Beat captcha! The best WordPress spam blocking method - fast and high blocking rate

There is no place for spam comments! As an OCD person I can't tolerate spam comments/emails. In addition, Mo is a speed fanatic, so I have been looking for a spam blocking method that balances the blocking rate and speed. Here are some tips on how to block spam comments on WordPress.

Why do bots spam contact forms?

Spam bots mainly target contact forms for malicious attacks. One of the main reasons for this is data collection, where they grab valuable personal information, such as email addresses and business details, to use in targeted spam campaigns or to sell to third parties.

Another reason is SEO manipulation, where bots flood forms with submissions containing backlinks pointing to their own sites, designed to improve their search engine rankings.

Some bots are specifically designed for phishing or malware distribution, injecting harmful links into form submissions in an attempt to steal sensitive data or infect users with malware.

Additionally, spambots can cause server overload and submit tons of irrelevant data, which can slow down or even cause a site to crash. All of this wastes time and resources, makes it difficult to screen legitimate queries, and reduces the effectiveness of contact forms.

How to implement WordPress spam comment blocking?

WordPress spam comments often occur in article comments, forms, Woocommerce product reviews. The following shares the corresponding blocking methods according to different contents.

First, the conclusion.Elementor等表单+Woocommerce Product Reviews + Article ReviewsUseCloudflare Turnstile Verification CodeThe plugin will do, and the interception effect can go up to 99.91 TP3T.Fluent form comes with Cloudflare Turnstile CAPTCHA feature, no need to install additional plugins. You can also use Cloudflare Turnstile CAPTCHA plugin to replace the Cloudflare Turnstile feature that comes with Fluent form.

Cloudflare Turnstile CAPTCHA plugin is not compatible or mainland websites can not be linked, it is suggested thatUseMaspik Plugin拦截，通过不断添加调整黑名单关键字截效果可以去到99.5%(使用体验)，If the effect is not enough, you can add it.WP Armor.

Install the plugins mentioned in ↑ above first according to your own website.At the same time, you should also follow the tutorial below to make some basic settings to greatly enhance the interception effect, such as article comments to enable "comments must be manually approved", so that spam comments will only be displayed on the front end after manual approval.

Tip: Configure all the interception functions must be strictly tested under each form submission function! If you can not submit the form, errors, please leave a message at the bottom of the article, there will be specialized customer service to answer.

WordPress Post Spam Comment Settings

Article spam comments are the hardest hit, and the vast majority of CAPTCHA plug-ins only take effect on the form, the article comments can do nothing. Here we recommend an efficient and simple blocking method, you just follow the method below, you can block 99.99% article spam comments.

Go to "Settings" > "Discussion" to prevent spam comments from showing up automatically.

The red boxes below are ticked

Woocommerce Spam Review Blocking Settings

A few years ago, a Singaporean foreign trade company found us to change the WordPress website, and one of the requirements was to block the website spam comments. The client said the website would receive dozens of hundreds of spam comments every day, and the mailbox was jammed.

The client said the site was made by a good friend who hired an Indian guy to make it, using a cracked theme / plugin that has not been updated for many years. There is no firewall and no spam comment blocking, and the product comment section is a spam disaster area.

Woocommerce product reviews should also do spam comment blocking, the settings are relatively simple. If it is 2B website is not recommended to open the product evaluation function, set it off according to the following chart. Modify the path: Backstage Woocommerce section > Settings > Products, find the evaluation settings.

If it is a 2C e-commerce website you need to turn on the comment function to help improve the conversion rate. Check the box as belowOnly "verified users" can participate in the evaluationOnly customers who have purchased can evaluate and eliminate spam comments from the root.

Form (form) spam blocking settings

Form (Form) is the following chart to allow customers to submit information / message input box, commonly used to create inquiries, message system, the site must. Form is also a spam message disaster area, according to the above method set up after the basic receipt of spam comments, but the form spam message or there is a leak of fish.

At present, people mainly use various Captcha to block spam messages, the blocking rate is good, but still receive bad messages every week. Moreover, these CAPTCHAs require online verification, which slows down the form submission and page loading speed and affects the user experience, so it is not recommended.

After multi-site experiments, we feel that the installation of blacklist keyword blocking plug-ins to intercept the best results, the fastest. Different forms have different blocking plug-ins and methods, here we mainly introduceFluent Forms ProForm and Elementor Pro form spam blocking methods.

Fluent Forms Pro Spam Blocking Settings

If the page where the form is located does not contain Elementor code, it is recommended to use the Fluent Forms Pro plugin to create inquiry forms, message functions, etc. Fluent Forms Pro isFastest speedform plug-in that makes it easy to create forms with dozens of form templates.

If you are currently using a plugin like WP forms to create forms, we recommend switching to Fluent Forms Pro, which is faster and has a higher spam blocking rate. ClickDownload Fluent Forms Pro plugin and see how to create forms accordingly.

