless against other types of spam,” and specifically notes that human spammers can easily get around them. That makes this a critical distinction for site owners: blocking bots alone does not mean the form is fully protected. This is also why Contact Form 7 advises using two or more spam protection modules together instead of relying on one layer only.

A third risk is form abuse caused by unsafe configuration. Contact Form 7 explicitly warns that if mail settings are configured unsafely and sufficient spam protection is not in place, spammers may abuse the form to send messages through the site itself. In other words, some Contact Form 7 abuse is not just about junk submissions cluttering an inbox – it can also turn the form into a delivery mechanism for unwanted email.

If you want to broaden this section beyond strictly official Contact Form 7 documentation, you can also mention fake contact data, direct POST abuse, and human-like spam that slips through basic CAPTCHA checks as practical patterns observed by CleanTalk in real-world Contact Form 7 cases. Those points are useful, but they should be framed as product or field observations rather than as claims directly documented by Contact Form 7 itself.

Official anti-spam options and integrations in Contact Form 7

Contact Form 7 includes several official anti-spam options and integrations, which shows that spam protection is not treated as an afterthought. In its own FAQ, Contact Form 7 says users can protect forms with anti-spam features such as Akismet, Cloudflare Turnstile, and the disallowed list. The plugin also maintains an official integration for reCAPTCHA v3, which remains part of its supported anti-spam stack.

One of the most important options is Akismet. Contact Form 7 explains that Akismet works through specific form-tag options such as akismet:author, akismet:author_email, and akismet:author_url, allowing the plugin to evaluate the submission itself rather than simply challenge the user. The documentation goes even further and says that Akismet forms the “centerpiece” of Contact Form 7’s spam prevention strategy.

Another major option is Cloudflare Turnstile. Contact Form 7 now provides an official Turnstile integration module and describes it as an effective way to protect forms from spam bots. More importantly, the project explicitly states, “We recommend Turnstile unless you have reasons to use reCAPTCHA.” That makes Turnstile the strongest current CAPTCHA-style recommendation inside the official Contact Form 7 ecosystem.

Contact Form 7 also supports reCAPTCHA v3, but it should be described carefully. The official documentation says the integration is designed to block abusive submissions by spam bots, and the reCAPTCHA FAQ clarifies that Contact Form 7 5.1 and higher support only reCAPTCHA v3 natively. In other words, reCAPTCHA is still a valid option, but it is no longer the only CAPTCHA path inside Contact Form 7.

The simplest built-in filtering layer is the disallowed list. According to Contact Form 7’s FAQ, it can block messages containing specified keywords or submissions coming from specified IP addresses. It is not a complete anti-spam solution on its own, but it works well as an extra rule-based layer when a site repeatedly sees the same phrases, links, or IP-based abuse patterns.

Taken together, these options show that Contact Form 7 approaches spam protection as a layered system, not as a one-click fix. Akismet helps filter suspicious submissions, Turnstile and reCAPTCHA v3 are aimed at stopping spambots, and the disallowed list adds a simple keyword- and IP-based filter. Contact Form 7’s own guidance also recommends combining different anti-spam modules rather than relying on a single method alone.

CAPTCHA options in Contact Form 7

If you specifically want to add CAPTCHA protection to Contact Form 7, there are two main options to focus on in the current Contact Form 7 ecosystem: reCAPTCHA v3 and Cloudflare Turnstile. Both are supported in Contact Form 7, but they should not be treated as identical solutions. They solve a narrower problem – mainly reducing automated bot submissions – and are usually most effective when combined with other filtering layers rather than used alone.

reCAPTCHA v3 is Contact Form 7’s native Google-based CAPTCHA option. It works in the background and uses a score-based system instead of the classic checkbox challenge most users associate with older CAPTCHA tools. That makes it more convenient from a UX perspective, but it also means it is better at dealing with bots than with every kind of spam. In practice, reCAPTCHA v3 is still a valid option for Contact Form 7, especially for sites already using Google services, but it should not be positioned as a complete anti-spam solution by itself.

Cloudflare Turnstile is now the stronger default recommendation for many Contact Form 7 sites. It is designed as a more lightweight CAPTCHA alternative and usually creates less friction for visitors than traditional challenge-based verification. More importantly, current Contact Form 7 documentation treats Turnstile as the preferred CAPTCHA-style option unless there is a specific reason to stay with reCAPTCHA. For that reason, if the goal is to choose the most up-to-date CAPTCHA layer inside the official Contact Form 7 stack, Turnstile is the better place to start.

Some websites also use third-party CAPTCHA plugins, such as hCaptcha-based integrations, but these should be described as external add-ons rather than as Contact Form 7’s main official path. They can still be useful in certain setups, especially where privacy, policy, or infrastructure preferences matter, but for most readers the core CAPTCHA decision in Contact Form 7 today is really reCAPTCHA v3 vs Cloudflare Turnstile.

The key point is that CAPTCHA is only one part of the protection strategy. It can help reduce automated spam, but it does not replace submission filtering, keyword blocking, or broader server-side anti-spam protection. That is why the best Contact Form 7 setups usually combine a CAPTCHA-style layer with other anti-spam methods instead of relying on CAPTCHA alone.

Best ways to stop spam in Contact Form 7

The most reliable way to reduce spam in Contact Form 7 is to use more than one protection layer. Contact Form 7’s own documentation says that the plugin provides several spam protection modules and advises users to use two or more modules together. In practice, that means the best setup is usually not a single tool, but a combination of bot protection, submission filtering, and rule-based blocking.

For websites that want to stay within Contact Form 7’s official ecosystem, Cloudflare Turnstile is now the clearest starting point. Contact Form 7 provides an official Turnstile integration, says it effectively protects forms from spam bots, and explicitly states, “We recommend Turnstile unless you have reasons to use reCAPTCHA.” That makes Turnstile the strongest default CAPTCHA-style recommendation in the current Contact Form 7 stack.

A second important layer is Akismet. Contact Form 7 says that Akismet forms the centerpiece of its spam prevention strategy and recommends combining different protection types instead of relying on only one module. Unlike a visible CAPTCHA challenge, Akismet is configured through specific form-tag options and evaluates the submission data itself, which makes it a strong complementary layer alongside Turnstile.

The disallowed list is also worth using as a supporting layer. Contact Form 7’s FAQ says it can block messages containing specific keywords or submissions coming from specified IP addresses. It is not presented as a full standalone solution, but it is useful when a site repeatedly receives the same phrases, links, or IP-based abuse patterns.

reCAPTCHA v3 remains a supported option, but it should be described carefully. Contact Form 7’s documentation says that version 5.1 and later uses the reCAPTCHA v3 API, while the FAQ notes that CAPTCHA tools are effective against spambots but can be ineffective against other spam types, including spam generated by humans. For that reason, reCAPTCHA is better presented as one possible layer, not as a complete answer by itself.

Comparison table: reCAPTCHA vs Akismet vs Turnstile vs CleanTalk

If you want to compare Contact Form 7’s native stack with an external service, CleanTalk is a reasonable option to include in the comparison section. WordPress.org describes it as a CAPTCHA-free anti-spam plugin that blocks contact form spam, fake users, and spam comments, and lists it at 200,000+ active installations. That makes it a valid external alternative to compare against Turnstile, Akismet, and reCAPTCHA – but in the article it should be presented as an external anti-spam service, not as one of Contact Form 7’s built-in protections.

How to read this table: inside the official Contact Form 7 ecosystem, the strongest setup is usually Turnstile + Akismet, because CF7 explicitly recommends using multiple spam-protection modules together, calls Akismet the “centerpiece” of its spam-prevention strategy, and says, “We recommend Turnstile unless you have reasons to use reCAPTCHA.”

reCAPTCHA v3 is still an official CF7 option, but it should be positioned carefully. Contact Form 7 says reCAPTCHA v3 is its officially supported CAPTCHA solution and that it works in the background, but the same FAQ also warns that CAPTCHA tools can be helpless against other spam types, including human spammers.

Akismet deserves a higher position in the comparison than many WordPress articles give it. CF7 says Akismet is the centerpiece of its spam-prevention strategy and explains that it works by evaluating submission data, not just by placing a challenge in front of the visitor.

Turnstile is the clearest current default inside Contact Form 7. CF7’s integration page says all contact forms are protected after setup, while Cloudflare positions Turnstile as a CAPTCHA replacement that works without showing visitors a traditional CAPTCHA and aims for a less intrusive experience.

CleanTalk should be presented honestly as an external alternative, not a native Contact Form 7 feature. The WordPress.org listing describes it as a no-CAPTCHA anti-spam plugin and says it stops spam contact emails; the same listing also has a dedicated Contact Form 7 section saying the plugin extends spam protection for CF7 and can be used with other third-party spam filters.

Bottom line: if the article is comparing the best practical options, the cleanest conclusion is this – Turnstile is the best default native entry point, Akismet is the strongest native filtering layer, reCAPTCHA v3 is still valid but weaker as a primary recommendation, and CleanTalk is the most natural external no-CAPTCHA alternative to compare against the CF7 stack.

Anti-Spam solutions for Contact form 7 comparison chart.

Anti-Spam plugin by CleanTalk for WordPress

The next tool we’re going to use is the Anti-Spam plugin by CleanTalk.

Here’s a short overview:
- CleanTalk is a cloud-based spam protection service for websites, founded in 2012.
- It automatically blocks spam without CAPTCHAs and doesn’t interrupt the user experience.
- Protects many types of forms: contact forms, payment forms, registrations, comments, surveys and more.
- Stops both automated bots and human spam submissions.
- Uses advanced filtering algorithms and a global spam detection network.
- Detects spam based on IP address, email address and user behavior.
- Lets you create custom filtering rules for specific cases.
- Allows blocking or filtering by IP, email and country.
- Works quietly in the background and is very easy to install and configure.
According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with thousands of reviews and an average rating around 4.7 out of 5.

Plugin Homepage at cleantalk.org | Latest release at GitHub.com | Website cleantalk.org

According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,168 reviews and an average rating of 4.7.

Plugin Homepage at cleantalk.org | Latest release at GitHub.com

Install the CleanTalk Anti-Spam plugin

To install the Anti-Spam plugin, go to your WordPress admin panel→ Plugins→ Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s all – Contact Form 7 are now protected From this moment,CleanTalk automatically protects the Contact Form 7 registration form (REST route /wp-json/Contact Form 7press/v1/users/), and the Add Listing form used to submit new listings.
You don’t need to paste any shortcodes – just use Contact Form 7 as usual, and CleanTalk will filter spam in the background.

