How can I stop spam in Quform?

You can reduce Quform spam by using CleanTalk as the main site-level anti-spam filtering layer and combining it with Quform built-in tools where needed. A strong setup can include CleanTalk, Quform honeypot, reCAPTCHA, image CAPTCHA, validators, and time-based spam prevention depending on the risk level of each form.

How does CleanTalk Anti-Spam work with Quform?

CleanTalk works as a WordPress-level anti-spam layer. Once installed and connected to the CleanTalk cloud, it helps check suspicious form submissions before they are processed as normal Quform entries. CleanTalk analyzes IP, email, and submission data and helps reduce fake messages, bot submissions, junk inquiries, and low-quality entries without adding classic CAPTCHA friction for real users.

Does Quform support reCAPTCHA and image CAPTCHA?

Yes. Quform includes built-in anti-spam options such as honeypot, image CAPTCHA, and reCAPTCHA. These tools can be useful as additional form-level protection, especially on higher-risk forms or pages that receive repeated automated submissions.

What is time-based spam prevention in Quform?

Time-based spam prevention rejects submissions that are sent too quickly after the form is displayed. This helps catch automated bots that submit forms faster than a real user normally would. It is a passive protection layer because it can add spam filtering without showing an extra visible challenge to visitors.

How can I test Quform spam protection with CleanTalk?

Open the page with your Quform form in an Incognito or private browser tab and submit the form using the test email stop_email@example.com. Then check both the frontend result and the backend side: Quform entries, database records, email destination, and the CleanTalk cloud dashboard. If protection is working properly, the submission should be blocked or should not be processed as a normal legitimate entry.

Can better spam protection improve Quform lead quality?

Yes. When fake messages, bot submissions, junk inquiries, and low-quality entries are filtered before they enter the workflow, teams spend less time cleaning inboxes and stored entries. Better filtering helps keep form data cleaner and makes it easier to focus on real inquiries.

What is Forminator in WordPress?

Forminator is a WordPress form builder plugin that allows users to create contact forms, payment forms, quizzes, polls, and surveys using a drag-and-drop interface.

Why do Forminator forms receive spam submissions?

Spam bots target online forms to send unsolicited messages, create fake registrations, or test payment forms. Without protection, Forminator forms can receive automated and manual spam.

How can I stop spam in Forminator forms?

You can stop spam by enabling Honeypot protection, using CAPTCHA integrations like reCAPTCHA, hCaptcha, or Turnstile, or installing dedicated anti-spam plugins such as CleanTalk or Akismet.

Does Forminator support Google reCAPTCHA?

Yes. Forminator supports Google reCAPTCHA integration, allowing administrators to verify users and reduce automated spam submissions.

Can I use hCaptcha with Forminator?

Yes. Forminator supports hCaptcha as a privacy-focused alternative to reCAPTCHA for protecting forms from bots and spam.

Does Forminator support Cloudflare Turnstile?

Yes. Cloudflare Turnstile can be integrated with Forminator to provide invisible bot protection without traditional CAPTCHA challenges.

What is Honeypot protection in Forminator?

Honeypot protection uses hidden form fields that are invisible to real users but detectable by bots. If completed, the submission is automatically identified as spam.

How does CleanTalk Anti-Spam work with Forminator?

CleanTalk provides cloud-based spam filtering that automatically blocks spam submissions without CAPTCHA, protecting contact forms, payments, surveys, and registrations.

Can Akismet protect Forminator forms?

Yes. Akismet can filter spam submissions by analyzing form content against its global spam database and blocking suspicious messages automatically.

Which anti-spam plugins are compatible with Forminator?

Forminator works with several anti-spam tools including CleanTalk, Akismet, WP Armour, OOPSpam, Maspik, and other universal WordPress anti-spam plugins.

Is CAPTCHA enough to stop spam in Forminator?

CAPTCHA helps reduce automated spam but cannot stop all attacks. Combining CAPTCHA with additional anti-spam tools provides more reliable protection.

How can I test Forminator spam protection?

You can test protection by submitting a form using known spam data or blocked email addresses and verifying that the submission is rejected.

Why are form notification emails going to spam?

Emails may go to spam if SMTP authentication is not configured. Using an SMTP plugin with a verified sender improves email deliverability.

What is the best spam protection setup for Forminator?

The most effective setup combines multiple layers such as Honeypot, a CAPTCHA or Turnstile verification, and a dedicated anti-spam plugin for advanced filtering.

Can spam protection improve form conversion rates?

Yes. Invisible spam protection solutions reduce friction for visitors, helping maintain a smooth user experience and improving form completion rates.

Does CleanTalk protect against donor email leaks?

Yes. Anti-Spam by CleanTalk helps protect against donor email leaks by obfuscating email addresses by default, including cases where emails may be exposed in HTML even if invisible on the page.

We received hundreds of spam donations immediately after installing GiveWP. How to fix it?

Install an anti-spam solution. As an additional mitigation, increase the minimum donation amount (for example to $10+) because bots often test donation forms with small amounts like $1–$5.

A donor is trying to submit recurring donations but the transaction isn’t being processed because the donor’s email is considered spam.

False positives can happen. Submit a support ticket or add the donor to the Allow list so their donations can go through.

I already use WPForms built-in anti-spam. Do I really need CleanTalk?

WPForms includes an anti-spam token and optional honeypot, which are great for blocking basic bots. CleanTalk adds a cloud-based layer on top, using IP and email reputation and a global spam database to catch more advanced spam and reduce manual clean-up.

Will CleanTalk slow down my WPForms submissions?

CleanTalk is designed to work in the background and uses a lightweight request to its cloud service. From the visitor’s perspective, the WPForms submission flow remains the same: they simply fill out the form and either see a normal success message or an anti-spam notice if blocked.

Can CleanTalk protect all my WPForms forms or only the main contact form?

Once the Anti-Spam plugin is installed and connected to the CleanTalk cloud, it can protect any WPForms form that uses the standard processing flow, including contact forms, quote and booking forms, lead generation forms, surveys and payment forms.

What happens to blocked WPForms submissions?

When CleanTalk blocks a submission, the entry is not stored as a normal WPForms record and the user sees an anti-spam message instead. The attempt is still logged in the CleanTalk dashboard with IP, email, page URL and reason, so you can review it and whitelist legitimate senders if needed.

How do I know if CleanTalk is really reducing spam in WPForms?

You can compare spam volume in your WPForms entries and inbox before and after enabling CleanTalk, and also check the CleanTalk cloud dashboard to see how many WPForms submissions were blocked. Together these metrics show whether spam is going down over time.

Can I use CleanTalk together with reCAPTCHA, hCaptcha or Cloudflare Turnstile in WPForms?

Yes. CleanTalk is compatible with WPForms CAPTCHA providers. A common setup is to keep CleanTalk Anti-Spam and SpamFireWall as the main spam filter, while using reCAPTCHA, hCaptcha or Cloudflare Turnstile on high-risk forms where you want visible or invisible bot verification.

What if CleanTalk starts blocking legitimate WPForms users?

If you suspect false positives, you can review blocked requests in the CleanTalk dashboard and whitelist specific IP addresses, email addresses or countries using Personal lists. You can also contact CleanTalk support with examples so they can adjust filters for your specific case.

Does better spam protection in WPForms affect conversions?

Yes. When spam is filtered in the background and visitors are not forced to solve multiple CAPTCHAs, WPForms remain easy to complete. This reduces form abandonment, keeps lead lists cleaner and helps your team focus on real submissions instead of deleting spam.

Tag: Anti-Spam Plugins

Quform Spam Protection in 2026: How to Stop Fake Messages, Bot Submissions, and Junk Entries

If you use Quform on a WordPress website, spam will eventually become a real problem. Fake messages, bot submissions, junk inquiries, and low-quality entries can quickly fill your inbox and make genuine submissions harder to manage.

