Tag: Anti-Spam Plugins

If you use WPForms for contact forms, lead generation, surveys, or payment forms, you will eventually face spam – fake submissions, junk leads, and bot activity.

This guide explains how to set up WPForms spam protection using:

• the Anti-Spam plugin by CleanTalk with a direct integration for WPForms, and
• additional tools like Google reCAPTCHA, hCaptcha, Cloudflare Turnstile, honeypots and third-party anti-spam plugins.

The integration protects WPForms forms such as:

• simple contact forms,
• marketing and lead forms,
• “Request a quote” and booking forms,
• registration / login / newsletter forms (where used with WPForms).

WPForms continues to handle the form UI and workflow, while CleanTalk filters spam in the background without adding CAPTCHAs to every form.

WPForms – Easy Form Builder for WordPress

First, let’s quickly look at WPForms itself and the types of sites that rely on it.

WPForms is a popular drag-and-drop form builder plugin for WordPress that lets you create:

• contact and feedback forms,
• quote and booking forms,
• newsletter and marketing forms,
• payment / donation forms (Stripe, PayPal, etc.),
• surveys, polls, and custom calculators,
• login, registration, and other application-style forms.

Out of the box WPForms provides:

• a visual drag-and-drop builder and 2000+ pre-built form templates,
• responsive, mobile-friendly layouts,
• built-in spam protection (anti-spam token and optional honeypot),
• integrations with major email marketing services and CRMs,
• payment integrations with Stripe, PayPal, Square, and others.

Because WPForms forms are often publicly accessible (contact pages, landing pages, sign-up forms), they become an easy target for spam bots and human spammers. That’s why it’s important to have a reliable WPForms spam protection setup from the beginning.

As WordPress.org shows, WPForms Lite is currently active on over 6 million websites and has 14,274 user reviews with an average rating of 4.8 out of 5.

Plugin Homepage at wordpress.org | Website wpforms.com

Install WPForms and create your first form

You can set up WPForms in just a few steps:

1. In your WordPress admin go to
   Plugins → Add New and search for “WPForms”.

2. Click Install and then Activate the plugin.
3. Customize the fields as needed and click Save.
4. Embed the form on a page using the WPForms block in the editor or the form shortcode.

After that, your first WPForms form is live and ready to accept submissions.

Anti-Spam plugin by CleanTalk for WordPress

The next tool we’re going to use is the Anti-Spam plugin by CleanTalk.
Here’s a brief overview:

• CleanTalk is a cloud-based spam protection platform for websites, operating since 2012.
• It filters spam without CAPTCHAs, challenge questions or image puzzles, so visitors don’t have to solve anything extra.
• It protects many kinds of forms: comments, user registrations, contact forms, orders, subscriptions, surveys, and more.
• It blocks both automated bots and human spammers using advanced filtering algorithms and data from a global spam database.
• It detects spam based on IP reputation, email reputation and behavioral patterns.
• It allows you to set custom rules and block by IP, email address, country or language when needed.
• It runs quietly in the background, and the plugin is straightforward to install and configure.

According to WordPress.org, Anti-Spam by CleanTalk for WordPress has over 200,000 active installations, with 3,168 reviews and an average rating of 4.7.

Plugin Homepage atcleantalk.org | Latest release at GitHub.com | Website cleantalk.org

Install the CleanTalk Anti-Spam plugin

To install the Anti-Spam plugin, go to your WordPress admin panel → Plugins → Add New.

Then enter «СleanTalk» in the search box and click the Install button for «Spam protection, Anti-Spam, FireWall by CleanTalk».

After installing the plugin, click the «Activate»‎ button.

After it is done go to the plugin settings and click the «Get Access Key Automatically» button. Then just click the «Save Settings»‎ button.

That’s all –  WPForms are now protected From this moment,CleanTalk automatically protects the  WPForms registration form (REST route /wp-json/wpformspress/v1/users/), and the Add Listing form used to submit new listings.

You don’t need to paste any shortcodes – just use  WPForms as usual, and CleanTalk will filter spam in the background.

Check if spam protection works with WPforms.

The best way to text the spam protection by using a test email,

stop_email@example.com

1. Open a page with a WPForms (for example, the registration popup or the Add Listing form) in an Incognito / private browser tab.
2. Fill out the Contact form using stop_email@example.com as sender’s email.
3. Send the form.
4. You should see a message from the Anti-Spam plugin confirming that a spam submission was blocked.