Check if spam protection works with Contact Form 7 (CF7)

The best way to text the spam protection by using a test email,

stop_email@example.com
1. Open a page with a Contact Form 7 (for example, the registration popup or the Add Listing form) in an Incognito / private browser tab.
2. Fill out the Contact form using stop_email@example.com as sender’s email.
3. Send the form.
4. You should see a message from the Anti-Spam plugin confirming that a spam submission was blocked.
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

If you see this message, it means CleanTalk successfully protects your Contact Form 7 (registration and Add Listing) from spam.

Cloud Dashboard

In addition, in the Cloud Dashboard you can find extra details regarding all submissions processed by CleanTalk, including Contact Form 7 registration and Add Listing forms:
- IP and email of the sender, as well as the sender’s activity history across other websites connected to the CleanTalk cloud.
- Geolocation of the sender.
- Date and time of the submission.
  Page (URL) where the form was submitted (for example, a specific listing submission page).
- Cloud decision – Approved or Denied.
- Cloud explanation for the decision (e.g. blacklisted email, bad IP reputation, spam text, etc.).
- Tools to move the sender to Block or Allow lists so you can fine-tune Contact Form 7 spam protection.
FAQ

I still get spam in Contact Form 7 after setting everything up. What should I do?

If spam still gets through, the first step is to stop treating any one plugin as a complete solution. Contact Form 7 itself recommends using two or more spam-protection modules together, because different tools catch different abuse patterns. In practice, that usually means combining a bot-reduction layer such as Turnstile or reCAPTCHA with a filtering layer such as Akismet or an external service such as CleanTalk, plus simple rule-based blocking through the disallowed list when you see repeated phrases or IP-based abuse.

Should I choose Turnstile or reCAPTCHA for Contact Form 7?

If you want to stay within Contact Form 7’s official CAPTCHA-style options, Cloudflare Turnstile is now the clearer default choice. Contact Form 7 explicitly says, “We recommend Turnstile unless you have reasons to use reCAPTCHA.” reCAPTCHA v3 remains supported, but Contact Form 7 also warns that CAPTCHA solutions are mainly effective against spambots and can be weak against other types of spam, including human spam.

Is Akismet enough on its own?

Akismet is one of the strongest native filtering layers in the Contact Form 7 stack, and CF7 even calls it the “centerpiece” of its spam-prevention strategy. But Contact Form 7 does not frame Akismet as a one-plugin answer to every spam problem. The project recommends combining different protection types, which is why Akismet works best alongside another layer such as Turnstile, reCAPTCHA, or an external server-side anti-spam service.

Contact Form 7 says the message was sent, but I never received the email. Is that a spam issue?

Not necessarily. Contact Form 7’s FAQ explains that if you see the green success message, the PHP mail function completed successfully, but the message may still have been filtered or lost afterward. The same FAQ notes that spam filters often cause this kind of problem. That means this is usually a mail deliverability issue rather than a form-spam issue.

How do I improve email deliverability for Contact Form 7 notifications?

Start with Contact Form 7’s own mail best practices. The plugin recommends using a From address that belongs to the same domain as the website, setting a proper Reply-To header for the sender’s real email, and enabling email authentication methods such as SPF and DKIM. WordPress also explains that wp_mail() depends on the site’s mailing environment, so if local mail is not configured properly, routing mail through a correctly configured SMTP or mail provider setup is often more reliable.

Final recommendation

If your goal is to stop Contact Form 7 spam reliably without making the form harder for real users, the best approach is a layered protection stack. In 2026, inside the official Contact Form 7 ecosystem, the strongest starting point is usually Cloudflare Turnstile + Akismet, supported by the disallowed list where repeated patterns appear. That recommendation matches Contact Form 7’s own guidance: use multiple anti-spam modules together, treat Akismet as a core filtering layer, and prefer Turnstile over reCAPTCHA unless there is a specific reason to stay with Google’s solution.

If you want broader site-wide protection without relying only on CAPTCHA-style challenges, an external server-side solution such as CleanTalk is a reasonable alternative to include in the comparison, especially for sites that want a CAPTCHA-free layer across Contact Form 7, comments, and registrations. The right choice depends on how much spam you get, how much friction you can tolerate, and whether you need protection only for Contact Form 7 or across WordPress more broadly.

The most important takeaway is simple: in 2026, no single anti-spam method is enough for every Contact Form 7 site. CAPTCHA can reduce automated abuse, Akismet can evaluate suspicious submissions, rule-based filters can block recurring patterns, and external services can add broader server-side protection. The sites that perform best usually combine these layers instead of expecting one plugin or one checkbox to solve the entire problem.

Stop Contact Form 7 spam without CAPTCHAs

Create your CleanTalk account and protect Contact Form 7 from bot and human spam with server-side filtering. Keep forms easy for real visitors while extending protection across comments, registrations, and other WordPress forms.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 26, 2026
Formidable Forms Spam Protection in 2026
If you use Formidable Forms on a WordPress website, spam will eventually become a real issue. It usually starts with a few junk submissions in a contact form, quote request form, survey, quiz, or registration form. Then it turns into fake leads, bot traffic, meaningless messages, and wasted admin time.

That is not a Formidable-specific flaw. It is a normal consequence of running public-facing forms on a visible website. The more accessible the form is, the more often bots and abusive senders will try to submit it. That is why Formidable Forms spam protection should be configured from the start, not only after your inbox is already full of garbage entries.

This guide explains how to build a practical layered setup for Formidable spam protection. The main solution here is the Anti-Spam plugin by CleanTalk, and then we will also cover additional tools such as built-in anti-spam options, honeypot protection, reCAPTCHA, hCaptcha, Cloudflare Turnstile, and other WordPress anti-spam plugins.

By the end of this article, you will know how to stop most fake submissions in Formidable Forms without making your forms harder for real visitors to use.

Formidable Forms – WordPress Form Builder Plugin

First, let’s take a quick look at Formidable Forms itself.

Formidable Forms is a WordPress form builder used for much more than a basic contact form. Website owners use it to create contact forms, lead forms, quote request forms, surveys, quizzes, registration flows, calculators, payment forms, and other custom workflows. That flexibility is exactly why the plugin is attractive for businesses, agencies, and content-driven sites.

But that same flexibility also increases spam exposure. The more public forms a website has, the more entry points it gives to spambots and abusive users.

Typical Formidable spam problems include:
- fake contact messages,
- junk quote requests,
- automated survey submissions,
- low-quality leads,
- bot-driven registration attempts,
- repeated testing of form fields and validation logic.
So when users search for formidable spam, they are usually not describing one single issue. They often mean a broader set of problems: fake submissions, spammy messages, junk leads, bot traffic, and abusive attempts to use public forms.

A strong anti-spam strategy should address all of those while keeping the experience simple for legitimate users.

As WordPress.org shows, Formidable Forms is currently used on over 300,000 websites and has 1,357 user reviews with an average rating of 4.8.

Plugin Homepage at wordpress.org | Website formidableforms.com

Install Formidable Forms to create contact forms, quote request forms, surveys, quizzes, registration forms, and other custom forms in WordPress.

You can set it up in just a few easy steps:

1. Search for the plugin in WordPress console -> Plugins -> Add Plugin -> Search -> Type ‘Formidable Form

2. Install and Activate the plugin

3. Create your first form in WordPress console -> Formidable -> Forms -> Add New.

WordPress console -> Formidable -> Forms -> Add New -> choose a template or start with a blank form -> add fields and settings -> Save.

4. That’s all! Your first form is ready and Formidable Forms is now set up on your site.

Anti-Spam plugin by CleanTalk for WordPress

The main solution in this guide is the Anti-Spam plugin by CleanTalk.

CleanTalk is a cloud-based anti-spam service for WordPress and other CMS platforms. Instead of making every visitor solve a challenge, it checks submissions in the background and filters spam automatically. This matters because one of the biggest weaknesses of CAPTCHA-only protection is friction: every extra test can reduce conversion rate and annoy real users.
Here is why CleanTalk works well for Formidable Forms websites:
- it checks submissions automatically in the background,
- it helps protect contact, registration, survey, quote, and feedback forms,
- it reduces fake entries before they clutter your inbox or database,
- it does not rely on classic CAPTCHA for every visitor,
- it gives you a cloud dashboard for reviewing decisions and fine-tuning protection if needed.
In practical terms, this means you can keep the form experience clean for real users while filtering suspicious behavior in the background.

For most websites, CleanTalk should be the primary spam filter, while CAPTCHA and other tools are used only as additional layers on higher-risk forms.

According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,168 reviews and an average rating of 4.7.

Plugin Homepage at cleantalk.org | Latest release at GitHub.com | Website cleantalk.org

Install the CleanTalk Anti-Spam plugin

Show Instructions

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you know how to completely protect your HivePress from spam.

Check if spam protection works with Formidable Forms

The easiest way to test the setup is to use the CleanTalk test email:

stop_email@example.com

Use this method:Open a page with your Formidable form in an Incognito or Private browser window.
1. Fill out the form.
2. Use stop_email@example.com as the sender email.
4. Submit the form.

5. You should see a blocking message from the Anti-Spam plugin instead of a successful submission.

If that happens, the protection is working correctly and your Formidable form is already filtering known spam submissions.

Cloud Dashboard

In addition, the CleanTalk Cloud Dashboard gives you more visibility into what is happening with submissions processed through the anti-spam service.

For Formidable Forms websites, this is useful because it helps you review not only whether a submission was blocked, but also why it was blocked.

In the dashboard, you can usually find details such as:
- sender IP and email,
- geolocation of the sender,
- date and time of the submission,
- page URL where the form was submitted,
- cloud decision – Approved or Denied,
- explanation for the decision,
- tools to move the sender to Allow or Block lists.
This is especially helpful if the site receives repeated attacks, recurring junk leads, or suspicious activity from the same sources.

Built-in Spam Protection in Formidable Forms

Besides CleanTalk, Formidable Forms itself can be used with built-in anti-spam measures and additional anti-abuse checks.

These are useful, but in most real-world cases they work best as secondary protection, not as the only defense.

Honeypot protection

A honeypot is one of the simplest anti-spam methods. It adds hidden fields that real visitors do not interact with, but simple bots often fill automatically. When that happens, the submission can be rejected.

Why honeypot is useful:
- it is invisible to legitimate users,
- it creates no extra friction,
- it catches primitive bots efficiently.
Why it is not enough on its own:
- more advanced bots can bypass it,
- it does not handle every case of fake leads or manual spam,
- it is better as a supporting layer than as a full anti-spam strategy.
That is why honeypot is a good addition, but not a complete replacement for a broader spam filter.