This guide explains how to set up Quform spam protection using CleanTalk as the main filtering layer on your website, together with additional tools already available inside Quform, such as honeypot, image CAPTCHA, reCAPTCHA, validators, and time-based spam prevention. Quform’s official features page explicitly lists honeypot, image CAPTCHA, and reCAPTCHA as built-in spam-prevention options, while its blog documents time-based spam prevention as an added passive layer.

This protection approach can be applied to contact forms, quote requests, lead forms, booking forms, surveys, upload forms, and other public-facing forms created in Quform. Quform also supports saving form data to a custom database table, which makes clean submissions even more important over time.

Quform banner from https://www.quform.com/

Quform for WordPress

Before looking at protection methods, it helps to understand how Quform is used on WordPress sites.

Quform is a premium WordPress form builder by ThemeCatcher. On its official site, it is positioned as a professional drag-and-drop form builder for WordPress, and its features page highlights custom autoreplies, import/export, validators, filters, database saving, and built-in anti-spam tools.

In practice, Quform can help website owners:

create contact and inquiry forms

collect leads and quote requests

save submissions to the database

build more advanced multi-field and conditional forms

That flexibility is exactly why spam becomes an issue. Once a form is public, it can attract bots, fake submissions, repeated junk messages, and low-quality lead traffic.

Quform’s official homepage describes it as CodeCanyon’s favorite or best-selling form builder for WordPress. Because Envato search snippets do not consistently expose a stable per-item sales count in every view, this is the safest current way to describe its market footprint without overstating a number from an outdated snapshot.

As Quform shows on its official website, the plugin has been on the market for over 10 years, has 30,000+ downloads, and is presented as a 5 star rated form builder for WordPress.

Plugin Homepage at Quform | Product Page at CodeCanyon.

Why Quform Attracts Spam

Quform is built to make make both form building and form submission smooth. That is good for real visitors, but it also makes forms attractive to bad traffic.

In real-world use, the most common issues usually include:

automated bot messages
repeated junk submissions
low-quality or fake leads
form abuse on highly visible public pages

This matters even more in Quform because the plugin can save form data to a custom database table. If spam is not filtered well enough, it can affect not only inboxes, but also stored submission data and internal workflows.

Anti-Spam by CleanTalk

The main tool we’re going to use here is CleanTalk Anti-Spam.

CleanTalk is a cloud-based anti-spam service for WordPress sites. Its official WordPress plugin page describes it as CAPTCHA-free spam protection for forms, comments, registrations, subscriptions, and many other submission types, and the current WordPress.org listing shows more than 200,000 active installations.

In practical terms, CleanTalk helps by:

filtering suspicious submissions before they are processed

checking sender reputation and email quality

detecting automated and repeated abuse patterns

reducing junk entries before they reach Quform inboxes or stored submissions

That matters because the real cost of Quform spam is not only inbox clutter. It also means wasted time, weaker lead quality, and noisier data inside form workflows.

According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,168 reviews and an average rating of 4.7.

Plugin Homepage at cleantalk.org | Latest release at GitHub.com | Website cleantalk.org

Install the CleanTalk Anti-Spam plugin

Show Instructions

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you know how to completely protect your HivePress from spam.

Once that is done, your website has a background anti-spam layer that can help reduce suspicious Quform activity before unwanted messages reach their destination.

How CleanTalk Fits into the Quform Workflow

Quform runs inside WordPress, so the strongest place to apply protection is before a submission is treated as a normal message.

That means the focus should not be only on what the form looks like on the frontend. The more important point is what happens when the submission reaches WordPress.

If a site uses Quform for contact requests or lead capture, a site-level anti-spam layer can help stop suspicious submissions before they become normal entries.

If the website uses custom handlers, automations, autoresponders, or database saving after submission, the filtering layer should still be placed before the message is accepted into the workflow.

That is the key principle: do not wait until junk has already reached your inbox or stored data. Stop it earlier in the process.

How to Check Whether Spam Protection Works

A simple way to test the setup is to use the following test address:

stop_email@example.com

Open the page with your Quform form in an Incognito or private browser window.

Submit the form using that email address.

If everything is configured properly, the submission should be blocked or should not appear as a normal legitimate entry in your form workflow.

When testing, check both sides of the process:

the frontend, to see whether the form accepts the submission
the form entries, database records, or email destination, to verify that the message was not processed as a normal inquiry

This matters because a form may appear to submit on the surface while the real question is whether the message actually made it into your workflow.

Cloud Dashboard and Monitoring

Blocking spam is only one part of the job. Good protection also gives you visibility into what is happening.

In the anti-spam dashboard, it is useful to review:

sender IP and email
submission time
source page
approval or denial status
the likely reason a message was flagged

This makes it easier to spot recurring spam waves, identify weak pages, and understand which forms attract the most junk traffic.

That visibility helps you fine-tune the setup over time instead of guessing.

Honeypot, CAPTCHA, reCAPTCHA, and Additional Anti-Spam Options

Besides CleanTalk, Quform already includes several useful anti-spam controls.

Honeypot

Quform’s official features page lists honeypot as one of its built-in spam-prevention options. Its blog also explains that the honeypot field was improved so that it is randomly placed through the form and made to look more like normal fields to bots, which increases its usefulness against simple automation.

Honeypot is especially useful when:

you want an invisible anti-spam measure
you do not want to interrupt the user experience
you need a lightweight first barrier against simple bots

Its limitation is that it works best against simpler automation, not every type of spam.

Image CAPTCHA

Quform also includes a built-in image CAPTCHA option. The official features page lists image CAPTCHA as one of Quform’s three built-in CAPTCHA methods.

Image CAPTCHA can be useful when:

you want a visible challenge inside the form
you are dealing with repeated automated submissions
you need an extra checkpoint on high-risk forms

The tradeoff is friction: visible CAPTCHA fields can reduce completion rates on some forms.

Google reCAPTCHA

Quform’s features page also lists reCAPTCHA as a built-in spam-prevention option, and release notes mention fixes and support work related to the reCAPTCHA field.

reCAPTCHA can be helpful when:

you want a familiar anti-bot checkpoint
your site is seeing repeated automated submissions
you need an extra verification layer alongside broader filtering

At the same time, reCAPTCHA should not be treated as the only line of defense.

Time-Based Spam Prevention

Quform’s blog documents a time-based spam prevention option. By default, submissions made too quickly after the form is displayed can be rejected, which helps catch automated behavior that moves faster than real users.

This is especially useful as a passive layer because it adds protection without introducing a visible challenge.

Why Quform Spam Becomes a Bigger Problem Over Time

Spam in Quform is not just a temporary annoyance. It tends to become an operational problem.

Once junk submissions start slipping through, they can:

clutter inboxes and notifications
reduce the quality of collected leads
waste time on manual review
fill saved form data with low-value entries

This is especially important if the site uses Quform not only for simple contact forms, but also for quote requests, support flows, surveys, or other business-critical form workflows.

Comparison of Anti-Spam Approaches for Quform

Solution	Main role	Strengths	Limitations	Best use case
Quform honeypot	Built-in invisible anti-bot layer	Native to Quform, invisible to users, improved by random placement	Limited against more advanced spam patterns	Sites that want a lightweight first layer inside Quform
Quform image CAPTCHA	Built-in visible challenge	Native option, useful on higher-risk forms	Adds friction and may reduce completion	Forms that need an extra visible anti-bot step
Quform reCAPTCHA	Built-in anti-bot verification	Familiar, supported inside Quform, useful as an extra checkpoint	Should not be the only protection method	Sites that want a built-in additional anti-bot layer
Quform time-based protection	Passive speed-based filtering	Helps catch automated fast submissions without visible friction	Works best as a supporting layer	Sites that want low-friction passive filtering
CleanTalk	Core site-level anti-spam filtering	Filters suspicious submissions before they become normal entries, reduces junk leads, works without classic CAPTCHA friction	Usually strongest when combined with Quform’s native controls	Sites that want the main filtering layer to protect Quform submissions

In practice, the strongest starting point is to use one reliable primary anti-spam layer and then enable Quform’s built-in anti-spam options only where they add real value.