Fluent Forms Pro Benefits.

Form storage.Fluent Forms comes with a form storage function, and there will be a prompt in the background for new messages to avoid missing inquiries. Contact Form7 doesn't have form storage function, you need to install additional DB plugin, and the interface is not very friendly.

Powerful features.Fluent Forms has many types of form templates and features to do collections, conversations, subscriptions, surveys, signature functions and more. It is easy to extend the functionality of your website later. It is easy to set up and recommended to use.

Spam protection.Fluent Forms' honeypot function is more powerful than that of similar plugins. And there is a unique field blacklist blocking function, which can individually set which keywords are prohibited in each input area, greatly improving the success rate of blocking spam messages.

Speed.Our Diiamo comparisons have includedWP FormsAmong the several well-known form plugins within, Fluent Forms is the fastest, loading only the four resources in the figure below for a total of 47.3KB on the front-end, and adding form code only on pages with Fluent Forms.

If the form is inserted via shortcode, the resource in the red box below can be disabled site-wide, as it only works if the Fluent Forms form is inserted via the Elementor widget.

In comparison WP Forms forms load 200+ KB of resources on the front end, Ninja Forms loads,200+ KB, and Contact Form7 loads form code on all pages.

Click to viewWPForms VS Fluent FormsClick to viewGravity Forms vs Fluent Forms.

Fluent Forms Pro Message Blacklist Keyword Settings

Diarmo suggests disabling Fluent Form's keyword blocking feature and instead using theMaspik PlugininterdictionIf you want to use this keyword blocker, you can use it to check your email records. If you don't want to install so many plug-ins, just enable this keyword blocking is fine, although the effect is inferior.

In the "Settings&Integrations" settings of the corresponding form, find "Form Settings" > "Advanced Form Validation".

The following is the method to set the blacklist keywords of the form, choose the input box type of the form on the left, choose contails in the middle, and enter the blacklist keywords to be blocked on the rightmost side. Please set the keywords according to your own website.

At the beginning of the interception rules should not be set too strict, for fear of injuring normal visitors. Subsequently, according to the content of the spam form and then increase the keyword interception appropriately.

The honeypot feature should also be turned on, with a max blocking effect! The honeypot is a hidden input box that only bots can see. Once a bot enters something into this hidden box, it will be blocked. Click into "Global Settings".

In "Settings", findEnable Honeypot Security and turn on .

There are 3 types of Captcha settings in the "Global Settings", which can be turned on as needed. In principle, we do not recommend using any Captcha validation, as it will reduce the customer experience and have an impact on the page loading speed.

If the Simple Cloudflare Turnstile plugin is not additionally installed, it is recommended here to enable Fluent Form's Cloudflare'sTurnstileCAPTCHA feature. If the Simple Cloudflare Turnstile plugin is already installed, there is no need to enable the Turnstile CAPTCHA feature here.

Enable method: Click the following figure in numerical order to enter the Turnstile setup page, fill in 2 Keys (first go to Cloudflare to generate), click the blank position, it will be automatically verified and linked to the Turnstile. if the link is successful there will be a prompt, if the link is unsuccessful there will be no prompt, it should be a problem with the Keys to check it out themselves.

Be sure to test the form blocking feature with your browser privacy mode after setting it up. If you use forms like Wp forms, you can search and download other similar keyword blacklist blocking plugins instead of Maspik.

Elementor Pro Form Spam Blocking Settings

If the page where the form is located is built using Elementor (Ele for short), we recommend using Elementor Pro to build the form by clickingDownload free Elementor ProElementor's forms feature is very nice, easy to use and more powerful.Suggest a new honeypot field in the form to initially block some of the spam..

And Elemenotr form submission is fast, recommended to installContact Form DB PluginSave the ele form (inquiry) data submitted by customers in the background, there will be a prompt at the top of the background when a new form is submitted.

How to insert inquiry buttons and forms into the product detail page template?

If a product detail page or something is made using a theme (instead of Elementor), many people don't know how to insert the Inquiry inquiry button and inquiry form. In fact, you can use the Hook method to insert them. For details, please go toThe super practical WordPress Hook usage sharing, page insert inquiry button, form, ACF field, etc..

Excellent plugin recommendations for blocking spam registrations, messages/comments

In addition to the methods mentioned above, you need to install plug-ins to further enhance the spam blocking function, and it is recommended to install them as needed. Some duplicate functions are recommended to be enabled only in one place.

Cloudflare Turnstile

Domestic sites can not be used, because the link Cloudflare is not stable, may lead to loading failure or authentication failure.

Bug 1: Elementor form may not work if it is placed inside the Elementor Popup popup, this blocker plugin has been fed back to the author, hope to fix it as soon as possible.