Native anti-spam and validation options

Form builders often include basic anti-abuse logic, validation rules, and submission checks. These can help reduce low-quality automated submissions and obvious junk entries.

However, built-in checks are usually narrower than a dedicated anti-spam service. They may stop some bot patterns, but they do not always provide broader reputation analysis, behavior-based filtering, or cloud-level spam intelligence.

For that reason, a layered setup works better: use Formidable’s own checks where appropriate, but keep CleanTalk as the main filter working in the background.

reCAPTCHA, hCaptcha, and Cloudflare Turnstile for Formidable Forms

Another common question is whether CAPTCHA should be used together with Formidable Forms.

The answer is: yes, sometimes – but not as the only protection layer.

CAPTCHA-style tools are most useful for higher-risk forms, such as:
- registration forms,
- quote request forms,
- lead generation landing pages,
- public surveys,
- pages that receive repeated bot attacks.
Google reCAPTCHA

Google reCAPTCHA is one of the best-known anti-bot tools. It can reduce obvious automated abuse, but it also has downsides:
- it may interrupt the user experience,
- it can lower form completion rates,
- some spam still passes through,
- it does not replace a complete anti-spam strategy.
So reCAPTCHA can help, but it should not replace your main spam filter.

hCaptcha

hCaptcha is often chosen by site owners who want an alternative to Google-based services. It can be useful as an additional challenge layer for forms that receive repeated automated abuse.

Its role in a Formidable setup is simple: increase resistance on risky forms while CleanTalk continues filtering quietly in the background.

Cloudflare Turnstile

Cloudflare Turnstile is a more modern alternative that often works with less visible friction than classic CAPTCHA challenges. For websites that want extra bot protection with a lighter user experience, it can be a strong second layer.

But the same principle still applies:

Do not rely on Turnstile alone.
Use it together with CleanTalk, not instead of CleanTalk.

Akismet and other third-party anti-spam plugins

There are also other WordPress anti-spam solutions that site owners may consider.

Akismet

Akismet is well known in the WordPress ecosystem and is often used for comments and basic spam filtering. On a Formidable-based website, it may help with broader site-level anti-spam needs outside the form workflow itself.

But for a forms-heavy website, Akismet is usually better treated as a supporting layer rather than the core Formidable spam protection strategy.

Other universal anti-spam plugins

Some website owners also try solutions such as:
- WP Armour,
- OOPSpam,
- Maspik,
- honeypot plugins,
- CAPTCHA-focused plugins.
These can be useful in specific projects, especially if a website has unusual traffic patterns or several different plugins handling different submission points.

At the same time, using too many overlapping anti-spam plugins can also create conflicts, duplicate filtering, false positives, or an unnecessarily complicated admin workflow.

That is why the cleaner approach is usually better:

one primary spam filter, one optional CAPTCHA layer, and extra tools only where they solve a clear problem.

Frequently Asked Questions

Why am I still getting fake submissions in Formidable Forms after enabling spam protection?

Spam protection blocks most automated junk, but not every unwanted lead is a classic bot submission. Some low-quality entries may be submitted manually or by more advanced automated methods. In that situation, the best fix is layered protection: keep CleanTalk as the main background filter and add CAPTCHA or Turnstile only to the forms that receive repeated abuse.

Can CleanTalk protect all Formidable Forms or do I need to configure each form separately?

In most cases, CleanTalk starts checking form submissions after installation and activation, so you do not need to rebuild every Formidable form manually. That makes it convenient for websites with multiple contact forms, quote request forms, survey forms, and registration pages.

Should I use CAPTCHA together with CleanTalk for Formidable Forms?

For many standard contact forms, CleanTalk alone is enough. But if a site runs registration forms, quote pages, paid-traffic landing pages, or other high-risk forms, adding reCAPTCHA, hCaptcha, or Cloudflare Turnstile as a second layer is a good idea.

What types of Formidable forms attract the most spam?

The most common targets are contact forms, lead generation forms, quote request forms, registration forms, and surveys on public pages. These forms are easy for bots to discover and usually contain clear fields that can be abused at scale.

How can I check whether CleanTalk is actually blocking Formidable spam?

The simplest test is to open your Formidable form in an Incognito window and submit it using stop_email@example.com. If CleanTalk is working correctly, the form submission should be blocked and a spam warning should appear.

Why would a legitimate Formidable form submission be blocked as spam?

Occasional false positives can happen with any anti-spam system. This may be caused by unusual sender behavior, shared networks, VPN use, aggressive browser settings, or plugin conflicts. If needed, review the event in the CleanTalk dashboard and move trusted senders to the allow list.

What is the best anti-spam setup for contact, quote, and registration forms built with Formidable?

For most websites, the best setup is CleanTalk as the main spam filter, Formidable’s built-in checks or honeypot as a lightweight extra layer, and CAPTCHA only on the forms with the highest spam risk. This keeps the user experience smoother than forcing challenge-based verification everywhere.

Why are my Formidable form notifications landing in spam folders even when submissions are blocked correctly?

This usually points to an email delivery issue rather than a form filtering problem. If form notifications go to spam, configure SMTP for the WordPress site, avoid relying on the default PHP mail function, and make sure the sending domain has valid SPF, DKIM, and DMARC records.

Recommended Anti-Spam Stack for Formidable Forms

No single anti-spam method stops every type of spam. The most reliable approach is a layered anti-spam stack, where each layer deals with a different category of abuse.

Small business website with a contact form

Recommended setup:
- CleanTalk Anti-Spam as the main protection,
- optional honeypot or built-in checks,
- occasional dashboard review if spam appears.
That is usually enough for a simple business website with normal traffic.

Lead generation, quote request, survey, or registration forms

Recommended setup:
- CleanTalk Anti-Spam as the main protection,
- honeypot or built-in validation as an extra layer,
- reCAPTCHA, hCaptcha, or Turnstile on the most attacked forms.
This setup gives better resistance against recurring bot attacks and fake leads.

High-traffic or high-risk forms

Recommended setup:
- CleanTalk Anti-Spam as the main protection,
- CAPTCHA or Turnstile on targeted forms,
- allow/block list tuning in the dashboard,
- checks for plugin conflicts,
- SMTP configuration for reliable email notifications.
This is the best option for websites that actively attract spam traffic.

Final thoughts

If you are trying to stop Formidable Forms spam in WordPress, the most effective approach is not to rely on one tool alone.

A reliable setup usually looks like this:
- CleanTalk as the main background spam filter,
- honeypot or built-in checks as lightweight support,
- reCAPTCHA, hCaptcha, or Turnstile only where additional verification is needed,
- dashboard monitoring and personal lists for fine-tuning.
That combination helps reduce fake submissions, keeps the form experience cleaner for real users, and gives you more control when spam patterns change over time.

Stop Formidable Forms spam without frustrating your visitors

Create your CleanTalk account and start blocking spam form submissions, fake registrations, survey spam, quiz abuse, and junk leads — no CAPTCHA challenges and no impact on real visitors.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 21, 2026
HivePress Spam Protection in 2026
If you use HivePress to power a directory, classifieds, or marketplace website, you will eventually face spam – fake listings, bot registrations, and junk messages.

This guide explains how to set up HivePress spam protection using:
- the Anti-Spam plugin by CleanTalk with direct integration for HivePress, and
- additional tools like Google reCAPTCHA and basic moderation.
The integration now protects both:
- the registration form of HivePress (requests to /wp-json/hivepress/v1/users/), and
- the Add Listing form used to submit new listings.
HivePress – Business Directory & Classified Ads Plugin

First, let’s take a quick look at HivePress itself and the types of sites you can build with it.
HivePress is a free and highly flexible WordPress plugin for building any type of directory or listing website: business directory, job board, classifieds, real estate catalog, rental marketplace, and more.

Out of the box HivePress provides:
- listing types, categories and custom fields;
- powerful search filters and location-based search;
- user accounts, ratings, reviews, private messages and favorites.
Because HivePress relies heavily on user-generated content and public forms, it quickly becomes a target for spambots. That’s why it is important to have a reliable HivePress spam protection setup from the beginning.
As WordPress.org shows, HivePress is currently used on over 10,000 websites and has 213 user reviews with an average rating of 4.9.

Plugin Homepage at wordpress.org | Website hivepress.io

Install HivePress to build business directories, classifieds, marketplaces and other listing websites.

You can set it up in just a few easy steps:

1. Search for the plugin in WordPress console -> Plugins -> Add plugin -> Search -> Type ‘hivepress‘

2. Install and Activate the plugin.

3. Add the very first listing in WordPress console -> Listings -> Add New.

WordPress console -> Listings -> Add New -> add title, description, images and other fields -> Publish.

4. That’s all! Your first listing is live and HivePress is ready to use on your site.

Anti-Spam plugin by CleanTalk for WordPress

The next tool we’re going to use is the Anti-Spam plugin by CleanTalk.
Here’s a short overview:
- CleanTalk is a cloud-based spam protection service for websites, founded in 2012.
- It automatically blocks spam without CAPTCHAs and doesn’t interrupt the user experience.
- Protects many types of forms: contact forms, payment forms, registrations, comments, surveys and more.
- Stops both automated bots and human spam submissions.
- Uses advanced filtering algorithms and a global spam detection network.
- Detects spam based on IP address, email address and user behavior.
- Lets you create custom filtering rules for specific cases.
- Allows blocking or filtering by IP, email and country.
- Works quietly in the background and is very easy to install and configure.
According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,168 reviews and an average rating of 4.7.

Plugin Homepage at cleantalk.org | Latest release at GitHub.com | Website cleantalk.org

Install the CleanTalk Anti-Spam plugin

Show Instructions

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you know how to completely protect your HivePress from spam.

Check if spam protection works with HivePress

The best way to test the spam protection by using a test email,

stop_email@example.com
1. Open page with your form (don’t forget to add the shortcode in the page content) in Incognito browser tab.
2. Fill out the Contact form using stop_email@example.com as sender’s email.
3. Send the form.
4. You should see a message from the Anti-Spam plugin confirming that a spam submission was blocked.
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

If you see this message, it means CleanTalk successfully protects your HivePress forms (registration and Add Listing) from spam.

Cloud Dashboard

In addition, in the Cloud Dashboard you can find extra details regarding all submissions processed by CleanTalk, including HivePress registration and Add Listing forms:
- IP and email of the sender, as well as the sender’s activity history across other websites connected to the CleanTalk cloud.
- Geolocation of the sender.
- Date and time of the submission.
  Page (URL) where the form was submitted (for example, a specific listing submission page).
- Cloud decision – Approved or Denied.
- Cloud explanation for the decision (e.g. blacklisted email, bad IP reputation, spam text, etc.).
- Tools to move the sender to Block or Allow lists so you can fine-tune HivePress spam protection.
Google reCAPTCHA, hCaptcha, and Cloudflare Turnstile

Besides CleanTalk and the built-in HivePress tools, you can also use cloud CAPTCHA / anti-bot services together with HivePress to reduce spam and protect registration and Add Listing forms.