Frequently Asked Questions

Why is my Quform getting spam even though I already enabled CAPTCHA?

Because one visible challenge does not solve every type of abuse. CAPTCHA can reduce some automated traffic, but it does not always stop repeated junk submissions, low-quality manual spam, or more advanced automated behavior. Sites with heavier spam pressure usually need a stronger filtering layer behind the form as well.

Is Quform honeypot enough on its own?

For lower-risk forms, it may reduce a lot of basic bot traffic. But on its own, it is usually better treated as a first layer rather than a complete anti-spam strategy, especially if the form is highly visible or tied to lead generation.

What is the best anti-spam setup for Quform in 2026?

For most websites, the best setup is to use CleanTalk as the main filtering layer, keep Quform’s built-in honeypot enabled, and add reCAPTCHA, image CAPTCHA, or time-based protection only where they improve protection without creating too much friction.

Can Quform save spam submissions to the database?

Yes. Quform can save submitted form data to a custom database table, so if spam is not filtered properly, junk entries can affect not only inboxes but also stored submission data.

How can I test whether Quform spam protection is actually working?

Open the form page in an Incognito or private browser tab and submit it with the test email stop_email@example.com. Then check both whether the form accepts the submission on the frontend and whether the message appears in Quform entries, stored data, or your email destination. If protection is working properly, the submission should be blocked or should not be processed as a normal entry.

Why are real submissions being blocked together with spam?

That usually means one of the protection layers is too aggressive. Review your CAPTCHA settings, honeypot behavior, time-based filtering, and site-level spam filtering one by one. In most cases, the goal is not to remove protection entirely, but to tune it more carefully.

Recommended Anti-Spam Stack for Quform (2026)

Use case	Recommended setup	Why it works
Standard contact website	CleanTalk as the main anti-spam filtering layer + Quform honeypot	Helps block obvious spam while keeping the form experience smoother
Business website with valuable inquiries	CleanTalk as the main anti-spam filtering layer + honeypot + reCAPTCHA	Reduces bot submissions while improving lead quality
High-traffic public forms	CleanTalk as the main anti-spam filtering layer + honeypot + time-based protection + optional reCAPTCHA	Balances strong filtering with practical low-friction protection
Higher-risk lead or quote forms	CleanTalk as the main filtering layer + honeypot + image CAPTCHA or reCAPTCHA	Adds extra protection where form abuse has a higher business cost
Sites focused on low friction	CleanTalk as the main anti-spam filtering layer + honeypot + time-based protection	Adds protection while keeping the form experience as smooth as possible

Final Thoughts

No single anti-spam tool can stop every kind of unwanted Quform submission.

Some controls are better at catching simple bots. Others add visible or invisible verification at the form level. The most reliable approach is to combine one strong primary filtering layer with Quform’s built-in anti-spam options in a way that matches the risk level of each form.

For most WordPress websites using Quform, the strongest setup is to use CleanTalk as the main site-level anti-spam layer, keep Quform’s built-in honeypot enabled, and add reCAPTCHA, image CAPTCHA, or time-based protection only where extra verification is needed. Quform’s own documentation confirms that these anti-spam tools are built into the product, while CleanTalk provides broader WordPress-level spam filtering.

This combination helps keep bad submissions out of your workflow, reduces noise in your inbox and stored entries, and makes it easier to focus on real inquiries.

Stop form spam without frustrating your visitors

Create your CleanTalk account and start blocking fake messages, bot submissions, junk inquiries and low-quality Quform entries — no CAPTCHA challenges and no impact on real visitors.

API Plugins

April 28, 2026

Forminator Forms – Spam Protection Guide in 2026
If you use Forminator Forms, you may occasionally experience spam submissions. In the guide below, you’ll learn about several tools that help achieve complete spam protection for Forminator. In this post we will look at as built-in (in the plugin core) anti-spam tools like Honeypot, Google reCAPTCHA, hCaptcha, Cloudflare Turnstile. As well as, spam protection via third party plugins like Akismet, CleanTalk and OOPSpam.

Forminator Forms – Contact Form, Payment Form & Custom Form Builder

First of all, let’s figure out what Forminator Forms are.

Forminator Forms is a powerful and user-friendly form builder plugin for WordPress that allows you to create contact forms, registrations, payment forms, quizzes, and polls without coding. Developed by WPMU DEV, the plugin has gained popularity for its flexibility and reliable spam protection designed to reduce spam submissions across websites. Since its release in 2018, Forminator has continued to evolve, introducing new integrations, improving usability, and strengthening tools that help website owners fight spam more effectively. The plugin supports payment providers such as Stripe and PayPal, enabling secure transactions while maintaining strong spam protection for payment and contact forms. Regular updates keep the plugin compatible with modern WordPress versions and current security standards, helping prevent spam attacks and automated bot activity.

As WordPress.org shows, Forminator is currently used on over 600,000 websites and has 2,034 user reviews with an average rating of 4.8.

Plugin Homepage at wordpress.org | Website wpmudev.com

Install Forminator Forms, Surveys, Quizzes, Polls, Calculations and More…
Installation is as easy as following these steps.

1. Search for the plugin in WordPress console -> Plugins -> Add plugin -> Search -> Type ‘forminator‘

Forminator search, install and activation.

2. Install and Activate the plugin.

3. Add the very first contact form in WordPress console -> Forminator > Forms -> +ADD NEW -> Customer service -> Contact form.

WordPress console -> Forminator > Forms -> +ADD NEW -> Customer service -> Contact form.

4. Click Publish in top-left corner.

5. That’s all! Your form is ready to go, just use a short code like this on any page or post of your site.
```
[forminator_form id="123"]
```
Form is ready to go, use shortcode.
Anti-Spam plugin by CleanTalk for WordPress

The next plugin we are going to use is the Anti-Spam plugin by CleanTalk. Here is a short description of it,
- CleanTalk is a cloud-based spam protection for websites, founded in 2012.
- It automatically blocks spam without CAPTCHAs or disrupting user experience.
- Protects multiple form types: contact forms, payment forms, registrations, comments, and surveys.
- Stops both automated bots and manual spam submissions.
- Uses advanced filtering algorithms and a global spam detection network.
- Detects spam activity based on IP addresses, email addresses, and behavioral patterns.
- Users can apply custom filtering rules.
- Allows filtering or blocking by IP, email, and country.
- Works automatically in the background with easy installation.
According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,165 reviews and an average rating of 4.8.

Plugin Homepage at cleantalk.org | Latest release at Github.com | Website cleantalk.org

Install the CleanTalk Anti-Spam plugin

Show Instructions

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you know how to completely protect your Forminator Forms from spam.

Check if spam protection works with Forminator Forms

The best way to text the spam protection by using a test email,

stop_email@example.com
1. Open page with your form (don’t forget to add the shortcode in the page content) in Incognito browser tab.
2. Fill out the Contact form using stop_email@example.com as sender’s email.
3. Send the form.
4. You should see a message from the Anti-Spam plugin confirming that a spam submission was blocked.
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

Spam submission was blocked in contact form by Forminator.

