Your website’s contact form is more than just a feature—it’s a crucial bridge between you and your visitors. It plays a vital role in collecting leads, building relationships, and gathering feedback. That’s why having user-friendly contact forms is so important.
Elementor’s form builder makes it easy to create beautiful, user-friendly forms, but spam can turn those carefully crafted forms from an asset into a nuisance.
That’s where this post comes in.
In it, we’ll discuss why Elementor contact forms get spammed and which two methods you can use to stop spam in its tracks.
Let’s dive in!
Table of contents
Why are Elementor Contact Forms spammed?
Elementor forms are no different from any other forms you add to your website, so the reasons they might be spammed are the same as for other contact form plugins. And there are plenty of them…
Contact forms offer a method of contacting a website’s owner or administrator. And if there’s a way of getting a message in front of someone, you better believe a spammer will find it and use it to promote something. This could include things like products, services, or webpages, often with the goal of making money.
However, the reasons for spam emails aren’t limited to mere promotion. It can also be used to deliver malware, send mass phishing emails, or even to sabotage your business by flooding your inbox, preventing you from receiving messages from real customers.
Ultimately, most spam is sent with the goal of making money – whether through the promotion of real products/services or more nefarious means.
Why is it important to stop contact form spam in Elementor?
Spam may seem like a minor nuisance at first, but it can cause some major issues if not dealt with. Some important reasons to mitigate contact form spam sent through your Elementor forms include:
- Preserve website performance: A flood of spam submissions can slow down your site or, in extreme cases, lead to server overload.
- Boost productivity: Filtering through spam wastes valuable time and distracts from genuine inquiries.
- Protect against phishing attacks: Spam emails can contain links to phishing sites designed to steal sensitive information.
- Minimize malware risks: Spam is often used as a vector to spread malicious software.
- Maintain accurate metrics: Spam skews contact form data, making it harder to track legitimate leads and conversions.
Method 1: Stopping Spam Using a CAPTCHA Plugin
Most spam is sent by bots so stopping bots is by far the most effective way of reducing the number of spam form submissions you receive. And when it comes to stopping bots, almost nothing beats CAPTCHA.
CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. And it does exactly that!
CAPTCHA works by asking a person or bot to complete a challenge before submitting your form. These challenges usually consist of clicking on images that depict something specific while not clicking on others.
It’s not easy to build a bot that can solve these challenges but they’re very easy for humans to complete. By only submitting forms where the CAPTCHA has been completed successfully, you can prevent a large chunk of the automated form submissions you receive.
Some CAPTCHA solutions go a step further and try to detect the likelihood of a user being a bot based on their browsing behavior. These solutions will only show the challenge to those bots or users whose browsing behavior is similar to that of a bot.
Different Types of CAPTCHA
There are a few different types of CAPTCHA that are commonly used today. Three of the most common ones include:
ReCAPTCHA
ReCAPTCHA is Google’s CAPTCHA solution, and it’s the most commonly used solution today. There are three versions:
- reCAPTCHA v2: This version requires users to solve visual challenges, such as selecting images with specific objects.
- reCAPTCHA v2 (I’m not a robot): Requires users to tick a checkbox verifying they are not, in fact, a robot.
- reCAPTCHA v3: This is a more advanced version that doesn’t require user interaction. Instead, it runs in the background and assigns a “risk score” to form submissions, only challenging users if the score indicates suspicious behavior.
hCAPTCHA
hCAPTCHA is similar to reCAPTCHA in that it also works with images. However, hCAPTCHA is considered more privacy-friendly than reCAPTCHA, as it collects less user data. The challenges are also considered slightly harder, making it more effective at blocking bots but also slightly harder for users to complete.
Cloudflare Turnstile
Cloudflare Turnstile is one of the most user-friendly options, designed to be as easy as possible for humans but hard for bots. It integrates well with WordPress and offers a highly effective yet less obtrusive spam prevention solution compared to other providers.
Implementing CAPTCHA on your Elementor Contact Forms Using CAPTCHA 4WP
When it comes to adding CAPTCHA to your Elementor forms, our very own anti-spam plugin CAPTCHA 4WP is a superb option. CAPTCHA 4WP allows you to choose the type of CAPTCHA you want to implement, be it reCAPTCHA v2/v3, hCAPTCHA, or Cloudflare Turnstile.
It also comes with many customization options and a failover feature, so you can ensure false positives don’t lead to missed messages or income. Most importantly, it works on all your WordPress forms, meaning it’s not just limited to Elementor.
It’s also very easy to set up…
Downloading the plugin files
First, choose the plan you want and sign up. Plans start from as little as $14 per year and they all come with a 30-day money-back guarantee. Once you’ve signed up, you’ll be sent an email with a step-by-step guide showing you how to download the plugin files.
Installing the plugin
Once you’ve downloaded the plugin files, it’s time to install them. Go to your WordPress website dashboard and navigate to the Add New Plugin section (Dashboard > Plugins > Add New Plugin).