Google reCAPTCHA (native HivePress integration)

HivePress has a core integration with Google reCAPTCHA v2:
- First, register your site in the Google reCAPTCHA admin and generate a Site Key and Secret Key.
- Then go to WordPress console → HivePress → Settings → Integrations → reCAPTCHA and paste these keys.
- In the same section you can select which HivePress forms to protect (for example, registration, login, listing submission).
This helps reduce spam submissions and adds an extra security layer to HivePress forms, while CleanTalk continues to filter all submissions in the background.

hCaptcha

HivePress does not currently include native hCaptcha support. However, you can use hCaptcha on your site via separate WordPress plugins (for example, “hCaptcha for Forms and More”) that add hCaptcha to standard WordPress forms and some popular plugins.

Key benefits of hCaptcha compared to reCAPTCHA:
- Better privacy for visitors. hCaptcha collects less tracking data and is more focused on privacy and GDPR-friendly use.
- Reduced dependence on Google services. Useful for projects that prefer not to rely on Google infrastructure for branding or compliance reasons.
- Optional monetization. hCaptcha offers a program where site owners can earn small rewards for solved challenges, something reCAPTCHA does not provide.
To use hCaptcha you need to:
- obtain a Site Key and Secret Key in the hCaptcha dashboard,
- install and configure the corresponding WordPress plugin,
- and test that hCaptcha is correctly displayed and working on your HivePress registration and Add Listing forms (since there is no direct HivePress integration yet).
Cloudflare Turnstile

Cloudflare Turnstile is a modern CAPTCHA alternative that verifies users mostly in the background, without classic image puzzles.

Turnstile can be connected to WordPress via dedicated plugins that integrate Turnstile with standard WordPress forms and some third-party plugins.

Main benefits of Cloudflare Turnstile compared to classic reCAPTCHA:
- Invisible verification. Turnstile usually works silently in the background, so users can submit forms without extra clicks and image challenges.
- Higher form completion rates. With fewer interruptions, registration and listing submission forms tend to have fewer abandoned attempts.
- Strong privacy approach. Turnstile is designed to minimize user tracking and does not rely on heavy behavioral profiling, which makes it more privacy-friendly than traditional CAPTCHA solutions.
As with hCaptcha, you need to:
- obtain a Site Key and Secret Key in the Cloudflare Turnstile dashboard,
- configure the chosen WordPress plugin,
- and verify that Turnstile is actually applied to the pages where HivePress renders registration or Add Listing forms.
Honeypot, Akismet and third-party Anti-Spam plugins

Additionally, let’s consider standalone plugins and anti-spam mechanics that also work for HivePress-based websites.

Honeypot

Honeypot is one of the simplest anti-spam mechanics against primitive spam bots. It works by adding hidden fields that are only detected and filled by bots. When a bot fills these fields, the submission is blocked automatically, while legitimate users never see any additional challenges.

Because no CAPTCHA or interaction is required, honeypots:
- help maintain a smooth user experience,
- reduce friction on registration and Add Listing forms,
- and add a lightweight extra layer of protection.
You can enable honeypot protection via a dedicated WordPress plugin, for example WP Armour – Honeypot Anti Spam.

Settings are available in the plugin configuration, for example:
- WordPress console -> Plugins -> Add New -> Search -> type ‘WP Armour’
- Install and Activate the plugin.
- WordPress console -> Settings -> WP Armour (or the plugin’s own menu item) -> enable honeypot protection for the forms used with HivePress (registration / Add Listing pages).
Effective on March 19th, 2026 users report that WP Armour does not protect or support HivePress. They observe spam subscriptions and accounts. Read more.

Third-party Anti-Spam plugins

Akismet

Akismet Anti-Spam helps WordPress users automatically filter spam submissions by analyzing form data against its global spam detection network. It works in the background to identify suspicious content and prevent unwanted messages from reaching your inbox or database. This reduces manual moderation and helps keep comments and basic contact forms clean.

Looking for an Akismet alternative for registrations and forms?

For HivePress websites, Akismet can be used together with CleanTalk to:
- filter blog comments and simple contact forms,
- reduce low-quality submissions outside of HivePress-specific forms.
In order to activate protection the user must:
1. Install and activate the third-party plugin Akismet Anti-Spam.
2. Get an API key from Akismet and enter it in the plugin settings.
3. Enable spam checking for the content types you need (comments, contact forms, etc.).
Typical path:
- WordPress console -> Plugins -> Add New -> Search -> type ‘Akismet’
- Install and Activate the plugin.
- WordPress console -> Settings -> Akismet Anti-Spam -> enter API key and save.
Other universal Anti-Spam plugins

OOPSpam, Maspik, and Simple CAPTCHA Alternative are universal anti-spam plugins for WordPress that provide additional spam protection at the site level. They can help filter spam on contact forms, comments and other areas of your site that are not covered directly by HivePress integration.

All of these solutions can be found in the search results at wordpress.org:

WordPress console -> Plugins -> Add New -> Search -> type ‘WP Armour’ | ‘OOPSpam’ | ‘Maspik’ | ‘Simple CAPTCHA Alternative’
Install and Activate the chosen plugin, then configure it according to its documentation.

These third-party plugins can be used alongside CleanTalk and HivePress as optional extra layers of protection for high-risk or high-traffic projects.

This guide explains how to protect HivePress forms using the Anti-Spam plugin by CleanTalk together with additional tools such as Google reCAPTCHA, hCaptcha, Cloudflare Turnstile, honeypot mechanisms and third-party anti-spam plugins like Akismet, OOPSpam and Maspik.

Frequently Asked Questions (FAQ)
Still getting spam through your HivePress forms?

If nothing works in this guide, try a few more things:
1. Block spammers by particular IPs, countries and email masks via Personal lists in your CleanTalk account.
2. Enable listing moderation in HivePress, so new listings must be approved by an admin before they go live.
3. Check for plugin conflicts – temporarily disable other anti-spam / security plugins and test HivePress registration and Add Listing forms only with CleanTalk enabled.
4. Submit a support request to CleanTalk, attaching examples of spam submissions (IPs, emails, message text, page URLs). The support team will do their best to tune spam protection for your specific case.
reCAPTCHA not saving in HivePs settingress or showing errors

If reCAPTCHA keys are not saved or you see an error in HivePress → Settings → Integrations → reCAPTCHA:
1. Make sure you are using the correct key type (usually reCAPTCHA v2 for HivePress).
2. Double-check that the domain in the Google reCAPTCHA admin exactly matches your site.
3. Remove any extra spaces when pasting the Site Key and Secret Key.
4. Try temporarily disabling other CAPTCHA / security plugins and saving the settings again.
5. If the issue persists, you can switch to an alternative solution such as hCaptcha or Cloudflare Turnstile via a separate WordPress plugin, while keeping CleanTalk as your main spam filter.
HivePress + hCaptcha / Turnstile does not prevent spam

If you enabled hCaptcha or Cloudflare Turnstile but spam still comes through:
1. Do not rely on hCaptcha / Turnstile alone – always keep CleanTalk Anti-Spam enabled as the primary filter.
2. Enable honeypot protection if it is available in your chosen security / form plugins to catch simple bots.
  Check that there are no plugin conflicts disabling CleanTalk checks or bypassing them.
3. Use layered protection: CleanTalk + CAPTCHA (reCAPTCHA / hCaptcha / Turnstile) + HivePress moderation usually works much better than any single method.
Emails from HivePress forms are going to spam.
1. Check SMTP configuration and avoid sending mail via the default PHP mail() function.
2. Install and configure an SMTP plugin, so your site sends messages through an authenticated email account (hosting mail, Gmail, or a transactional service).
3. Verify that your domain has proper SPF / DKIM / DMARC records to improve sender reputation.
4. After configuring SMTP, send a few test submissions from HivePress forms and confirm that notifications now arrive in the inbox, not in spam.
Recommended Anti-Spam Stack for HivePress (2026)

Finally, no single anti-spam tool can stop every type of spam submission. The most reliable approach for HivePress websites is a layered protection stack, where each tool blocks a different category of bots and spam behavior.

Starting from the latest plugin update, the Anti-Spam plugin by CleanTalk includes a direct integration with HivePress. It automatically protects the HivePress registration form and the Add Listing form before a new user account or listing is created, without any extra settings inside HivePress. This integration is the core of the recommended anti-spam stack below.

Recommended setup by site type

Small business directory / local listings
- CleanTalk Anti-Spam (with direct HivePress integration)
- Optional honeypot protection in a security/form plugin
- Basic HivePress listing moderation
High-traffic classifieds or service marketplace
- CleanTalk Anti-Spam (with direct HivePress integration)
- Google reCAPTCHA or Cloudflare Turnstile on registration and Add Listing forms
- Listing moderation for new or untrusted users
Membership / registration-heavy HivePress sites
- CleanTalk Anti-Spam (with direct HivePress integration)
- Cloudflare Turnstile or hCaptcha on registration and login
- Optional honeypot protection for additional bot filtering
By now, most spam issues in your HivePress registration, login and Add Listing forms should be resolved. If not, sign up for a CleanTalk account or log in to your existing one and contact our support team – we will be happy to help you fine-tune spam protection for your specific case.

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking spam forms, surveys, polls and quiz answers — no CAPTCHA challenges and no impact on visitors.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 19, 2026
Forminator Forms – Spam Protection Guide in 2026
If you use Forminator Forms, you may occasionally experience spam submissions. In the guide below, you’ll learn about several tools that help achieve complete spam protection for Forminator. In this post we will look at as built-in (in the plugin core) anti-spam tools like Honeypot, Google reCAPTCHA, hCaptcha, Cloudflare Turnstile. As well as, spam protection via third party plugins like Akismet, CleanTalk and OOPSpam.

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

First of all, let’s figure out what Forminator Forms are.

Forminator Forms is a powerful and user-friendly form builder plugin for WordPress that allows you to create contact forms, registrations, payment forms, quizzes, and polls without coding. Developed by WPMU DEV, the plugin has gained popularity for its flexibility and reliable spam protection designed to reduce spam submissions across websites. Since its release in 2018, Forminator has continued to evolve, introducing new integrations, improving usability, and strengthening tools that help website owners fight spam more effectively. The plugin supports payment providers such as Stripe and PayPal, enabling secure transactions while maintaining strong spam protection for payment and contact forms. Regular updates keep the plugin compatible with modern WordPress versions and current security standards, helping prevent spam attacks and automated bot activity.