Cloud Dashboard

In addition, in the Cloud Dashboard you can find extra details regarding all submissions made via form,
- IP, Email of the sender. As well as history of activity a sender among other sites connected to CleanTalk’s cloud.
- Geolocation of the sender.
- Date and time of submission.
- Page (URL) of the submission.
- Cloud decision – Approved, Denied.
- Cloud explanation for the decision.
- Tools to move the sender to Block or Allow lists.
Anti-Spam Cloud Dashboard, Forminator form.

Google reCAPTCHA, hCaptcha, and Cloudflare Turnstile

Also, let’s have a look at cloud, anti-spam services that we have for Forminator forms,
1. The plugin has core integration with many CAPTCHA services,
  - Forminator integrates with Google reCAPTCHA, helping users reduce spam submissions while adding an extra layer of security to contact forms, registrations, and surveys. This allows website owners to protect their forms automatically without complex configuration. To activate this service obtain Site key and Secret key on the site.
  - hCaptcha support. Forminator users can reduce spam submissions while maintaining better privacy for visitors and improving overall form security.
    
    Key benefits of hCaptcha over reCAPTCHA,
    
    Better privacy for visitors. hCaptcha collects less user tracking data compared to Google reCAPTCHA, which is important for privacy-focused websites and GDPR-sensitive regions.
    
    Reduced dependence on Google services. Using hCaptcha allows Forminator users to avoid relying on Google infrastructure, which some organizations prefer for compliance or branding reasons.
    
    Potential monetization option. hCaptcha offers a program where site owners can earn small rewards for solving challenges, something reCAPTCHA does not provide.
    
    hCaptcha requires Site Key and Secret key as well, which can be obtained on site.
  - Cloudflare Turnstile. By integrating with Cloudflare Turnstile, Forminator users can protect their forms from spam and bots without showing traditional CAPTCHA challenges. Turnstile works invisibly in the background, helping improve user experience while maintaining strong spam protection for contact forms, registrations, payments, and surveys. This reduces friction for real visitors, increases form completion rates, and keeps submissions clean without interrupting the workflow.
    
    Main benefits of Cloudflare Turnstile over Google reCAPTCHA,
    
    Invisible verification. Turnstile works mostly in the background without puzzles or image challenges, so visitors can submit Forminator forms faster and with less frustration compared to reCAPTCHA.
    
    Higher form conversion rates. Because users are not interrupted by CAPTCHA challenges, contact forms, surveys, and payment forms typically see fewer abandoned submissions.
    
    Strong privacy approach. Turnstile is designed to minimize user tracking and does not rely on extensive behavioral profiling, which makes it more privacy-friendly than reCAPTCHA.
    
    Site Key and Secret key can be obtained on site.
  - All CAPTCHA services are aviable under settings Settings are under path WordPress console -> Forminator > Forms -> Settings -> CAPTCHA -> reCAPTCHA | hCaptcha | Turnstile.
Honeypot, Akismet and third-party Anti-Spam Plugins

Additionally, let’s consider standalone plugins and anti-spam mechanics that also works for Forminator forms,
1. Honeypot. Which is most simple anti-spam mechanic against primitive spam bots. It works by adding hidden fields that are only detected and filled by bots, allowing spam to be blocked automatically while legitimate users never see additional challenges. Because no CAPTCHA or interaction is required, honeypots help maintain a smooth user experience and improve form completion rates. This lightweight method is easy to enable and adds an extra layer of protection for contact forms, surveys, and registrations.
  - Settings are available per each individual form, the path is WordPress console -> Forminator > Forms -> FORM -> Settings -> Behavior -> Security. Please look at screenshots down below.
2. Third-party Anti-Spam plugins.
  - Akismet. Akismet helps Forminator users automatically filter spam submissions by analyzing form data against its global spam detection network. It works in the background to identify suspicious content and prevent unwanted messages from reaching your inbox or database. This reduces manual moderation and helps keep contact forms, surveys, and registrations clean. As a widely used WordPress anti-spam solution, Akismet is easy to enable and integrates naturally into existing WordPress workflows.
    
    In order to activate protection user must install, activate and get API key for third-party plugin Akismet and then turn integration under the settings WordPress console -> Forminator > Forms -> FORM -> Settings -> Behavior -> Security. Please look at screenshots down below.
  - WP Armour, OOPSpam, Maspik, and Simple CAPTCHA Alternative are universal anti-spam plugins for WordPress that provide reliable spam protection for Forminator users. All of these solutions can be found in the search results at wordress.org.
CAPTCHA services at Forminator settings. Google reCAPTCHA, hCaptcha, Cloudflare Turnstile.

Honeypot and Akismet in Forminator.

WP Armour, OOPSpam, Maspik, and Simple CAPTCHA Alternative.

Here is a guide by WPMU DEV. It tells how to protect Forminator with additional cloud services such as Honeypot (not as service), Google reCAPTCHA, hCaptcha, Cloudflare Turnstile. Third party plugins like Akismet, and OOPSpam. If you want a broader option for registration and form protection, see our Akismet alternative for Forminator.

Frequently Asked Questions (FAQ)
Cannot stop spam from coming through forms no matter what…

If nothing works in this guide, try a few more things,
1. Block spammers by particular IPs, Countries via Personal lists under your CleanTalk’s account.
2. Submit a support request, we will do our best to tune spam protection for your specific case.
v3 reCAPTCHA not saving in Forminator Settings. V2 shows ‘ERROR for site owner: Invalid key type’

Forminator’s team doesn’t have a solution for this error, but advices to switching to hCaptcha, read more.

Forminator x hCaptcha does not prevent spam

The main recommendation is to avoid relying on hCaptcha alone, enable Forminator’s honeypot protection, prevent plugin conflicts, and use layered anti-spam methods for better results. WordPress.org.

Emails from website contact form going to spam.

The recommended solution is to check SMTP configuration using a real email account so the website sends messages through authenticated mail servers instead of the default PHP mail system. Installing and configuring an SMTP plugin ensures proper email delivery and improves sender reputation, preventing form notifications from being marked as spam. WordPress.org.

Recommended Anti-Spam Stack for Forminator (2026)

Finally, no single anti-spam tool can stop every type of spam submission. The most reliable approach for Forminator users is a layered protection stack, where each tool blocks a different category of bots and spam behavior.

Recommended setup by site type
- Business website: CleanTalk + Honeypot.
- High-traffic landing pages: CleanTalk + Turnstile.
- Membership / registration sites: CleanTalk + Turnstile or hCaptcha.
By now, all spam issues in your Forminator contact, survey, poll, or quiz forms should be resolved. If not, Sign Up for an account and our support team will be happy to help you.

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking spam forms, surveys, polls and quiz answers — no CAPTCHA challenges and no impact on visitors.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 9, 2026
GiveWP Spam Protection guide in 2026. Stop spam donations!
CleanTalk has added spam protection for GiveWP using direct form integration. This makes it a good opportunity to explore how to protect GiveWP against spam submissions using both built-in anti-spam tools integrated into the plugin core and third-party solutions. We will start with CleanTalk and then move on to Akismet, Google reCAPTCHA, Cloudflare Turnstile, honeypot techniques, and universal anti-spam plugins available on WordPress.org.

GiveWP banner at https://wordpress.org/plugins/give/

GiveWP – Donation & Fundraising Plugin for WordPress

In case of any misunderstanding or misinterpretation about which plugin we are referring to, allow me to provide a brief overview of GiveWP

GiveWP is a powerful WordPress donation plugin that helps nonprofits, charities, and organizations accept online donations directly on their websites. It allows you to create fully customizable donation forms and securely collect one-time or recurring donations without relying on third-party fundraising platforms. To maintain secure fundraising, GiveWP can be combined with spam protection solutions that help prevent fake donations, bot submissions, and fraudulent registrations. The plugin supports popular payment gateways such as PayPal and Stripe, making it easy for donors to contribute using their preferred payment method. Built-in reporting, donor management tools, and fundraising goal tracking help organizations monitor performance and grow contributions. With a wide range of add-ons and integrations, GiveWP scales from small campaigns to large nonprofit organizations while following WordPress best practices for reliability and security.

