How to Successfully Stop Spam on Elementor Contact Forms

Spam. It’s one of those words that provokes instant irritation, and with good reason. Put simply, spam is unwanted forms of communication, including emails, texts, and even comments on social media and websites. These messages are unsolicited and are generally sent to large numbers of people or repeated regularly. Everyone has encountered online spam at some point, and it can be even more frustrating to experience when you manage a website or a blog.

If you use Elementor forms, you may already have experienced spam submissions. Spammers typically use pre-programmed bots to create thousands upon thousands of form submissions designed to drive you toward a target. Often the goal is to simply drive traffic towards the target page. But sometimes, the spam will send recipients to a malicious website, such as a phishing page designed to steal login information.

As you can see, these spam submissions can cause a real problem. They can slow down your website, impacting the visitor experience. They can clog your inbox, taking up serious amounts of admin time, and they can even directly compromise security measures. 

Getting a handle on spam is important for any website owner, and spam management can be done efficiently using the right tools. In this article, we’ll explore four ways you can successfully stop spam on Elementor contact forms, using tools like Shield Security PRO. 

1. Set up a honeypot for a first line of defence

Honeypots are a clever tool to help defend against spam when using web contact forms. They are simple to implement, and can provide an effective defence without impacting the user experience. 

Put simply, honeypots involve adding an invisible field to a contact form. The field isn’t displayed to ordinary users, and therefore isn’t filled out when a form is completed. But spambots don’t operate in the same way as a human user, and instead will fill out all available fields, making a honeypot the perfect trap to catch bot spam in the act. 

When the field is left clear, the submission is considered valid, and makes its way through the system as usual. If, however, the field is checked, it’s assumed that the action was carried out by a bot, and the submission will be rejected as a result.

Elementor includes an option to add a honeypot to its forms, helping to filter out unwanted spam messages. Here’s how to do so: 

1. Open the Elementor form-builder widget for the form you’d like to edit and navigate to Form Fields. 
2. Add a field.
3. In “Type” select “Honeypot.” 
4. Save your form. 
5. Check your form from the front end – if your form comes through with the honeypot field blank, your work was successful! 

Honeypots make an excellent first line of defence against spam bots, but as we all know, more than one solution is needed to help maintain effective cybersecurity.

2. Using maths questions to stump bots

Similar to the honeypot approach, you can use a maths question to stump bots and prevent spam on your Elementor forms. Adding a simple maths question when you customise your Elementor forms, such as “What is 2+3?” is a fantastic way to flag bots. Just as with the honeypot, most bots will be trained to give some kind of answer to every field on the form. However, spammers can’t design bots to answer every conceivable simple maths question a form might contain. 

As a result, bots will almost certainly get the question wrong, meaning that when you’re reviewing the spam, you’ll be able to quickly spot the issue. Humans may get the answer wrong as well – after all, even simple maths can present issues for users with visual processing issues, or those who are simply reading or typing quickly. However, when humans get the maths wrong, it will typically be a number that’s at least close to the right answer. Bots will be way off, answering with text or nonsense. 

Setting this up is similar to the process above: 

1. Open the Elementor form-builder widget for the form you’d like to edit and navigate to Form Fields. 
2. Add a field. 
3. In “Type” select “Text” 
4. Fill in the field with your preferred maths question.
   1. Remember to keep it simple in order to be accessible to as many human users as possible. 
5. Save your work.
6. Check your form from the front end to see that your question appears. 

3. Verify human users with Google reCAPTCHA 

Google reCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a Completely Automated Public Turing test to tell Computers and Humans Apart. Used to detect bots, it is an effective tool that many web users are now familiar with using.

As part of its spam-blocking features, Elementor has a built-in system for adding reCAPTCHA to your website. Broadly speaking, to do this you need to: 

1. Create a reCAPTCHA for your website using the Google reCAPTCHA tool. 
2. Add website information as needed for the version you’ve chosen. 
3. The tool will give you keys for adding your reCAPTCHA to your site, which you’ll add to Elementor by going to WordPress Dashboard → Elementor → Settings → Integrations.
4. Save changes, and navigate to the page where your form lives. 
5. Open the form widget, and add a new field, selecting “reCAPTCHA” for the field type. 
6. Save your work and check it from the front end. 