As WordPress.org shows, Forminator is currently used on over 600,000 websites and has 2,034 user reviews with an average rating of 4.8.

Plugin Homepage at wordpress.org | Website wpmudev.com

Install Forminator Forms, Surveys, Quizzes, Polls, Calculations and More…
Installation is as easy as following these steps.

1. Search for the plugin in WordPress console -> Plugins -> Add plugin -> Search -> Type ‘forminator‘

Forminator search, install and activation.

2. Install and Activate the plugin.

3. Add the very first contact form in WordPress console -> Forminator > Forms -> +ADD NEW -> Customer service -> Contact form.

WordPress console -> Forminator > Forms -> +ADD NEW -> Customer service -> Contact form.

4. Click Publish in top-left corner.

5. That’s all! Your form is ready to go, just use a short code like this on any page or post of your site.
```
[forminator_form id="123"]
```
Form is ready to go, use shortcode.
Anti-Spam plugin by CleanTalk for WordPress

The next plugin we are going to use is the Anti-Spam plugin by CleanTalk. Here is a short description of it,
- CleanTalk is a cloud-based spam protection for websites, founded in 2012.
- It automatically blocks spam without CAPTCHAs or disrupting user experience.
- Protects multiple form types: contact forms, payment forms, registrations, comments, and surveys.
- Stops both automated bots and manual spam submissions.
- Uses advanced filtering algorithms and a global spam detection network.
- Detects spam activity based on IP addresses, email addresses, and behavioral patterns.
- Users can apply custom filtering rules.
- Allows filtering or blocking by IP, email, and country.
- Works automatically in the background with easy installation.
According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,165 reviews and an average rating of 4.8.

Plugin Homepage at cleantalk.org | Latest release at Github.com | Website cleantalk.org

Install the CleanTalk Anti-Spam plugin

Show Instructions

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you know how to completely protect your Forminator Forms from spam.

Check if spam protection works with Forminator Forms

The best way to text the spam protection by using a test email,

stop_email@example.com
1. Open page with your form (don’t forget to add the shortcode in the page content) in Incognito browser tab.
2. Fill out the Contact form using stop_email@example.com as sender’s email.
3. Send the form.
4. You should see a message from the Anti-Spam plugin confirming that a spam submission was blocked.
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

Spam submission was blocked in contact form by Forminator.

Cloud Dashboard

In addition, in the Cloud Dashboard you can find extra details regarding all submissions made via form,
- IP, Email of the sender. As well as history of activity a sender among other sites connected to CleanTalk’s cloud.
- Geolocation of the sender.
- Date and time of submission.
- Page (URL) of the submission.
- Cloud decision – Approved, Denied.
- Cloud explanation for the decision.
- Tools to move the sender to Block or Allow lists.
Anti-Spam Cloud Dashboard, Forminator form.

Google reCAPTCHA, hCaptcha, and Cloudflare Turnstile

Also, let’s have a look at cloud, anti-spam services that we have for Forminator forms,
1. The plugin has core integration with many CAPTCHA services,
  - Forminator integrates with Google reCAPTCHA, helping users reduce spam submissions while adding an extra layer of security to contact forms, registrations, and surveys. This allows website owners to protect their forms automatically without complex configuration. To activate this service obtain Site key and Secret key on the site.
  - hCaptcha support. Forminator users can reduce spam submissions while maintaining better privacy for visitors and improving overall form security.
    
    Key benefits of hCaptcha over reCAPTCHA,
    
    Better privacy for visitors. hCaptcha collects less user tracking data compared to Google reCAPTCHA, which is important for privacy-focused websites and GDPR-sensitive regions.
    
    Reduced dependence on Google services. Using hCaptcha allows Forminator users to avoid relying on Google infrastructure, which some organizations prefer for compliance or branding reasons.
    
    Potential monetization option. hCaptcha offers a program where site owners can earn small rewards for solving challenges, something reCAPTCHA does not provide.
    
    hCaptcha requires Site Key and Secret key as well, which can be obtained on site.
  - Cloudflare Turnstile. By integrating with Cloudflare Turnstile, Forminator users can protect their forms from spam and bots without showing traditional CAPTCHA challenges. Turnstile works invisibly in the background, helping improve user experience while maintaining strong spam protection for contact forms, registrations, payments, and surveys. This reduces friction for real visitors, increases form completion rates, and keeps submissions clean without interrupting the workflow.
    
    Main benefits of Cloudflare Turnstile over Google reCAPTCHA,
    
    Invisible verification. Turnstile works mostly in the background without puzzles or image challenges, so visitors can submit Forminator forms faster and with less frustration compared to reCAPTCHA.
    
    Higher form conversion rates. Because users are not interrupted by CAPTCHA challenges, contact forms, surveys, and payment forms typically see fewer abandoned submissions.
    
    Strong privacy approach. Turnstile is designed to minimize user tracking and does not rely on extensive behavioral profiling, which makes it more privacy-friendly than reCAPTCHA.
    
    Site Key and Secret key can be obtained on site.
  - All CAPTCHA services are aviable under settings Settings are under path WordPress console -> Forminator > Forms -> Settings -> CAPTCHA -> reCAPTCHA | hCaptcha | Turnstile.
Honeypot, Akismet and third-party Anti-Spam Plugins

Additionally, let’s consider standalone plugins and anti-spam mechanics that also works for Forminator forms,
1. Honeypot. Which is most simple anti-spam mechanic against primitive spam bots. It works by adding hidden fields that are only detected and filled by bots, allowing spam to be blocked automatically while legitimate users never see additional challenges. Because no CAPTCHA or interaction is required, honeypots help maintain a smooth user experience and improve form completion rates. This lightweight method is easy to enable and adds an extra layer of protection for contact forms, surveys, and registrations.
  - Settings are available per each individual form, the path is WordPress console -> Forminator > Forms -> FORM -> Settings -> Behavior -> Security. Please look at screenshots down below.
2. Third-party Anti-Spam plugins.
  - Akismet. Akismet helps Forminator users automatically filter spam submissions by analyzing form data against its global spam detection network. It works in the background to identify suspicious content and prevent unwanted messages from reaching your inbox or database. This reduces manual moderation and helps keep contact forms, surveys, and registrations clean. As a widely used WordPress anti-spam solution, Akismet is easy to enable and integrates naturally into existing WordPress workflows.
    
    In order to activate protection user must install, activate and get API key for third-party plugin Akismet and then turn integration under the settings WordPress console -> Forminator > Forms -> FORM -> Settings -> Behavior -> Security. Please look at screenshots down below.
  - WP Armour, OOPSpam, Maspik, and Simple CAPTCHA Alternative are universal anti-spam plugins for WordPress that provide reliable spam protection for Forminator users. All of these solutions can be found in the search results at wordress.org.
CAPTCHA services at Forminator settings. Google reCAPTCHA, hCaptcha, Cloudflare Turnstile.

Honeypot and Akismet in Forminator.

WP Armour, OOPSpam, Maspik, and Simple CAPTCHA Alternative.

Here is a guide by WPMU DEV. It tells how to protect Forminator with additional cloud services such as Honeypot (not as service), Google reCAPTCHA, hCaptcha, Cloudflare Turnstile. Third party plugins like Akismet, and OOPSpam. If you want a broader option for registration and form protection, see our Akismet alternative for Forminator.

Frequently Asked Questions (FAQ)
Cannot stop spam from coming through forms no matter what…

If nothing works in this guide, try a few more things,
1. Block spammers by particular IPs, Countries via Personal lists under your CleanTalk’s account.
2. Submit a support request, we will do our best to tune spam protection for your specific case.
v3 reCAPTCHA not saving in Forminator Settings. V2 shows ‘ERROR for site owner: Invalid key type’

Forminator’s team doesn’t have a solution for this error, but advices to switching to hCaptcha, read more.

Forminator x hCaptcha does not prevent spam

The main recommendation is to avoid relying on hCaptcha alone, enable Forminator’s honeypot protection, prevent plugin conflicts, and use layered anti-spam methods for better results. WordPress.org.

Emails from website contact form going to spam.

The recommended solution is to check SMTP configuration using a real email account so the website sends messages through authenticated mail servers instead of the default PHP mail system. Installing and configuring an SMTP plugin ensures proper email delivery and improves sender reputation, preventing form notifications from being marked as spam. WordPress.org.

Recommended Anti-Spam Stack for Forminator (2026)

Finally, no single anti-spam tool can stop every type of spam submission. The most reliable approach for Forminator users is a layered protection stack, where each tool blocks a different category of bots and spam behavior.

Recommended setup by site type
- Business website: CleanTalk + Honeypot.
- High-traffic landing pages: CleanTalk + Turnstile.
- Membership / registration sites: CleanTalk + Turnstile or hCaptcha.
By now, all spam issues in your Forminator contact, survey, poll, or quiz forms should be resolved. If not, Sign Up for an account and our support team will be happy to help you.

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking spam forms, surveys, polls and quiz answers — no CAPTCHA challenges and no impact on visitors.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 9, 2026
GiveWP Spam Protection guide in 2026. Stop spam donations!
CleanTalk has added spam protection for GiveWP using direct form integration. This makes it a good opportunity to explore how to protect GiveWP against spam submissions using both built-in anti-spam tools integrated into the plugin core and third-party solutions. We will start with CleanTalk and then move on to Akismet, Google reCAPTCHA, Cloudflare Turnstile, honeypot techniques, and universal anti-spam plugins available on WordPress.org.

GiveWP banner at https://wordpress.org/plugins/give/

GiveWP – Donation & Fundraising Plugin for WordPress

In case of any misunderstanding or misinterpretation about which plugin we are referring to, allow me to provide a brief overview of GiveWP

GiveWP is a powerful WordPress donation plugin that helps nonprofits, charities, and organizations accept online donations directly on their websites. It allows you to create fully customizable donation forms and securely collect one-time or recurring donations without relying on third-party fundraising platforms. To maintain secure fundraising, GiveWP can be combined with spam protection solutions that help prevent fake donations, bot submissions, and fraudulent registrations. The plugin supports popular payment gateways such as PayPal and Stripe, making it easy for donors to contribute using their preferred payment method. Built-in reporting, donor management tools, and fundraising goal tracking help organizations monitor performance and grow contributions. With a wide range of add-ons and integrations, GiveWP scales from small campaigns to large nonprofit organizations while following WordPress best practices for reliability and security.