Bug 2: When using this plugin to add validation to Fluent Forms, the validation code appears below the button instead of above, feedback to plugin author. Suggest to use the Turnstile function that comes with Fluent forms instead.

Cloudflare Turnstileis a powerful, lightweight interception tool from Cloudflare that is a perfect alternative to Google reCAPTCHA and more. Totally free, no frustrating puzzle validation, and even an invisible mode. Fast, GDPR-compliant, and cookie-free.

InTurnstile官网注册账号，花2分钟配置下即可。Some domestic servers may link CF speed is poor, CAPTCHA does not show can not be used, must be their own test, can not be used to change the use ofMaspik Plugin.

Install the free Simple Cloudflare Turnstile WordPress Plugin You can add Cloudflare Turnstile to your website. It supports the content shown below and covers a wide range of content.Fluent Forms comes with Cloudflare Turnstile, so there is no need to install this plugin additionally.

The following is the application verification code and plugin setup method ↓:

InCloudflare backendClick to go to the Turnstile board

点击“添加站点”，按下图提示选择域名和模式点“创建”。注意：如果域名没有使用Cloudflare CDN，无法选择，只能手动输入。输入后等会下方弹出灰色提示框(添加自定义域)，点击就行。

复制2个密匙，等下要粘贴到网站插件Simple Cloudflare Turnstile设置界面相应位置。

下面是插件设置，链接Turnstile的方法，感兴趣也可以查看Plugin official setup tutorial.

Fill in the 2 secret keys in order.

Select the scope of the validation application and click "Save Changes". In Elementor Forms, you can choose where the validation code will appear on the form.

After keeping the plug-in settings page will prompt the top of the verification, click on the verification, remember to check the box. After passing the verification, the following picture will be prompted, and the setup is completed.

Through the verification ↓, on behalf of the function is in effect, you can go to the front desk to try.

When viewing the page in browser privacy mode, validation appears at the bottom of the form and the submit button is unavailable (you need to enable the appropriate feature), the CAPTCHA function works correctly.

After clicking on the verification box, it prompts to pass the verification ↓, which is very convenient.

文章评论↓

Backend Login Box↓

注意：如果使用Perfmatters之类插件禁用或者延迟JS加载，可能无导致验证码无法正常工作，需要排除相应资源。配置好务必测试询盘功能，如异常又处理不了，删除插件改用Maspik插件拦截吧。

WP Armor - Honeypot Antispam

WP Armor Uses JS (which spambots can't use) and unique hidden fields to block spam, which works much better than the honeypot feature that comes with the form. Very lightweight, doesn't make any external calls and is GDPR compliant. No need to install this plugin if your form plugin etc. already has honeypot functionality.

The free version applies to the protection of the content of the following figure ↓, supports theFluent Forms, look at the premium version if you need extra protection. The plugin is updated regularly and the developers are very active in the support forum.

WP Comments
WP Registration
BBPress Forum (bbpress.org)
Contact Form 7 (wordpress.org/plugins/contact-form-7)
Gravity Forms (For Non-Ajax and Single Page/Step Form - gravityforms.com)
WPForms (wpforms.com)
Formidable Forms (formidableforms.com)
Caldera Forms (calderaforms.com)
Toolset Forms (toolset.com)
Elementor Forms (elementor.com)
Fluent Forms (fluentforms.com)
Divi Theme Contact Form (elegantthemes.com)
Theme My Login ( https://wordpress.org/plugins/theme-my-login/ )
WooCommerce Reviews Pro
No tracking, cookie storage or external server calls.

Maspik Forms Blacklist Keyword Blocking Tool

MaspikIt is message content blacklist keyword/email intercept plugin, after setting blacklist keywords, when the name field, email field, message field, etc. appear corresponding keywords will be intercepted. Local validation, front-end does not add code, so it is fast and effective. The new version adds robot interception function, blacklist IP library interception, honeypot function, year comparison function and so on.

The free version of Maspik supports the following forms/contents, those with a * after their name mean they need the Pro version to support them.Fluent FormsComes with a blacklisted keyword feature that eliminates the need to use this plugin, or of course, you can use this plugin instead.

• Elementor forms
• Contact Form 7
• NinjaForms
• Formidable forms
• Forminator forms
• Fluentforms
• Bricksbuilder forms
• WPForms*
• GravityForms*
• WordPress comments
• WordPress registration form
• WooCommerce registration form*
• WooCommerce review*

Here's a tutorial written by our own Diamo, or you can go to theMaspik official websiteSee more tutorials. Download and installMaspik PluginAfter that, click on the panel below to enter the plugin Options settings screen.

A reminder at the top of where the plugin is currently active.

Main Options Setting.

Set up as shown to enable the function.

IP Verification:Enabled, it will link the plugin's official blacklist IP library and directly block the corresponding IP.

Honeypot Trap:Add the honeypot field.