According to WordPress.org, over 100,000 websites use this plugin.

Install GiveWP – Donation Plugin and Fundraising Platform

Show Instructions

To have the plugin installed follow this steps,

1. Search for the plugin in WordPress console -> Plugins -> Add plugin -> Search -> givewp

2. Install and Activate the plugin.

3. Add a campaign and forms in WordPress console -> GiveWP -> Campaigns -> Forms.

That’s all! GiveWP is installed.

Anti-Spam plugin by CleanTalk for WordPress

The next plugin we are going to use is the Anti-Spam plugin by CleanTalk. Here is a short description of it,

CleanTalk Anti-Spam plugin for WordPress protects your site from spam comments, contact forms, registrations, and fake donations without CAPTCHA. It uses cloud-based spam detection and real-time databases to block bots automatically while keeping the experience smooth for real users. CleanTalk works in the background and requires minimal setup, making it a reliable hands-off anti-spam solution.

CleanTalk has additional features like Block and Allow lists to manage specific Emails, IPs, Countries, custom frontend message to blocked donations and Emails obfuscation which might be helpful during fundraising events.

According to WordPress.org, over 200,000 websites use this plugin. All features of Anti-Spam plugin for WordPress.

How to install CleanTalk Anti-Spam plugin

Show Instructions

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! GiveWP is completely protected, let’s see how to test the protection.

How to check spam protection for GiveWP Forms

You can test the work of Anti-Spam protection for GiveWP by using a test email,

stop_email@example.com
1. First, open the form in an Incognito browser tab.
2. Choose amount to donate.
3. In the next step fill out the account name data and the stop_email@example.com.
4. You must see a message as below and in the screenshot.
*** Forbidden. Fraud prevention. Sender blacklisted. Anti-Spam by CleanTalk. ***

In addition, in the Cloud Dashboard you can find extra details regarding all submissions for the donation form,
- IP, Email of the donator. As well as history of activity a sender among other sites connected to CleanTalk’s cloud.
- Geolocation of the sender.
- Date and time of submission.
- Page (URL) of the submission.
- Cloud decision – Approved, Denied.
- Cloud explanation for the decision.
- Tools to move the sender to Block or Allow lists.
What additional anti-spam tools are available for GiveWP?

Here are a few more tools on the market,
1. Akismet is a cloud-based anti-spam service that works in the background and has excellent compatibility with WordPress. Most importantly, the GiveWP team has included Akismet integration directly in the core of the plugin, providing a seamless user experience for those who choose Akismet as their anti-spam solution. Akismet settings are located under WordPress console -> GiveWP -> Settings -> Advanced -> Akismet SPAM Protection. Here is full guide how to setup protection.
2. Honeypot anti-spam techniques protect websites by adding invisible form fields that real users never see but spambots automatically fill in. When these hidden fields are completed, the submission is flagged and blocked, stopping spam without CAPTCHAs or user interaction. GiveWP has built-in honeypot which is located under settings WordPress console -> GiveWP -> Settings -> Security -> Enable Honeypot Field. This option is On in default setting, so should filter some primitive spam bots out of the box.
3. reCAPTCHA is a spam protection technology by Google that helps protect WordPress websites by distinguishing real users from bots using challenges or behavioral analysis. It reduces automated spam submissions but may require user interaction, such as clicking a checkbox or solving a challenge. GiveWP supports reCaptcha in the core and settings are located by path WordPress console -> GiveWP -> Settings -> General -> Access Control -> reCaptcha. The first step to activate this protection is getting Site and Secret keys, which are available on website.
4. Turnstile by Cloudflare is another great anti-spam tool which is available for GiveWP. Protects WordPress websites by verifying visitors automatically without CAPTCHAs or puzzles. It blocks bots using browser and behavioral signals while keeping the experience seamless for real users. One drawback is to use Turnstile user must install extra plugin – ‘Give – Cloudflare Turnstile’. The full guide is here.
5. And we have bunch of standalone, universal, all-in-one plugins like Zero Spam, OOPSpam, hCaptcha for WP which provide anti-spam protection for GiveWP as well. Here is a link to download one of them.
Here are screenshots for tools above.

I have questions… (FAQ)

Does CleanTalk protect against donors emails leak?

In July 2025, a vulnerability in GiveWP led to an email data leak of Pihole donators. Yes, Anti-Spam by CleanTalk helps protect against such issues. In this case, email addresses were exposed in the HTML code, even though they were invisible on public pages. The plugin prevents this by obfuscating email addresses by default.

We received hundreds of spam donations immediately after installing GiveWP plugin. How to fix it?

If you do not have specific anti-spam tool installed. Increasing the minimum donation amount can help stop spam, as bots usually test forms with small payments like $1–$5. Setting a $10+ minimum helps filter out these low-effort automated attacks.

A donor is trying to submit recurring donations but the transaction isn’t being processed because the donor’s email is considered spam.

False/positives sometimes happen. In this case just post a support ticket or put this donor in Allow list.

Final thoughts

I hope this guide helped resolve all spam issues on your donation form. If not, Sign Up for an account and our CleanTalk team will be happy to help.

Stop spam without frustrating your visitors

Create your CleanTalk account and start blocking spam donations — no CAPTCHA challenges and no impact on visitors.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 9, 2026
WPForms Spam Protection in 2026
If you use WPForms for contact forms, lead generation, surveys, or payment forms, you will eventually face spam – fake submissions, junk leads, and bot activity.

This guide explains how to set up WPForms spam protection using:
- the Anti-Spam plugin by CleanTalk with a direct integration for WPForms, and
- additional tools like Google reCAPTCHA, hCaptcha, Cloudflare Turnstile, honeypots and third-party anti-spam plugins.
The integration protects WPForms forms such as:
- simple contact forms,
- marketing and lead forms,
- “Request a quote” and booking forms,
- registration / login / newsletter forms (where used with WPForms).
WPForms continues to handle the form UI and workflow, while CleanTalk filters spam in the background without adding CAPTCHAs to every form.

WPForms – Easy Form Builder for WordPress

First, let’s quickly look at WPForms itself and the types of sites that rely on it.
WPForms is a popular drag-and-drop form builder plugin for WordPress that lets you create:
- contact and feedback forms,
- quote and booking forms,
- newsletter and marketing forms,
- payment / donation forms (Stripe, PayPal, etc.),
- surveys, polls, and custom calculators,
- login, registration, and other application-style forms.
Out of the box WPForms provides:
- a visual drag-and-drop builder and 2000+ pre-built form templates,
- responsive, mobile-friendly layouts,
- built-in spam protection (anti-spam token and optional honeypot),
- integrations with major email marketing services and CRMs,
- payment integrations with Stripe, PayPal, Square, and others.
Because WPForms forms are often publicly accessible (contact pages, landing pages, sign-up forms), they become an easy target for spam bots and human spammers. That’s why it’s important to have a reliable WPForms spam protection setup from the beginning.

As WordPress.org shows, WPForms Lite is currently active on over 6 million websites and has 14,274 user reviews with an average rating of 4.8 out of 5.