*** Forbidden. Sender blacklisted. Anti-Spam by CleanTalk. ***

If you see this message, it means CleanTalk successfully protects your WPForms (registration and Add Listing) from spam.

Cloud Dashboard

In addition, in the Cloud Dashboard you can find extra details regarding all submissions processed by CleanTalk, including WPForms registration and Add Listing forms:

• IP and email of the sender, as well as the sender’s activity history across other websites connected to the CleanTalk cloud.
• Geolocation of the sender.
• Date and time of the submission.
  Page (URL) where the form was submitted (for example, a specific listing submission page).
• Cloud decision – Approved or Denied.
• Cloud explanation for the decision (e.g. blacklisted email, bad IP reputation, spam text, etc.).
• Tools to move the sender to Block or Allow lists so you can fine-tune  WPForms spam protection.

Google reCAPTCHA, hCaptcha, and Cloudflare Turnstile in WPForms

In addition to CleanTalk, WPForms itself supports several CAPTCHA and anti-bot services:

• Google reCAPTCHA,
• hCaptcha,
• Cloudflare Turnstile.

These services act as a visible or invisible verification layer on top of your forms, while CleanTalk continues to filter spam submissions in the background.

Google reCAPTCHA (WPForms integration)

WPForms has built-in support for Google reCAPTCHA (v2 Checkbox, v2 Invisible, and v3):

1. Register your website in the Google reCAPTCHA admin console and generate a Site Key and Secret Key.
2. In WordPress go to WPForms → Settings → CAPTCHA.
3. Choose reCAPTCHA as the provider and paste your keys.
4. Select which reCAPTCHA type you want to use (checkbox, invisible, or v3 score-based).
5. Edit your forms and enable reCAPTCHA where needed (WPForms shows a toggle or field depending on the type).

reCAPTCHA helps block obvious automated submissions by requiring users to solve a challenge or by scoring their behavior, while CleanTalk still checks the content and sender reputation.

hCaptcha

WPForms also supports hCaptcha as a privacy-focused alternative to Google reCAPTCHA:

Key benefits of hCaptcha compared to reCAPTCHA:

• Stronger focus on privacy – hCaptcha collects less user tracking data, which is important for privacy-oriented and GDPR-sensitive projects.
• Less dependence on Google – useful for brands that prefer to minimize their reliance on Google infrastructure.
• Optional monetization options for some hCaptcha plans, which reCAPTCHA doesn’t provide.

To use hCaptcha with WPForms:

1. Obtain Site Key and Secret Key from the hCaptcha dashboard.
2. Go to WPForms → Settings → CAPTCHA, choose hCaptcha and paste the keys.
3. Enable hCaptcha for the forms you want to protect.
   

Cloudflare Turnstile

Cloudflare Turnstile is a quite modern CAPTCHA alternative that often works invisibly in the background, without classic image puzzles. Several WPForms guides cover how to enable Turnstile as a built-in CAPTCHA provider.

Benefits of Cloudflare Turnstile:

• Invisible verification – most visitors don’t see any challenge; Turnstile works in the background.
• Higher completion rates – fewer puzzles means less friction and fewer abandoned forms.
• Privacy-friendly design – Turnstile is built to minimize user tracking and profiling compared to traditional CAPTCHAs.

To connect Turnstile:

1. Get Site Key and Secret Key from your Cloudflare Turnstile dashboard.
2. In WPForms → Settings → CAPTCHA, select Cloudflare Turnstile and enter your keys.
3. Enable Turnstile on the forms (contact, registration, checkout, etc.) where you need extra bot protection.

All three CAPTCHA providers can work alongside CleanTalk Anti-Spam, giving you both:

• a front-end bot check (CAPTCHA / Turnstile), and
• deep cloud-based spam filtering in the background.
  

Honeypot, WPForms Built-In Anti-Spam, Akismet and Third-Party Plugins

Alongside CleanTalk and CAPTCHAs, WPForms and WordPress offer several additional anti-spam layers.

WPForms Anti-Spam Token and Honeypot

By default, WPForms includes:

• an anti-spam token that helps block automated form submissions, and
• an optional honeypot field – a hidden field that humans never see, but bots often fill in.

When a bot fills the honeypot field or fails the token check, WPForms treats the submission as spam and blocks it.

You can control these options in each form’s Settings → Spam Protection and Security section inside WPForms.

Honeypot protection is:

• invisible for normal visitors,
• easy to enable,
• a lightweight extra defense against primitive bots.

Akismet

Akismet Anti-Spam is another popular plugin that filters spam by checking submissions against a global spam database. It is especially useful for blog comments and simple contact forms outside WPForms.