Elementor Bot detector:Block bots from automatically sending spam to Elementor forms, this feature successfully captured about 30% of spam.

Below is a tutorial on adding keywords and an explanation of the corresponding roles.

Note: Keywords will be blocked as long as they appear, support wildcard* writing, please see the gray text description below the input box for details. Please choose your keywords carefully and define them to check the blocked records and adjust the keywords according to the false blocking situation. 

Tip: Use this plug-in will also receive some spam, you need to constantly put the spam message in the special words (such as company names, names, marketing words, special vocabulary, etc.) or user name, IP address, etc. added to the appropriate settings box for interception. With the continuous adjustment of the late basically no spam messages.

Text Fields setting:

The "Text Fields" in the following figure corresponds to the Name field of the form, enter the blacklisted keywords you want to block, one line at a time, and tap"SAVE"Button Save. If you enter the appropriate keyword in the Name field of the form after you have entered it, it will be blocked.

Email Fields settings:

The "Email Fields" in the following figure corresponds to the Email field of the form, enter the blacklisted keywords you want to block, one line at a time, tap"SAVE"button to save. After entering, if the form'sEmailfields are blocked by entering the appropriate keywords.

Textarea Fields Setting.

The "Textarea Fields" in the following figure corresponds to the Message/Texarea field of the form, enter the blacklisted keywords you want to block, one line at a time, and then tap"SAVE"Button Save. If you enter the corresponding keyword in the Message/Texarea field of the form after you have entered it, it will be blocked.

"Limit Links" is to limit the insertion of URLs, enter the number 0, on behalf of prohibiting the insertion of URLs, enter 1 on behalf of allowing the insertion of up to one URL, and so on.

Here's a partial list of keywords that Diamo has collected, just for reference

*http*
*www*
Eric Jones
Emma Miller
*rank*
software
fixed monthly
*.ly*
Instagram growth
monthly fee
with graphic design
AI system
mathewbloch
tinyurl
monthly fee
fixed monthly
Feedback Form
in spam
Data Entry
tinyurl
5 star
what you need
Fiverr
targeted Customers
webmaster
Similar here
place your business
1st page
financing solutions
interest rate
your customers
web development

Don't set the keywords too strictly for fear of mistakenly intercepting normal comments. Be sure to test the comments after setting! If you still receive spam, fill in the special keywords in the message into the "Text area field" to intercept.

Whitelist Phone Fields formts setup.

Only the following phone formats are allowed to be entered, leave it blank to disable this option, for details click on "HERE" in the image below. This is a whitelist mode, if the phone format entered is not the set format, it will be rejected.

More Options setting:

The 2 features below work well, the first one is verified on the site'sstay somewhere temporarilylength, the second one uses JavaScript to automatically verify that the year matches thus determining if it is a robot.These 2 features are sometimes mistakenly blocked, so it's recommended to disable it to see if it's too much spam before enabling it.

Make it a habit to look at the blocked log regularly to see if there are any false blocks.

Here is IP Intercept, enter the IP addresses to be intercepted, one line at a time.

Choose which forms are supported for blocking spam, usually the default will do.Finallypoint (in space or time)"SAVE"button to save.

The following figure sets up the prompt for submitting spam messages to be blocked, and the maximum number of spam messages to be recorded in the background. "Default validation error message" is the content of the message after the form submission is blocked, change it as needed. Lastlypoint (in space or time)"SAVE"button to save.

The end of this setup, you can go to the front end to leave a comment to test the effect of WordPress spam comment blocking.You can test it on the right side of the settings page (↓ in the panel below), enter the blocking keyword in the corresponding field, and tap "CHECK".

If intercepted, there will be an alert ↓

No interception. Successful submission.

View WordPress spam comment blocking history:

Be sure to check the spam log regularly, there may be false intercepts! After enabling the Spam Log function above, the corresponding "Spam Log" section will appear in the background ↓, click to view the blocking records.

The list will show the reason for the block, submitter IP address and other information.

Click the button below to expand the details of spam comments ↓, you can determine whether it is mistakenly intercepted. If you are sure it is spam, you can add the corresponding keywords to the plugin settings, for example, you can add the email address mentioned below to the Email Fields settings.

Clicking on "RESET LOG" in the picture above will delete all intercepted logs.

If you find a false intercept, click on the red box below "Not Spam?" button.

The following screen will pop up, click the "YES, DELETE" button, it will disable the function that caused the false interception.

Update 2025.01.20: Diamo uses this plugin a lot, has given the author a lot of suggestions and bugs, and wrote this article to publicize it. The author has given us 10 sites of Maspik Pro activation codes for free as a thank you, haha.

You can see that we Diamo do the site is very attentive, in-depth study of the various features, give the author suggestions. The author of this plugin is also very attentive to do this plugin, has been updating the function, timely repair of bugs, highly recommend the use of this plugin.