Plugin Homepage at wordpress.org | Website wpforms.com

Install WPForms and create your first form
You can set up WPForms in just a few steps:
1. In your WordPress admin go to
  Plugins → Add New and search for “WPForms”.
1. Click Install and then Activate the plugin.
2. Customize the fields as needed and click Save.
3. Embed the form on a page using the WPForms block in the editor or the form shortcode.
After that, your first WPForms form is live and ready to accept submissions.
Anti-Spam plugin by CleanTalk for WordPress

The next tool we’re going to use is the Anti-Spam plugin by CleanTalk.
Here’s a brief overview:
- CleanTalk is a cloud-based spam protection platform for websites, operating since 2012.
- It filters spam without CAPTCHAs, challenge questions or image puzzles, so visitors don’t have to solve anything extra.
- It protects many kinds of forms: comments, user registrations, contact forms, orders, subscriptions, surveys, and more.
- It blocks both automated bots and human spammers using advanced filtering algorithms and data from a global spam database.
- It detects spam based on IP reputation, email reputation and behavioral patterns.
- It allows you to set custom rules and block by IP, email address, country or language when needed.
- It runs quietly in the background, and the plugin is straightforward to install and configure.
According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,168 reviews and an average rating of 4.7.

Plugin Homepage at cleantalk.org | Latest release at GitHub.com

Install the CleanTalk Anti-Spam plugin

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s all – WPForms are now protected From this moment,CleanTalk automatically protects the WPForms registration form (REST route /wp-json/wpformspress/v1/users/), and the Add Listing form used to submit new listings.

You don’t need to paste any shortcodes – just use WPForms as usual, and CleanTalk will filter spam in the background.

Check if spam protection works with WPforms.

The best way to text the spam protection by using a test email,

stop_email@example.com
1. Open a page with a WPForms (for example, the registration popup or the Add Listing form) in an Incognito / private browser tab.
2. Fill out the Contact form using stop_email@example.com as sender’s email.
3. Send the form.
4. You should see a message from the Anti-Spam plugin confirming that a spam submission was blocked.
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

If you see this message, it means CleanTalk successfully protects your WPForms (registration and Add Listing) from spam.

Cloud Dashboard

In addition, in the Cloud Dashboard you can find extra details regarding all submissions processed by CleanTalk, including WPForms registration and Add Listing forms:
- IP and email of the sender, as well as the sender’s activity history across other websites connected to the CleanTalk cloud.
- Geolocation of the sender.
- Date and time of the submission.
  Page (URL) where the form was submitted (for example, a specific listing submission page).
- Cloud decision – Approved or Denied.
- Cloud explanation for the decision (e.g. blacklisted email, bad IP reputation, spam text, etc.).
- Tools to move the sender to Block or Allow lists so you can fine-tune WPForms spam protection.
Google reCAPTCHA, hCaptcha, and Cloudflare Turnstile in WPForms

In addition to CleanTalk, WPForms itself supports several CAPTCHA and anti-bot services:
- Google reCAPTCHA,
- hCaptcha,
- Cloudflare Turnstile.
These services act as a visible or invisible verification layer on top of your forms, while CleanTalk continues to filter spam submissions in the background.

Google reCAPTCHA (WPForms integration)

WPForms has built-in support for Google reCAPTCHA (v2 Checkbox, v2 Invisible, and v3):
1. Register your website in the Google reCAPTCHA admin console and generate a Site Key and Secret Key.
2. In WordPress go to WPForms → Settings → CAPTCHA.
3. Choose reCAPTCHA as the provider and paste your keys.
4. Select which reCAPTCHA type you want to use (checkbox, invisible, or v3 score-based).
5. Edit your forms and enable reCAPTCHA where needed (WPForms shows a toggle or field depending on the type).
reCAPTCHA helps block obvious automated submissions by requiring users to solve a challenge or by scoring their behavior, while CleanTalk still checks the content and sender reputation.

hCaptcha

WPForms also supports hCaptcha as a privacy-focused alternative to Google reCAPTCHA:

Key benefits of hCaptcha compared to reCAPTCHA:
- Stronger focus on privacy – hCaptcha collects less user tracking data, which is important for privacy-oriented and GDPR-sensitive projects.
- Less dependence on Google – useful for brands that prefer to minimize their reliance on Google infrastructure.
- Optional monetization options for some hCaptcha plans, which reCAPTCHA doesn’t provide.
To use hCaptcha with WPForms:
1. Obtain Site Key and Secret Key from the hCaptcha dashboard.
2. Go to WPForms → Settings → CAPTCHA, choose hCaptcha and paste the keys.
3. Enable hCaptcha for the forms you want to protect.
Cloudflare Turnstile

Cloudflare Turnstile is a quite modern CAPTCHA alternative that often works invisibly in the background, without classic image puzzles. Several WPForms guides cover how to enable Turnstile as a built-in CAPTCHA provider.

Benefits of Cloudflare Turnstile:
- Invisible verification – most visitors don’t see any challenge; Turnstile works in the background.
- Higher completion rates – fewer puzzles means less friction and fewer abandoned forms.
- Privacy-friendly design – Turnstile is built to minimize user tracking and profiling compared to traditional CAPTCHAs.
To connect Turnstile:
1. Get Site Key and Secret Key from your Cloudflare Turnstile dashboard.
2. In WPForms → Settings → CAPTCHA, select Cloudflare Turnstile and enter your keys.
3. Enable Turnstile on the forms (contact, registration, checkout, etc.) where you need extra bot protection.
All three CAPTCHA providers can work alongside CleanTalk Anti-Spam, giving you both:
- a front-end bot check (CAPTCHA / Turnstile), and
- deep cloud-based spam filtering in the background.
Honeypot, WPForms Built-In Anti-Spam, Akismet and Third-Party Plugins

Alongside CleanTalk and CAPTCHAs, WPForms and WordPress offer several additional anti-spam layers.

WPForms Anti-Spam Token and Honeypot

By default, WPForms includes:
- an anti-spam token that helps block automated form submissions, and
- an optional honeypot field – a hidden field that humans never see, but bots often fill in.
When a bot fills the honeypot field or fails the token check, WPForms treats the submission as spam and blocks it.

You can control these options in each form’s Settings → Spam Protection and Security section inside WPForms.

Honeypot protection is:
- invisible for normal visitors,
- easy to enable,
- a lightweight extra defense against primitive bots.
Akismet

Akismet Anti-Spam is another popular plugin that filters spam by checking submissions against a global spam database. It is especially useful for blog comments and simple contact forms outside WPForms. If you are looking for a broader option for form protection, see our Akismet alternative for WPForms.

On a site that uses WPForms + CleanTalk you can still use Akismet to:
- keep comment sections clean,
- filter spam from default WordPress forms or other plugins.
To activate Akismet:
1. Install and activate Akismet Anti-Spam from Plugins → Add New.
2. Obtain an API key from Akismet and enter it in the plugin settings.
3. Enable spam checking for the content types you need (comments, possibly other forms).
Other universal anti-spam plugins

Plugins like WP Armour, OOPSpam, Maspik, and Simple CAPTCHA Alternative provide generic honeypot or anti-spam protection for various forms and comment areas across WordPress.

They can be used alongside CleanTalk if you want additional defense for:
- contact forms created outside WPForms,
- comments,
- custom theme forms and widgets.
You can find them via:

Plugins → Add New → Search → “WP Armour” | “OOPSpam” | “Maspik” | “Simple CAPTCHA Alternative”

Install, activate, and configure each plugin according to its documentation.

Frequently Asked Questions (FAQ)
I already use WPForms’ built-in anti-spam. Do I really need CleanTalk?

WPForms includes an anti-spam token and optional honeypot, which is great for stopping very basic bots.
However, they don’t:
- check global spam activity across thousands of sites,
- analyze IP and email reputation,
- or block known spam networks at the cloud level.
CleanTalk adds an extra layer on top of WPForms’ native tools. It filters submissions using a global spam database and the SpamFireWall, so most spam is blocked before it reaches your entries, inbox or CRM.
Will CleanTalk slow down my WPForms submissions?