According to WordPress.org, over 100,000 websites use this plugin.

Install GiveWP – Donation Plugin and Fundraising Platform

Show Instructions

To have the plugin installed follow this steps,

1. Search for the plugin in WordPress console -> Plugins -> Add plugin -> Search -> givewp

2. Install and Activate the plugin.

3. Add a campaign and forms in WordPress console -> GiveWP -> Campaigns -> Forms.

That’s all! GiveWP is installed.

Anti-Spam plugin by CleanTalk for WordPress

The next plugin we are going to use is the Anti-Spam plugin by CleanTalk. Here is a short description of it,

CleanTalk Anti-Spam plugin for WordPress protects your site from spam comments, contact forms, registrations, and fake donations without CAPTCHA. It uses cloud-based spam detection and real-time databases to block bots automatically while keeping the experience smooth for real users. CleanTalk works in the background and requires minimal setup, making it a reliable hands-off anti-spam solution.

CleanTalk has additional features like Block and Allow lists to manage specific Emails, IPs, Countries, custom frontend message to blocked donations and Emails obfuscation which might be helpful during fundraising events.

According to WordPress.org, over 200,000 websites use this plugin. All features of Anti-Spam plugin for WordPress.

How to install CleanTalk Anti-Spam plugin

Show Instructions

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! GiveWP is completely protected, let’s see how to test the protection.

How to check spam protection for GiveWP Forms

You can test the work of Anti-Spam protection for GiveWP by using a test email,

stop_email@example.com
1. First, open the form in an Incognito browser tab.
2. Choose amount to donate.
3. In the next step fill out the account name data and the stop_email@example.com.
4. You must see a message as below and in the screenshot.
*** Forbidden. Fraud prevention. Sender blacklisted. Anti-Spam by CleanTalk. ***

In addition, in the Cloud Dashboard you can find extra details regarding all submissions for the donation form,
- IP, Email of the donator. As well as history of activity a sender among other sites connected to CleanTalk’s cloud.
- Geolocation of the sender.
- Date and time of submission.
- Page (URL) of the submission.
- Cloud decision – Approved, Denied.
- Cloud explanation for the decision.
- Tools to move the sender to Block or Allow lists.
What additional anti-spam tools are available for GiveWP?

Here are a few more tools on the market,
1. Akismet is a cloud-based anti-spam service that works in the background and has excellent compatibility with WordPress. Most importantly, the GiveWP team has included Akismet integration directly in the core of the plugin, providing a seamless user experience for those who choose Akismet as their anti-spam solution. Akismet settings are located under WordPress console -> GiveWP -> Settings -> Advanced -> Akismet SPAM Protection. Here is full guide how to setup protection.
2. Honeypot anti-spam techniques protect websites by adding invisible form fields that real users never see but spambots automatically fill in. When these hidden fields are completed, the submission is flagged and blocked, stopping spam without CAPTCHAs or user interaction. GiveWP has built-in honeypot which is located under settings WordPress console -> GiveWP -> Settings -> Security -> Enable Honeypot Field. This option is On in default setting, so should filter some primitive spam bots out of the box.
3. reCAPTCHA is a spam protection technology by Google that helps protect WordPress websites by distinguishing real users from bots using challenges or behavioral analysis. It reduces automated spam submissions but may require user interaction, such as clicking a checkbox or solving a challenge. GiveWP supports reCaptcha in the core and settings are located by path WordPress console -> GiveWP -> Settings -> General -> Access Control -> reCaptcha. The first step to activate this protection is getting Site and Secret keys, which are available on website.
4. Turnstile by Cloudflare is another great anti-spam tool which is available for GiveWP. Protects WordPress websites by verifying visitors automatically without CAPTCHAs or puzzles. It blocks bots using browser and behavioral signals while keeping the experience seamless for real users. One drawback is to use Turnstile user must install extra plugin – ‘Give – Cloudflare Turnstile’. The full guide is here.
5. And we have bunch of standalone, universal, all-in-one plugins like Zero Spam, OOPSpam, hCaptcha for WP which provide anti-spam protection for GiveWP as well. Here is a link to download one of them.
Here are screenshots for tools above.

I have questions… (FAQ)

Does CleanTalk protect against donors emails leak?

In July 2025, a vulnerability in GiveWP led to an email data leak of Pihole donators. Yes, Anti-Spam by CleanTalk helps protect against such issues. In this case, email addresses were exposed in the HTML code, even though they were invisible on public pages. The plugin prevents this by obfuscating email addresses by default.

We received hundreds of spam donations immediately after installing GiveWP plugin. How to fix it?

If you do not have specific anti-spam tool installed. Increasing the minimum donation amount can help stop spam, as bots usually test forms with small payments like $1–$5. Setting a $10+ minimum helps filter out these low-effort automated attacks.

A donor is trying to submit recurring donations but the transaction isn’t being processed because the donor’s email is considered spam.

False/positives sometimes happen. In this case just post a support ticket or put this donor in Allow list.

Final thoughts

I hope this guide helped resolve all spam issues on your donation form. If not, Sign Up for an account and our CleanTalk team will be happy to help.

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking spam donations — no CAPTCHA challenges and no impact on visitors.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 9, 2026
WPForms Spam Protection in 2026
If you use WPForms for contact forms, lead generation, surveys, or payment forms, you will eventually face spam – fake submissions, junk leads, and bot activity.

This guide explains how to set up WPForms spam protection using:
- the Anti-Spam plugin by CleanTalk with a direct integration for WPForms, and
- additional tools like Google reCAPTCHA, hCaptcha, Cloudflare Turnstile, honeypots and third-party anti-spam plugins.
The integration protects WPForms forms such as:
- simple contact forms,
- marketing and lead forms,
- “Request a quote” and booking forms,
- registration / login / newsletter forms (where used with WPForms).
WPForms continues to handle the form UI and workflow, while CleanTalk filters spam in the background without adding CAPTCHAs to every form.

WPForms – Easy Form Builder for WordPress

First, let’s quickly look at WPForms itself and the types of sites that rely on it.
WPForms is a popular drag-and-drop form builder plugin for WordPress that lets you create:
- contact and feedback forms,
- quote and booking forms,
- newsletter and marketing forms,
- payment / donation forms (Stripe, PayPal, etc.),
- surveys, polls, and custom calculators,
- login, registration, and other application-style forms.
Out of the box WPForms provides:
- a visual drag-and-drop builder and 2000+ pre-built form templates,
- responsive, mobile-friendly layouts,
- built-in spam protection (anti-spam token and optional honeypot),
- integrations with major email marketing services and CRMs,
- payment integrations with Stripe, PayPal, Square, and others.
Because WPForms forms are often publicly accessible (contact pages, landing pages, sign-up forms), they become an easy target for spam bots and human spammers. That’s why it’s important to have a reliable WPForms spam protection setup from the beginning.

As WordPress.org shows, WPForms Lite is currently active on over 6 million websites and has 14,274 user reviews with an average rating of 4.8 out of 5.

Plugin Homepage at wordpress.org | Website wpforms.com

Install WPForms and create your first form
You can set up WPForms in just a few steps:
1. In your WordPress admin go to
  Plugins → Add New and search for “WPForms”.
1. Click Install and then Activate the plugin.
2. Customize the fields as needed and click Save.
3. Embed the form on a page using the WPForms block in the editor or the form shortcode.
After that, your first WPForms form is live and ready to accept submissions.
Anti-Spam plugin by CleanTalk for WordPress

The next tool we’re going to use is the Anti-Spam plugin by CleanTalk.
Here’s a brief overview:
- CleanTalk is a cloud-based spam protection platform for websites, operating since 2012.
- It filters spam without CAPTCHAs, challenge questions or image puzzles, so visitors don’t have to solve anything extra.
- It protects many kinds of forms: comments, user registrations, contact forms, orders, subscriptions, surveys, and more.
- It blocks both automated bots and human spammers using advanced filtering algorithms and data from a global spam database.
- It detects spam based on IP reputation, email reputation and behavioral patterns.
- It allows you to set custom rules and block by IP, email address, country or language when needed.
- It runs quietly in the background, and the plugin is straightforward to install and configure.
According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,168 reviews and an average rating of 4.7.

Plugin Homepage at cleantalk.org | Latest release at GitHub.com

Install the CleanTalk Anti-Spam plugin

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s all – WPForms are now protected From this moment,CleanTalk automatically protects the WPForms registration form (REST route /wp-json/wpformspress/v1/users/), and the Add Listing form used to submit new listings.

You don’t need to paste any shortcodes – just use WPForms as usual, and CleanTalk will filter spam in the background.

Check if spam protection works with WPforms.

The best way to text the spam protection by using a test email,

stop_email@example.com
1. Open a page with a WPForms (for example, the registration popup or the Add Listing form) in an Incognito / private browser tab.
2. Fill out the Contact form using stop_email@example.com as sender’s email.
3. Send the form.
4. You should see a message from the Anti-Spam plugin confirming that a spam submission was blocked.
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

If you see this message, it means CleanTalk successfully protects your WPForms (registration and Add Listing) from spam.

Cloud Dashboard

In addition, in the Cloud Dashboard you can find extra details regarding all submissions processed by CleanTalk, including WPForms registration and Add Listing forms:
- IP and email of the sender, as well as the sender’s activity history across other websites connected to the CleanTalk cloud.
- Geolocation of the sender.
- Date and time of the submission.
  Page (URL) where the form was submitted (for example, a specific listing submission page).
- Cloud decision – Approved or Denied.
- Cloud explanation for the decision (e.g. blacklisted email, bad IP reputation, spam text, etc.).
- Tools to move the sender to Block or Allow lists so you can fine-tune WPForms spam protection.
Google reCAPTCHA, hCaptcha, and Cloudflare Turnstile in WPForms

In addition to CleanTalk, WPForms itself supports several CAPTCHA and anti-bot services:
- Google reCAPTCHA,
- hCaptcha,
- Cloudflare Turnstile.
These services act as a visible or invisible verification layer on top of your forms, while CleanTalk continues to filter spam submissions in the background.