Now, click on Upload Plugin > Choose File to upload the plugin files.
Once the plugin files are done uploading, click on Activate Plugin to activate the plugin and start the setup wizard.
Follow the setup wizard
The setup wizard will first prompt you to enter your license key.
After clicking on Activate License you’ll see the following prompt:
After clicking on next, you’ll be able to select the type of CAPTCHA you want to use. I’ll be using hCAPTCHA in this example, but feel free to select a different option.
In the next step, you’ll be asked to insert your hCAPTCHA keys. To do this, you first need to generate hCAPTCHA keys. Go to the hCAPTCHA website and sign up by clicking on the Sign Up button at the top right of the page.
After following the prompts to create an account, you should end up on the following page:
Click on Generate to get your secret key.
You now have both a site key and a secret key. Head back over to the tab with your WordPress site, enter your site key, and click on Proceed to secret key.
Next, enter your secret key and select Validate & proceed.
Adding hCAPTCHA to your Elementor form
There are just a few more steps you need to take in order to add hCAPTCHA to your Elementor form using CAPTCHA 4WP.
We have a detailed guide in our knowledge base that shows you how to add CAPTCHA to a WordPress website form. After installing and configuring the plugin, you can follow this guide to get hCAPTCHA working on your Elementor form.
Method 2: Adding reCAPTCHA using Elementor’s built-in CAPTCHA integration
Elementor also has a built-in reCAPTCHA integration that allows you to add reCAPTCHA to your forms. This can be a good option for smaller websites that don’t need the same level of control/customization or protection that third-party plugins offer.
Keep in mind that this solution only adds reCAPTCHA to Elementor forms and can’t be used for other forms/pages on your site. If you’d like to protect other forms on your site from spam, a third-party plugin like CAPTCHA 4WP might be a better option.
To use Elementor’s built-in CAPTCHA integration, first generate your Google reCAPTCHA keys.
Then, in WordPress, go to Dashboard > Elementor > Settings > Integrations. Enter your newly generated API keys under the reCAPTCHA section and click Save Changes.
Next, navigate to your form (or create a new form) and edit your Form Fields. Then, simply select reCAPTCHA under Type to add reCAPTCHA to the form. The reCAPTCHA integration should now be added to your form. Click Save, and you’re ready to rock. It’s that easy!
Other Methods of Stopping Elementor Contact Form Spam
CAPTCHA is generally considered the best method for preventing spam, including contact form spam. However, there are many other controls you can implement to reduce spam sent through your Elementor contact form(s).
Honeypot
A honeypot is an extra form field that is hidden on the screen but that’s visible to bots. Since many spam bots automatically fill in every single form field, they also fill in the honeypot field. This is a clear sign that it’s a bot filling in the form since normal users don’t see the field and therefore can’t fill in this field.
By blocking all form submissions where the honeypot field is filled in, you can stop (some) bots in their tracks.
The upside of using a honeypot is that it’s a very easy security control to implement. It’s also great to use together with other spam prevention controls like CAPTCHA to add a second layer of security.
However, it does have its downsides too. Most notably that it doesn’t work too well for more sophisticated bots.
Math question
Asking the user to answer a simple question before submitting a form can be used as an alternative to CAPTCHA. This can stop basic bots but isn’t very effective at stopping advanced bots – even when used together with other controls like a honeypot.
This solution also comes with some accessibility concerns. CAPTCHA solutions generally offer an alternative challenge for people with visual impairments but this isn’t the case for maths questions. This can prevent visually impaired people from submitting your content forms.
Adding a math question to Elementor forms is very easy using a feature built into Elementor’s form builder. However, given the drawbacks, we don’t recommend this option.
Frequently Asked Questions
There are many steps you can take to stop spam from being submitted through your Elementor contact form. Implementing a CAPTCHA solution is generally considered the most effective option, but you can also use a honeypot, a maths question, or manually block certain bots from spamming your forms. It’s often best to combine multiple methods for the best results.
One of the easiest and most effective ways of filtering spam in your Elementor forms is by using a plugin like CAPTCHA 4WP. This plugin can help you implement the right CAPTCHA solution for your site and filter out any spam form submissions by bots. Alternatively, Elementor has built-in reCAPTCHA integration that can help reduce spam form submissions with reCAPTCHA.
There are also true spam filters you can implement on your WordPress website to stop unsolicited messages.
To be able to use Elementor’s form builder, you need Elementor Pro which is the premium version. Elementor Pro starts at $49 and comes with a range of different features, one of which is the Form Builder.
This post is specifically geared towards stopping spam contact form submissions in Elementor and not general WordPress contact forms. Our guide on stopping WordPress contact form spam is a good resource for stopping general WordPress contact form spam.
Spam protection refers to all of the measures you implement to prevent spam form submissions and other unwanted communications. Effective spam protection can help improve your site’s user experience, improve website security, and help maintain your website’s performance.