No. CleanTalk is designed to work in the background and the request to the cloud is lightweight.

From the visitor’s point of view:
- they fill out the WPForms form as usual,
- click submit,
- and either see a normal success message or an anti-spam message if they are blocked.
For normal users, there are no extra steps, pop-ups or CAPTCHAs to solve.
Can CleanTalk protect all my WPForms forms or only the main contact form?

Once the Anti-Spam plugin is installed and connected to the CleanTalk cloud, it can protect any WPForms form that uses the standard WPForms processing flow:
- simple contact forms,
- quote / booking / consultation forms,
- lead generation and newsletter sign-up forms,
- surveys, polls and feedback forms.
You don’t need to add a special field to each form – protection works on the server side.
What happens to blocked WPForms submissions? Are they lost forever?

When CleanTalk blocks a submission, the user is shown an anti-spam message and the entry is not stored as a normal form submission.

However, the attempt is:
- logged in your CleanTalk dashboard with IP, email, date, URL and the reason,
- available for review if you suspect a false positive,
- easy to whitelist (by IP, email, country, etc.) if you decide that a sender is legitimate.
So you still have visibility into what was blocked, but your WPForms entries, inbox and CRM stay clean.
Recommended Anti-Spam Stack for WPForms (2026)

No single tool can block every kind of spam or bad bot. The most reliable approach for WPForms is to build a layered anti-spam stack, where each component handles a different part of the problem.

The key element is the Anti-Spam plugin by CleanTalk, which:
- integrates directly with Contact Form by WPForms,
- uses both application-level checks and the SpamFireWall to block many bots before they reach WordPress.
On top of this, you can combine CAPTCHAs, WPForms’ built-in tools, and moderation policies.

Recommended setup by site type

Business websites and standard contact forms
- CleanTalk Anti-Spam enabled (with SpamFireWall).
- WPForms anti-spam token + honeypot enabled in each important form.
- Optionally, Google reCAPTCHA or Cloudflare Turnstile on high-risk forms (contact, quote, booking).
High-traffic landing pages and lead generation
- CleanTalk Anti-Spam (cloud + plugin).
- Cloudflare Turnstile or reCAPTCHA for minimal-friction verification.
- WPForms honeypot enabled.
- Optional extra filters: block high-risk countries or networks in CleanTalk if you notice patterns in spam logs.
Membership / registration-heavy sites using WPForms
- CleanTalk Anti-Spam to protect registration, login, and profile forms where applicable.
- Cloudflare Turnstile or hCaptcha on registration / login forms for additional protection.
- WPForms built-in spam protection turned on for all authentication forms.
- Optionally, Akismet or other plugins for comments and non-WPForms areas.
By this point, most spam problems in your WPForms contact, lead, survey, and payment forms should be significantly reduced. If you’re still seeing unwanted submissions, simply create a CleanTalk account (or log in to your existing one) and reach out to our support team – we’ll gladly help you fine-tune WPForms spam protection for your specific site.

Stop WPForms spam without hurting conversions

Create your CleanTalk account and connect it to WPForms to block spam contacts, leads, surveys and payment forms — no extra CAPTCHAs and no friction for real users.

API Plugins

CleanTalk Account

No credit card required • Setup takes less than a minute • Your temporary password will be sent by email.
March 9, 2026
wpForo Forum – Spam Protection
CleanTalk added spam protection for wpForo Forum multi-layout bulletin board using direct form integration. So in case, you prefer using wpForo be sure to use the most effective Anti-Spam plugin. Read the guide below and learn 4 steps to protect your wpForo Forms from spam.

Once the CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be wpForo forms but also many others.

Download CleanTalk Anti-Spam plugin | Download wpForo Forum

How to install CleanTalk Anti-Spam plugin

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you know how to completely protect your wpForo Forum plugin from spam.

How to check spam protection for wpForo Forms

You can test the work of Anti-Spam protection for your СonvertKit Forms by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

If you have any questions, add a comment and we will be happy to help you.

Create your CleanTalk account – Register now and protect your СonvertKit Forms from spam in 5 minutes

Update

The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

Additional features
- CleanTalk protects all forms at once: comments, registrations, feedbacks, contacts, reviews.
- Installation takes about 1-2 minutes.
- Smart 99% protection against spambots.
- Always online – 24/7 technical support.
- Logs, SpamFireWall, personal lists, country filters, stop-words, and many others.
Discover CleanTalk Anti-Spam plugin features.
February 19, 2026
User Registration & Membership – Spam Protection Guide in 2026
CleanTalk has added spam protection for the User Registration & Membership WordPress plugin by WPEverest through direct form integration. If you use this plugin, be sure to enable the highly effective CleanTalk Anti-Spam solution. In this post, we also review all anti-spam options available for User Registration & Membership.

User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder

First of all let’s see what this plugin is,

User Registration & Membership by WPEverest is a powerful WordPress plugin for creating custom user registration forms, login pages, and membership websites without coding. It features a drag-and-drop form builder, user profile management, content restriction, and payment integrations for subscription-based sites. Ideal for communities, online courses, and client portals, the plugin helps website owners manage users and memberships efficiently while improving user experience.

According wordpress.org, this plugin is installed on 60,000+ sites. All features of Anti-Spam plugin by CleanTalk for WordPress.

Installing User Registration & Membership

There are few steps to be this plugin installed,
1. Go to WordPress console -> Plugins -> Add plugin, type ‘user’.
2. Install ‘User Registration & Membership’ by WPEverest and activate the plugin.
3. Next you see a setup screen, that can be skipped on this moment.
4. That’s all the plugin is installed!
On the next steps we work with page YOUR-SITE.COM/registration/.

By the if you want place the registration form on another page,
1. Follow to WordPress console -> User Registration & Membership -> Registration form.
2. Copy shortcode like this [user_registration_form id=”8″] from the right/top corner of screen and place on any other page you want to.
Anti-Spam plugin by CleanTalk for WordPress

In beginning a few words about the plugin that we are going to use against spam,

CleanTalk Anti-Spam plugin for WordPress automatically protects your website from spam comments, registrations, contact forms, and fake orders without using CAPTCHA. It uses cloud-based spam detection and real-time databases to block bots in the background while keeping the experience smooth for legitimate visitors.

According wordpress.org, this plugin is installed on 200,000+ web sites. To install the plugin please follow this guide.

The next step is testing the anti-spam protection.

How to check spam protection for User Registration & Membership

We are going to test protection and the most important step in this process to do it as a regular visitor, not as as authorized user/administrator in WordPress console!

Follow this,
1. Jump to YOUR-SITE.COM/registration/ in incognito mode in your browser.
2. Fill up the form using test email address s@cleantalk.org. This is a service email, using which do not cause block listing your IP in CleanTalk’s cloud.
3. You see response from the cloud like this,
*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

That’s all! The protection is active and ready to go. If you have any questions, add a comment and we will be happy to help you. In addition, in the Cloud Dashboard you can find extra details regarding all submissions for registration form.

What additional anti-spam tools are available for User Registration & Membership?