Google reCAPTCHA (WPForms integration)

WPForms has built-in support for Google reCAPTCHA (v2 Checkbox, v2 Invisible, and v3):
1. Register your website in the Google reCAPTCHA admin console and generate a Site Key and Secret Key.
2. In WordPress go to WPForms → Settings → CAPTCHA.
3. Choose reCAPTCHA as the provider and paste your keys.
4. Select which reCAPTCHA type you want to use (checkbox, invisible, or v3 score-based).
5. Edit your forms and enable reCAPTCHA where needed (WPForms shows a toggle or field depending on the type).
reCAPTCHA helps block obvious automated submissions by requiring users to solve a challenge or by scoring their behavior, while CleanTalk still checks the content and sender reputation.

hCaptcha

WPForms also supports hCaptcha as a privacy-focused alternative to Google reCAPTCHA:

Key benefits of hCaptcha compared to reCAPTCHA:
- Stronger focus on privacy – hCaptcha collects less user tracking data, which is important for privacy-oriented and GDPR-sensitive projects.
- Less dependence on Google – useful for brands that prefer to minimize their reliance on Google infrastructure.
- Optional monetization options for some hCaptcha plans, which reCAPTCHA doesn’t provide.
To use hCaptcha with WPForms:
1. Obtain Site Key and Secret Key from the hCaptcha dashboard.
2. Go to WPForms → Settings → CAPTCHA, choose hCaptcha and paste the keys.
3. Enable hCaptcha for the forms you want to protect.
Cloudflare Turnstile

Cloudflare Turnstile is a quite modern CAPTCHA alternative that often works invisibly in the background, without classic image puzzles. Several WPForms guides cover how to enable Turnstile as a built-in CAPTCHA provider.

Benefits of Cloudflare Turnstile:
- Invisible verification – most visitors don’t see any challenge; Turnstile works in the background.
- Higher completion rates – fewer puzzles means less friction and fewer abandoned forms.
- Privacy-friendly design – Turnstile is built to minimize user tracking and profiling compared to traditional CAPTCHAs.
To connect Turnstile:
1. Get Site Key and Secret Key from your Cloudflare Turnstile dashboard.
2. In WPForms → Settings → CAPTCHA, select Cloudflare Turnstile and enter your keys.
3. Enable Turnstile on the forms (contact, registration, checkout, etc.) where you need extra bot protection.
All three CAPTCHA providers can work alongside CleanTalk Anti-Spam, giving you both:
- a front-end bot check (CAPTCHA / Turnstile), and
- deep cloud-based spam filtering in the background.
Honeypot, WPForms Built-In Anti-Spam, Akismet and Third-Party Plugins

Alongside CleanTalk and CAPTCHAs, WPForms and WordPress offer several additional anti-spam layers.

WPForms Anti-Spam Token and Honeypot

By default, WPForms includes:
- an anti-spam token that helps block automated form submissions, and
- an optional honeypot field – a hidden field that humans never see, but bots often fill in.
When a bot fills the honeypot field or fails the token check, WPForms treats the submission as spam and blocks it.

You can control these options in each form’s Settings → Spam Protection and Security section inside WPForms.

Honeypot protection is:
- invisible for normal visitors,
- easy to enable,
- a lightweight extra defense against primitive bots.
Akismet

Akismet Anti-Spam is another popular plugin that filters spam by checking submissions against a global spam database. It is especially useful for blog comments and simple contact forms outside WPForms. If you are looking for a broader option for form protection, see our Akismet alternative for WPForms.

On a site that uses WPForms + CleanTalk you can still use Akismet to:
- keep comment sections clean,
- filter spam from default WordPress forms or other plugins.
To activate Akismet:
1. Install and activate Akismet Anti-Spam from Plugins → Add New.
2. Obtain an API key from Akismet and enter it in the plugin settings.
3. Enable spam checking for the content types you need (comments, possibly other forms).
Other universal anti-spam plugins

Plugins like WP Armour, OOPSpam, Maspik, and Simple CAPTCHA Alternative provide generic honeypot or anti-spam protection for various forms and comment areas across WordPress.

They can be used alongside CleanTalk if you want additional defense for:
- contact forms created outside WPForms,
- comments,
- custom theme forms and widgets.
You can find them via:

Plugins → Add New → Search → “WP Armour” | “OOPSpam” | “Maspik” | “Simple CAPTCHA Alternative”

Install, activate, and configure each plugin according to its documentation.

Frequently Asked Questions (FAQ)
I already use WPForms’ built-in anti-spam. Do I really need CleanTalk?

WPForms includes an anti-spam token and optional honeypot, which is great for stopping very basic bots.
However, they don’t:
- check global spam activity across thousands of sites,
- analyze IP and email reputation,
- or block known spam networks at the cloud level.
CleanTalk adds an extra layer on top of WPForms’ native tools. It filters submissions using a global spam database and the SpamFireWall, so most spam is blocked before it reaches your entries, inbox or CRM.
Will CleanTalk slow down my WPForms submissions?

No. CleanTalk is designed to work in the background and the request to the cloud is lightweight.

From the visitor’s point of view:
- they fill out the WPForms form as usual,
- click submit,
- and either see a normal success message or an anti-spam message if they are blocked.
For normal users, there are no extra steps, pop-ups or CAPTCHAs to solve.
Can CleanTalk protect all my WPForms forms or only the main contact form?

Once the Anti-Spam plugin is installed and connected to the CleanTalk cloud, it can protect any WPForms form that uses the standard WPForms processing flow:
- simple contact forms,
- quote / booking / consultation forms,
- lead generation and newsletter sign-up forms,
- surveys, polls and feedback forms.
You don’t need to add a special field to each form – protection works on the server side.
What happens to blocked WPForms submissions? Are they lost forever?

When CleanTalk blocks a submission, the user is shown an anti-spam message and the entry is not stored as a normal form submission.

However, the attempt is:
- logged in your CleanTalk dashboard with IP, email, date, URL and the reason,
- available for review if you suspect a false positive,
- easy to whitelist (by IP, email, country, etc.) if you decide that a sender is legitimate.
So you still have visibility into what was blocked, but your WPForms entries, inbox and CRM stay clean.
Recommended Anti-Spam Stack for WPForms (2026)

No single tool can block every kind of spam or bad bot. The most reliable approach for WPForms is to build a layered anti-spam stack, where each component handles a different part of the problem.

The key element is the Anti-Spam plugin by CleanTalk, which:
- integrates directly with Contact Form by WPForms,
- uses both application-level checks and the SpamFireWall to block many bots before they reach WordPress.
On top of this, you can combine CAPTCHAs, WPForms’ built-in tools, and moderation policies.

Recommended setup by site type

Business websites and standard contact forms
- CleanTalk Anti-Spam enabled (with SpamFireWall).
- WPForms anti-spam token + honeypot enabled in each important form.
- Optionally, Google reCAPTCHA or Cloudflare Turnstile on high-risk forms (contact, quote, booking).
High-traffic landing pages and lead generation
- CleanTalk Anti-Spam (cloud + plugin).
- Cloudflare Turnstile or reCAPTCHA for minimal-friction verification.
- WPForms honeypot enabled.
- Optional extra filters: block high-risk countries or networks in CleanTalk if you notice patterns in spam logs.
Membership / registration-heavy sites using WPForms
- CleanTalk Anti-Spam to protect registration, login, and profile forms where applicable.
- Cloudflare Turnstile or hCaptcha on registration / login forms for additional protection.
- WPForms built-in spam protection turned on for all authentication forms.
- Optionally, Akismet or other plugins for comments and non-WPForms areas.
By this point, most spam problems in your WPForms contact, lead, survey, and payment forms should be significantly reduced. If you’re still seeing unwanted submissions, simply create a CleanTalk account (or log in to your existing one) and reach out to our support team – we’ll gladly help you fine-tune WPForms spam protection for your specific site.

Stop WPForms spam without hurting conversions

Create your CleanTalk account and connect it to WPForms to block spam contacts, leads, surveys and payment forms — no extra CAPTCHAs and no friction for real users.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 9, 2026
Avada Form Builder – Spam protection guide in 2026
Avada Form Builder is a great choice when you need to create contact forms, surveys, quizzes, and more. In this post, we will review available anti-spam services such as Google reCAPTCHA and Cloudflare Turnstile, tools like honeypots, and anti-spam plugins including CleanTalk, Akismet, hCaptcha, and OOPSpam available to Avada users as of March 2026.

Avada Form Builder https://avada.com/feature/form-builder/

Avada Form Builder, Avada Website Builder, Avada WordPress Theme and Plugins

First, let’s take a closer look at what Avada is and how it works.

Avada Form Builder is a flexible drag-and-drop form solution built directly into the Avada WordPress theme, allowing users to create contact forms, registration forms, surveys, polls, quizzes, feedback forms, and other interactive form types without installing additional plugins. It offers an intuitive visual interface that makes form creation fast and accessible for both beginners and experienced website owners. To help protect websites from unwanted submissions, Avada Form Builder supports built-in spam protection features and integration with popular anti-spam services such as Google reCAPTCHA, Cloudflare Turnstile. With proper spam protection enabled, website owners can reduce bot submissions, fake registrations, and malicious form activity while maintaining a smooth experience for real visitors. This improves data quality, saves administrative time, and keeps communication channels reliable.

In my personal opinion, Avada is a very flexible theme that offers many features out of the box. However, one downside is that it may require some time to build and launch the first version of a website using this theme. I spent more than hour to launch a demo site (including purchasing the theme), it’s much more my average installation process for a theme, which usually takes 10-15 minutes.

The theme is premium and costs $69, with 6 months of support included. Its official website is avada.com, and it can be purchased and downloaded from Envato Market. Envato Market shows 1,054,005 sales, 26.5k reviews with average score 4.78.

Anti-Spam plugin by CleanTalk

As the anti-spam solution, I’m going to use the Anti-Spam by CleanTalk plugin for WordPress. Let’s see what this plugin is.

Anti-Spam by CleanTalk is a cloud-based spam protection plugin that automatically blocks spam submissions on WordPress websites without using CAPTCHAs. It protects contact forms, registration forms, comments, surveys, polls, and other interactive elements from both automated bots and manual spam. Avada users can also protect Avada Form Builder forms, including contact forms, feedback forms, surveys, and registration forms, without adding extra CAPTCHA challenges for visitors. The service analyzes submissions using advanced filtering algorithms and a global spam database that tracks suspicious activity by IP addresses, email addresses, and other parameters. CleanTalk works in the background, allowing real visitors to submit Avada forms normally while blocking spam attempts automatically. Website owners can also review detailed logs of blocked submissions and manage personal allow and deny lists for IP addresses, email addresses, and countries.

According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,168 reviews and an average rating of 4.8.

Plugin Homepage at cleantalk.org | Latest release at Github.com | Website cleantalk.org

How to install CleanTalk Anti-Spam plugin

Click to see the Installation guide.

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now your WordPress website and Avada forms are protected from spam.