On a site that uses WPForms + CleanTalk you can still use Akismet to:

• keep comment sections clean,
• filter spam from default WordPress forms or other plugins.

To activate Akismet:

1. Install and activate Akismet Anti-Spam from Plugins → Add New.
2. Obtain an API key from Akismet and enter it in the plugin settings.
3. Enable spam checking for the content types you need (comments, possibly other forms).
   

Other universal anti-spam plugins

Plugins like WP Armour, OOPSpam, Maspik, and Simple CAPTCHA Alternative provide generic honeypot or anti-spam protection for various forms and comment areas across WordPress.

They can be used alongside CleanTalk if you want additional defense for:

• contact forms created outside WPForms,
• comments,
• custom theme forms and widgets.

You can find them via:

Plugins → Add New → Search → “WP Armour” | “OOPSpam” | “Maspik” | “Simple CAPTCHA Alternative”

Install, activate, and configure each plugin according to its documentation.

Frequently Asked Questions (FAQ)

I already use WPForms’ built-in anti-spam. Do I really need CleanTalk?

WPForms includes an anti-spam token and optional honeypot, which is great for stopping very basic bots.
However, they don’t:

• check global spam activity across thousands of sites,
• analyze IP and email reputation,
• or block known spam networks at the cloud level.

CleanTalk adds an extra layer on top of WPForms’ native tools. It filters submissions using a global spam database and the SpamFireWall, so most spam is blocked before it reaches your entries, inbox or CRM.

Will CleanTalk slow down my WPForms submissions?

No. CleanTalk is designed to work in the background and the request to the cloud is lightweight.

From the visitor’s point of view:

• they fill out the WPForms form as usual,
• click submit,
• and either see a normal success message or an anti-spam message if they are blocked.

For normal users, there are no extra steps, pop-ups or CAPTCHAs to solve.

Can CleanTalk protect all my WPForms forms or only the main contact form?

Once the Anti-Spam plugin is installed and connected to the CleanTalk cloud, it can protect any WPForms form that uses the standard WPForms processing flow:

• simple contact forms,
• quote / booking / consultation forms,
• lead generation and newsletter sign-up forms,
• surveys, polls and feedback forms.

You don’t need to add a special field to each form – protection works on the server side.

What happens to blocked WPForms submissions? Are they lost forever?

When CleanTalk blocks a submission, the user is shown an anti-spam message and the entry is not stored as a normal form submission.

However, the attempt is:

• logged in your CleanTalk dashboard with IP, email, date, URL and the reason,
• available for review if you suspect a false positive,
• easy to whitelist (by IP, email, country, etc.) if you decide that a sender is legitimate.

So you still have visibility into what was blocked, but your WPForms entries, inbox and CRM stay clean.

Recommended Anti-Spam Stack for WPForms (2026)

No single tool can block every kind of spam or bad bot. The most reliable approach for WPForms is to build a layered anti-spam stack, where each component handles a different part of the problem.

The key element is the Anti-Spam plugin by CleanTalk, which:

• integrates directly with Contact Form by WPForms,
• uses both application-level checks and the SpamFireWall to block many bots before they reach WordPress.

On top of this, you can combine CAPTCHAs, WPForms’ built-in tools, and moderation policies.

Recommended setup by site type

Business websites and standard contact forms

• CleanTalk Anti-Spam enabled (with SpamFireWall).
• WPForms anti-spam token + honeypot enabled in each important form.
• Optionally, Google reCAPTCHA or Cloudflare Turnstile on high-risk forms (contact, quote, booking).

High-traffic landing pages and lead generation

• CleanTalk Anti-Spam (cloud + plugin).
• Cloudflare Turnstile or reCAPTCHA for minimal-friction verification.
• WPForms honeypot enabled.
• Optional extra filters: block high-risk countries or networks in CleanTalk if you notice patterns in spam logs.

Membership / registration-heavy sites using WPForms

• CleanTalk Anti-Spam to protect registration, login, and profile forms where applicable.
• Cloudflare Turnstile or hCaptcha on registration / login forms for additional protection.
• WPForms built-in spam protection turned on for all authentication forms.
• Optionally, Akismet or other plugins for comments and non-WPForms areas.
  

By this point, most spam problems in your WPForms contact, lead, survey, and payment forms should be significantly reduced. If you’re still seeing unwanted submissions, simply create a CleanTalk account (or log in to your existing one) and reach out to our support team – we’ll gladly help you fine-tune WPForms spam protection for your specific site.

---