On this day on the market there are a few more tools to protect User Registration & Membership against spam bots. As well as this plugin has some built-in tools. Let’s see what we have,
1. This plugin has built-in integration with Google reCaptcha version 2 and 3. reCAPTCHA by Google helps protect WordPress registration forms from spam by verifying that users are real people using behavioral analysis or interactive challenges. It blocks automated bot sign-ups and reduces fake registrations while allowing legitimate users to register securely.
  The settings located are here WordPress console -> User Registration & Membership -> Registration & Login -> Captcha. The Site and Secret keys are available on website.
2. The next tool is hCaptcha. hCaptcha is a privacy-focused CAPTCHA solution that protects WordPress registration forms from spam by requiring users to complete human verification challenges, helping block automated bot sign-ups. Unlike reCAPTCHA by Google, hCaptcha places stronger emphasis on user privacy and data control, making it a popular alternative for websites that want effective spam protection with less tracking.
  The settings located are here WordPress console -> User Registration & Membership -> Registration & Login -> Captcha. The Site Key and Secret key are available on website.
3. Next is Turnstile by Cloudflare. It protects WordPress registration forms from spam by automatically verifying visitors using browser and behavioral signals without showing CAPTCHA challenges. Unlike reCAPTCHA, Turnstile is designed to be privacy-friendly and frictionless, reducing spam registrations while keeping the signup process seamless for real users.
  The settings located are unde same path as tools before WordPress console -> User Registration & Membership -> Registration & Login -> Captcha. The Site Key and Secret key are available on website.
4. There are also bunch of universal anti-spam plugins like Simple CAPTCHA Alternative by Elliot Sowersby, WP Armour and etc. All of them can be found on wordpress.org.
As my research shows there is no plugins or direct integration with Akismet.

I have questions…

What if I don’t use User Registration & Membership plugin, but still have spam registrations (users)?

In this case, Anti-Spam by CleanTalk is the best way to get rid of standard wordpress registration forms spam.

Does this guide work for WPforo plugin?

No, it does not. Read this guide instead to protect WPforo Forum against spam registrations.

How about spam protection for s2Member plugin?

Please use another guide in order of s2member spam protection.

Final thoughts

I hope this guide helped resolve all spam issues on your registration form. If not, Sign Up for an account and our CleanTalk team will be happy to help.
February 15, 2026
Spam Protection – S2Member Memberships
If you prefer to use s2Member Memberships & Subscriptions registration form be sure to use the most effective Anti-Spam plugin. Read the guide below and learn 4 steps to protect your s2Member Registration Forms from spam.

Once the CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be registration forms but also contact forms and many others.

CleanTalk Anti-Spam plugin for WordPress | Download s2Member Registration Form plugin

How to install CleanTalk Anti-Spam plugin

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you How to completely protect your s2Member Registration Form from spam.

Check the result to save your s2Member Registration Form from spam

You can test the work of Anti-Spam protection for your s2Member Registration Form by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

If you have any questions, add a comment and we will be happy to help you.

Create your CleanTalk account – Register now and protect your s2Member Registration Form from spam in 5 minutes

Update

The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

Additional features
- CleanTalk protects all forms at once: comments, registrations, feedbacks, contacts, reviews.
- Installation takes about 1-2 minutes.
- Smart 99% protection against spambots.
- Always online – 24/7 technical support.
- Logs, SpamFireWall, personal lists, country filters, stop-words, and many others.
Discover the complete list of CleanTalk Anti-Spam plugin features here.
February 15, 2026
Stop Fake Emails: CleanTalk’s New Non-Existent Email Notification
Spammers often use fake email addresses to hide their identities and avoid consequences for their actions. This can lead to a deluge of spam comments, registrations, and other unwanted activity on your website. To combat this, CleanTalk Anti-Spam has always had a powerful feature: Non-Existent Email Notification. But now, this feature has evolved to a new form—to be useful not only for site owners but also for site visitors!

Now, if the email you’ve entered into a form is somehow non-existent (for example, you made a typo in it), you’ll see it right away. No confusion, no hassles, no pain!

How it Works:

When a user submits a form (such as a comment or registration form) on your website, CleanTalk’s system instantly checks the validity of the provided email address. If the email address is found to be non-existent or invalid, the user will receive an immediate notification.

An email is existent.

An email is non-existent.

Benefits:
- Real-time feedback: This provides immediate alerts as you type, highlighting potential errors or typos in your email address.
- Simple visual cues: Clear indicators like checkmarks or warning icons can quickly show whether an email address is valid or invalid.
Experience the Difference

By implementing CleanTalk’s Non-Existent Email Notification feature, you can significantly enhance the usability of your website while minimizing the impact of spam, and a new aspect of this feature provides even more comfort for your visitors!
December 28, 2024
How to Install the Universal Anti-Spam Plugin by CleanTalk on vBulletin 6
Universal Anti-Spam plugin can be installed on any custom websites, CMS, and Frameworks including vBulletin 6. If you don’t have programming experience to add our API on a website it will be a better way to protect your website from spam with Universal Anti-Spam Plugin by CleanTalk. Invisible to the visitors, spam protection has a positive effect on the loyalty of the site’s audience. Read more about all CleanTalk anti-spam features.

Setting up vBulletin 6 spam protection
1. Download Universal Anti-Spam plugin.
2. Go to your Anti-Spam dashboard.
3. Backup copies of your forum files and database.
4. Download (the link is at the top of this page) and unzip the “cleantalk” folder into your website’s ROOT folder.
5. Proceed to address (your_website_name/cleantalk/install.php):
6. Input the following:
  - Your CleanTalk account email. If you do not have a CleanTalk account yet you can create one manually by clicking the button “Don’t have an account? Create here!“.
  - A password for the Universal settings page. Please, do not forget to save the password for future usage.
  - Universal Anti-Spam plugin will write protection code to the index.php file by default. If your contact or registration forms are located in different files/scripts, list them separated by commas in the “Additional scripts” (3) in the “Advanced configuration” (1) section.
  - The access key generated for your website in case you already added a website to your CleanTalk account (2).
  After that, you can click the button “Install” to continue with the installation or enter your e-mail to register a CleanTalk profile and continue with the installation.
  
  At the end of the successful installation, you will see this message:
7. You can test any form on your website by using special e-mails stop_email@example.com or s@cleantalk.org. Every submission with this email will be blocked. There is an example of a site registration interface on the image.
How to Add Website to CleanTalk Anti-Spam Dashboard

Please, use this guide to add a website to your CleanTalk Anti-Spam Dashboard.

Сongratulations! vBulletin 6 spam protection setup is complete!

To enter the plugin settings go to (your_website_name/cleantalk/settings.php). Here you can manage the plugin options, see statistics, and uninstall the plugin.

Please go to your Dashboard to see your Anti-Spam status, add new websites or manage existing ones!
September 18, 2024
Otter Blocks Spam Protection for WordPress
CleanTalk added spam protection for Otter Blocks using direct form integration. So in case, you prefer using this type of contact forms be sure to use the most effective Anti-Spam plugin. Read the guide below and learn 4 steps to protect all your contact forms from spam.

Once the CleanTalk Anti-Spam plugin is installed it starts to protect all of the existing forms on your WordPress website. It may not only be Otter Blocks Forms but also many others.

Download CleanTalk Anti-Spam plugin | Download Otter Blocks

How to install CleanTalk Anti-Spam plugin

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «CleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s it! From now you How to completely protect your Contact Forms from spam.

How to check Otter Blocks Forms Spam Protection

You can test the work of Anti-Spam protection for your Contact Forms by using a test email s @ cleantalk.org (without spaces). First, open the form in an Incognito browser tab. Fill in all the required form fields and send a form. After submitting the form, you will see a block message about the block on the form submission.

otter blocks forms

If you have any questions, add a comment and we will be happy to help you.

Create your CleanTalk account – Register now and protect your Contact Forms from spam in 5 minutes

Update

The protection works only for website visitors, not for website admins. Be sure to test the form protection using Incognito mode.

Additional features
- CleanTalk protects all forms at once: comments, registrations, feedbacks, contacts, reviews.
- Installation takes about 1-2 minutes.
- Smart 99% protection against spambots.
- Always online – 24/7 technical support.
- Logs, SpamFireWall, personal lists, country filters, stop-words, and many others.
Discover the complete list of CleanTalk Anti-Spam plugin features here.
September 6, 2024