How to check spam protection

You can test the work of anti-spam protection for your Avada forms by applying a test email,

stop_email@example.com

Test sequence is,
1. Open a page with your form in Incognito Window.
2. Fill out the form with any valid data plus stop_email@example.com in the Email field.
3. Submit the form.
4. You should get a message like this,
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

Spam (test) submission is blocked at Avada form.

Cloud Dashboard

In the Cloud Dashboard you can find extra details regarding all submissions made via form,
- IP, Email of the sender. As well as history of activity a sender among other sites connected to CleanTalk’s cloud. Geolocation of the sender. Date and time of submission.
- Tools to move the sender to Block or Allow lists.
Cloud Dashboard, Anti-Spam Log, spam submission is blocked for an Avada form.

If you have any questions, add a comment and we will be happy to help you.

Create your Cleantalk account – Register now and enjoy your spam-free Avada forms.

You may view a complete list of CleanTalk Anti-Spam plugin features here. https://cleantalk.org/help/introduction

Google reCAPTCHA, and Cloudflare Turnstile

There are two anti-spam services integrated into the Avada forms core,
1. Google reCAPTCHA is the first services, that we have in the core. By analyzing user behavior and verifying whether a visitor is human, reCAPTCHA adds an extra layer of security to contact forms, registration forms, surveys, and other form types created with Avada. It is widely used and easy to integrate, making it a convenient option for many website owners. reCAPTCHA can help reduce the number of fake submissions and automated attacks targeting Avada forms. However, depending on the version used, it may also add additional steps for visitors, such as solving challenges or running background behavioral analysis.
  - Service is available under settings Settings are under path WordPress console -> Avada > Maintenance -> Forms -> Google reCaptcha.
  - To activate this service obtain Site key and Secret key on the site.
2. Cloudflare Turnstile provides an easy way for Avada Form Builder users to protect their forms from automated spam and bot submissions. Unlike traditional CAPTCHAs, Turnstile verifies visitors quietly in the background, helping reduce friction for real users filling out contact forms, registrations, surveys, or polls created with Avada. It integrates easily into websites and focuses on privacy by avoiding invasive tracking methods. For Avada users, this means stronger bot protection while maintaining a smoother and more user-friendly form experience.
  - Main benefits of Cloudflare Turnstile over Google reCAPTCHA.
    
    One of the main benefits is a better user experience, as Turnstile verifies visitors automatically in the background without showing image puzzles or interactive challenges.
    
    It also focuses more on privacy, because it does not rely on extensive user tracking or Google cookies.
    
    Turnstile is designed to be lightweight and fast, which can help maintain page performance on Avada-based websites.
  - Service is available under settings Settings are under path WordPress console -> Avada > Maintenance -> Forms -> CloudFlare Turnstile.
  - Site Key and Secret key can be obtained on site.
Cloudflare Turnstile settings. Avada theme.

Google reCAPTCHA settings. Avada theme.

Honeypot, Akismet, and Anti-Spam plugins

Here we have few additional anti-spam mechanics available for Avada users.
1. Akismet is one of the most popular anti-spam services for websites, with background spam checking as its key feature. Unfortunately,Akismet is not available for Avada users, either as an element or as an integration within the plugin, and I have found no evidence that such integration exists.
2. Honeypot is a simple anti-spam technique that works silently in the background. It adds an invisible field to your Avada forms that real visitors never see, but spam bots often fill out automatically. When the hidden field is completed, the submission is identified as spam and blocked before it reaches your website. The main benefit for Avada users is that honeypot protection does not require CAPTCHA or extra steps from visitors, helping keep the form experience fast and user-friendly while reducing automated spam.
  - This technique works through a form element. This is the best guide to activate a honeypot for your form
3. Also in the market we have universal, anti-spam plugins SilentShield, OOPSpam, hCaptcha and a few more that protects Avada users against spam. These plugins are listed in wordpress.org.
SilentShield, OOPSpam, hCaptcha as anti-spam plugins for Avada users.

Frequently Asked Questions (FAQ)

Is WP Armour compatible with Avada?

There is no evidence that WP Armour support Avada users.

I have problems with the reCaptcha, I have registered and put the key ods, but it’s not working.

You have to all the form elements enabled from the builder options. Here is the guide.

Does this come with captcha? or can google captcha work and be added to contact form?

Yes, you can definitely add Google reCaptcha to your contact form or login element with Avada.

Recommended Anti-Spam Stack for Avada Form Builder (2026)

Finally, here in March 2026 I can recommend the following anti-spam stack for Avada users.
1. Small Websites and Personal Blogs: CleanTalk Anti-Spam + Avada Honeypot field.
  - For small websites, portfolios, and personal blogs using Avada Form Builder, CleanTalk alone is often enough to stop most automated spam and manual submissions.
2. High-Traffic Websites, Agencies: CleanTalk Anti-Spam + Cloudflare Turnstile + CleanTalk personal allow/deny lists.
  - High-traffic Avada websites and agency projects often experience both automated and manual spam attacks. In this setup, CleanTalk performs the main filtering, SpamFireWall blocks bot traffic early, and Turnstile provides an additional verification step for sensitive forms such as registrations or payments. Website administrators can further refine protection using CleanTalk’s logs and personal filters by IP address, email, or country.
By this point, spam issues should be resolved on your site. If not, Sign Up for an account and our support team will be happy to help you.

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking spam forms, surveys, polls and quiz answers — no CAPTCHA challenges and no impact on visitors.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 5, 2026
Why do contact form 7 users prefer Anti-spam by CleanTalk against reCAPTCHA?
As a WordPress user let me share my experience of using CAPTCHA less and CAPTCHA style Anti-Spam tools on the example of Contact form 7.

Is reCAPTCHA good or bad for Contact form 7?

Contact Form 7 users may prefer Anti-Spam plugin by CleanTalk over reCAPTCHA for several reasons, as each solution has its own advantages and disadvantages. Here are some potential reasons why some users prefer Anti-spam by CleanTalk:
1. Simplicity: Anti-spam by CleanTalk offers a simpler and more user-friendly solution compared to reCAPTCHA. It doesn’t require users to solve puzzles or click checkboxes, which can be seen as an added step that may deter some visitors from submitting forms.
2. Reduced User Friction: reCAPTCHA can sometimes lead to a less than ideal user experience, especially for those who find it challenging to complete the visual or interactive challenges. Anti-spam by CleanTalk doesn’t require any user interaction, so it doesn’t add any friction to the form submission process. More drawbacks of CAPTCHA/reCAPTCHA.
3. Invisible to Users: Anti-spam by CleanTalk works invisibly in the background, so users are not aware of its presence. In contrast, reCAPTCHA typically requires users to complete a task to prove they are not a bot.
4. Accessibility: Some users have accessibility concerns with reCAPTCHA, as it relies on visual verification. Anti-spam by CleanTalk does not present accessibility challenges in the same way, making it a more inclusive solution.
5. Accuracy: Anti-spam by CleanTalk uses a combination of methods, including machine learning and a vast database of known spam sources, to identify and block spam submissions. This approach can be effective in detecting and preventing spam without relying on user interaction.
6. Reduced False Positives: reCAPTCHA, while effective at blocking bots, may occasionally generate false positives, blocking legitimate users. Anti-spam by CleanTalk aims to minimize false positives, ensuring that genuine inquiries are not inadvertently marked as spam.
7. Customization: Users have the ability to customize Anti-spam by CleanTalk settings to meet their specific needs and preferences, tailoring the spam protection to their site’s requirements.
8. Integration: Anti-spam by CleanTalk is designed to seamlessly integrate with Contact Form 7 and other popular form plugins, making it easy for users to implement spam protection without significant configuration.
Anti-Spam by CleanTalk

It’s important to note that the choice between Anti-spam by CleanTalk and reCAPTCHA may depend on the specific needs and preferences of individual website owners. Some users may prioritize ease of use and a seamless user experience, while others may prioritize the high level of bot detection offered by reCAPTCHA. Ultimately, the choice between these solutions should align with your website’s goals and the user experience you want to provide. Additionally, some users may opt to use both solutions in combination to enhance spam protection further.

How to install Anti-Spam by CleanTalk?

To install and configure the “Anti-Spam by CleanTalk” WordPress plugin for your website, follow these steps:

1. Log in to Your WordPress Dashboard:

Navigate to your WordPress admin dashboard by entering your site’s URL followed by “/wp-admin” (e.g., “https://yourwebsite.com/wp-admin“).

2. Access the Plugins Section:

In the WordPress dashboard, locate and click on the “Plugins” option in the left-hand menu.

3. Click “Add New”:

On the Plugins page, click the “Add New” button at the top of the screen. This will take you to the Add Plugins page.

4. Search for “Anti-Spam by CleanTalk”:

In the search bar on the Add Plugins page, type “Anti-Spam by CleanTalk” and press Enter. The search results will appear.

5. Install the Plugin:

Locate the “Anti-Spam by CleanTalk” plugin in the search results. Click the “Install Now” button next to the plugin’s name.

6. Activate the Plugin:

After installation, a new button will appear that says “Activate.” Click this button to activate the Anti-Spam by CleanTalk plugin.

7. Enter Your Access Key:

Once the plugin is activated, you’ll need to enter your access key to enable the anti-spam features. You can obtain the access key by signing up for CleanTalk on their website (https://cleantalk.org/) and subscribing to their service. After subscribing, you’ll receive an access key via email.

a. In the WordPress dashboard, go to “Settings” in the left-hand menu.

b. Click on “Anti-Spam by CleanTalk” from the submenu.

c. Enter your access key in the provided field.

d. Click the “Check Access Key” button to validate your access key.

8. Configure Settings:

Once your access key is validated, you can configure the plugin settings according to your preferences. The settings allow you to customize the anti-spam protection for your site, including options for comments, registrations, contact forms, and more.

9. Save Changes:

After configuring your settings, don’t forget to click the “Save Changes” button to apply your chosen anti-spam settings.

10. Verify That It’s Working:

To ensure that the plugin is effectively blocking spam, just use email stop_email@example.com in a contact form 7. You have to see a special response from Anti-Spam by CleanTalk that describes a reason for blocking.
```
*** Forbidden. Sender blacklisted. ***
```
Anti-Spam by CleanTalk shows the reason of blocking form submission.

11. Periodic Review:

Periodically review the plugin’s dashboard to check its performance and verify that it’s actively blocking spam submissions. CleanTalk provides statistics on the number of spam attempts blocked.

That’s it! You’ve successfully installed and configured the “Anti-Spam by CleanTalk” plugin on your WordPress website. This plugin will help protect your site from unwanted spam submissions and improve the overall security and user experience of your WordPress site.
February 25, 2026