Breaking down reCAPTCHA: v2 vs. v3

Some of the details for this process will vary a bit depending on if you’re using reCAPTCHA v2 or v3. You can check out Elementor’s guide to adding reCAPTCHA for more details on the different workflows. Here’s some information you can use to determine which version is right for your site: 

• reCAPTCHA v2 requires checking a box to open a maths problem or simple visual task that needs solving to ensure successful submission.
• reCAPTCHA v3 is an invisible, behaviour-based element that tracks a website user’s behaviour, assigning a score to that user based on their actions. Score limits are set by the webmaster, and if a user goes above an acceptable score, they are flagged, challenged or blocked.

Pros and Cons of using reCAPTCHA
Pros	Cons
Enhances security by effectively blocking automated attacks and spam.	Many users find them a nuisance or challenging to use.
Continuously improves through AI and machine learning.	Can pose accessibility issues for users with disabilities.
Requires minimal maintenance once implemented.	Data collection by Google can cause potential privacy issues.
A trusted tool used by many websites globally.	Can cause some legitimate users to be flagged as bots.
A free service for website owners.	Some versions of reCAPTCHA may not be user-friendly when using mobile devices.
Easy integration with other Google services.	Google-dependent, meaning users must rely on Google’s services and policies.
Provides data insights into traffic and potential threats.	Can slow down webpage loading times.
Is customisable to meet a website’s existing aesthetic and functionality.	Not accessible in countries where Google is blocked.

4. Use advanced spam-blocking tactics with Shield Security PRO

Shield Security PRO is an effective solution for blocking spam using features that go beyond simple security alerts to help you secure your website, with an add-on that integrates easily with Elementor contact forms. 

Getting everything set up is as simple as downloading and activating the Shield Security PRO plugin – once you’ve enabled the Elementor integration, it will start working to detect and block bots across your website, halting most form submission spam in its tracks. 

Shield Security PRO uses its unique AntiBot Detection Engine to identify malicious users on your site. It looks for behaviours bad bots will display as they’re probing for vulnerabilities, such as repeated login attempts. Then it keeps track of those behaviours, and if a particular visitor passes the acceptable threshold, their IP address is blocked from the site. 

This all happens in the background, which helps maintain the user experience, providing an advantage over traditional CAPTCHA tools. Moreover, it’s WordPress-specific, giving it an edge even over reCAPTCHA v3. Plus it can also allow users to automatically unblock themselves via email if Shield Security PRO incorrectly flags them as a bot – a valuable tool for users and web admins alike. Using Shield Security PRO can boost websites by providing a spam-free environment that can help increase conversion rates. 

But it doesn’t end there. Shield Security PRO has excellent spam prevention benefits, but it also comes with many other features, including:

• Malware and vulnerability scanners.
• Login protections like 2FA and Passkeys. 
• Option to white label the plugin for branding purposes. 

To experience all of these benefits, users will need to install and activate both Shield Security PRO, then from their WordPress dashboard, go to Shield → Config → Integrations → Contact Form SPAM Checking and select the Elementor contact form, then save your settings.  

Preventing common Elementor contact form spam issues

Elementor is one of the most popular tools used by WordPress website owners and has been used to build 9.9% of all websites online. While it provides simplicity and functionality to help users create online forms, Elementor WordPress forms remain a common target for spam. This can cause multiple issues for website owners, including cluttered mailboxes, malicious links, and missed legitimate messages. 

Blocking bad bots will limit many of these issues, but you can also: 

• Set up a dedicated email address for your contact form.
• If you experience a wave of spam, you may want to make your audience aware, either through social media or email, that messages may have been missed. You can ask them to resend if they haven’t received a response.
• Provide in-depth cybersecurity training to your employees who access contact form submissions on safe cybersecurity practices, especially how to detect and avoid suspicious links from unknown sources.

Next steps to fortify your Elementor forms against spam

Cybersecurity is an ongoing concern for website owners, with spam being an issue that not only takes time and energy to resolve, but can also impact website user experience. Using tools such as Google’s reCAPTCHA or Shield Security PRO can help reduce spam and provide a better experience for all users. 

For comprehensive protection, Shield Security PRO is a stand-out product that goes beyond spam prevention to boost cybersecurity overall. To explore the full benefits of Shield Security PRO, download the plugin and get started today.