This post may contain affiliate links, I receive a small commission if you make a purchase with this link.

Outsmarting the Spam Email Bot with CAPTCHA & WPForms

Just when you thought your inbox was safe, a spam email bot can attack your website, threatening to slow down your website and drown you in spam emails.

Are you tired of constantly sifting through piles of spam emails in your website’s inbox? Are you worried that spam is hurting your website’s reputation or user experience? If so, it’s time to take action and eliminate spam email bots on your website.

Email spam can be a major problem for websites of all sizes, but it’s especially frustrating for small businesses and individuals who rely on their website for communication and lead generation. Fortunately, there are steps you can take to reduce the amount of spam you receive and protect your website from spam bots.

In this blog post, I’ll explain what a CAPTCHA is, why you should add a CAPTCHA and how to add it to your WordPress website.

Defeating the Spam Email Bot: Table of Contents

What is a CAPTCHA?

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a simple test that helps determine whether a user is a human or a bot.

You have probably seen and used them many times before on websites. Here is an example from this website:

Contact form with CAPTCHA

The CAPTCHA provides a simple challenge for the user to solve. The user most solve the challenge successfully before using the contact form.

There are many types of CAPTCHA’s, some use different challenges for a user to solve and some use other techniques completely and are not visible.

Why Add a CAPTCHA to Your Website?

The reason to use a CAPTCHA is that an automated script cannot solve the CAPTCHA problem and therefore will be unable to use the contact form.

However, bots are becoming more intelligent and can solve some CAPTCHA challenges. Still a CAPTCHA will successfully filter out many email spam bots from your website.

By requiring users to complete a CAPTCHA before submitting a form, you can help deter bots and reduce the amount of spam you receive.

In addition to helping prevent spam, CAPTCHAs can also improve the security of your website. By requiring users to prove that they are human, you can help prevent automated attacks on your site and protect against security breaches.

Using a CAPTCHA on your website’s contact form is a simple and effective way to improve the security and user experience of your site. Not only will it help reduce spam and improve security, but it can also give users confidence that their personal information is being protected.

So if you’re not already using a CAPTCHA on your website’s contact form, now is the time to start. It’s a quick and easy way to improve the security and user experience of your site, and it can help protect you from spam and other security threats.

Defeating the Spam Email Bot: Adding a WPForms CAPTCHA to Your Contact Form

For this example I use the WPForms WordPress plugin. Other plugins can be used but this is the best forms plugin for WordPress and I use it on all WordPress websites I build.

Every website usually has at least one “Contact Us” form that spammers will use to send you constant spam emails.

Let’s see how to add a CAPTCHA to a contact form to filter out spam emails. For this example you can use either the lite version of the WPForms plugin or the Pro version which gives you more features and addons. The CAPTCHA element is available in the free version so you don’t need to purchase the plugin to use it.

WPForms Pro
The WPForms Pro plugin that comes with all the contact form features you will ever need including email subscription forms, multi-page contact forms, file uploads, conditional logic, payment integrations, form templates, and tons more.

WPForms website

First, install the WPForms plugin.

From the WordPress admin site select Plugins -> Add New. Search for “contact form wpforms” and select the “Contact Form by WPForms – Drag & Drop Form Builder for WordPress”.

Contact Form by WPForms
Install Contact Form by WPForms plugin

Install and activate the plugin.

Options For Implementing CAPTCHA On Your Contact Form

Once you have the plugin activated select WPForms from the admin sidebar and click on the settings link. Select the CAPTCHA tab as shown below.

WPForms Setup Captcha
wpforms settings panel

There are various CAPTCHA solutions you can pick from. In this article I show you how to use the Google reCAPTCHA challenge. It’s free and will be familiar with many of your website visitors already.

Select the Google reCAPTCHA option. If you are interested WPForms also has a walkthrough to setup Google reCAPTCHA although I will explain the steps here.

The next step is to setup and configure the Google reCAPTCHA from your Google account. Make sure you are logged in to your Google account and then go to this link:

You will be asked to register a new site to use the Google reCAPTCHA challenge on. See the screen below:

Add CAPTCHA to your site
Register your site with Google

Give the reCAPTCHA configuration a name (it doesn’t matter what name you use).

It’s up to you what version and type of reCAPTCHA to use. I use the reCAPTCHA v2 “I’m not a robot” type because it is a visual element that needs to be completed by the user. This means I can see the element is present and working. The v3 reCAPTCHA is invisible so it can be difficult to know if it is installed and working.

I initially tried to use the v3 reCAPTCHA but ran into difficulties. It seemed to be installed and working correctly – I could see the code was added to the form but it didn’t block spam for me. I know because I purposely added spam comments to the contact form and they were not blocked.

v2 reCAPTCHA works flawlessly for me so that’s why I have used it in this article and on my website’s contact form. I recommend it.

After selecting the CAPTCHA type and version you then need to enter the domain name of your website. This is the part after “www.”, so for my website it would be “”. Add your email address and accept the Terms of Service to continue.

more settings for Google reCAPTCHA
add your website domain and email address and accept the T&C

After you submit your site details and email address to Google two keys will be generated for you. These keys will be needed later so don’t move from this screen without first copying both keys.

google recaptcha admin console
Google reCAPTCHA keys

Copy both keys into your WPForms captcha settings page as shown below. Make sure you select the correct reCAPTCHA type.

setup checkbox recaptcha v2 wpforms
wpforms -> Settings -> CAPTCHA screen

Remember to click Save Settings to store your CAPTCHA settings.

Now, create a simple contact form and add the CAPTCHA element to the form. You can go to WPForms website to learn how to create forms (it’s drag and drop so it’s easy to do).

From the WPForms sidebar add a RECAPTCHA element to your contact form. You will see a dialog box appear on the form letting you know the CAPTCHA has been added to the form.

Defeating the Spam Email Bots: enable recaptcha for contact form
add the reCAPTCHA element to your contact form

Don’t forget to save your form after you have added the reCAPTCHA element.

Now, you can view the contact form on your website to verify the captcha element is displayed and works as expected.

completed recaptcha form
completed recaptcha form

Now, visitors to your contact form will have to prove they are not an email spam bot before they can send you an email!

Keep your WordPress Website Updated

I can’t finish this article without reminding you to keep your website software updated. Spammers often target websites that are out of date, as they can be easier to exploit. By regularly updating your WordPress site and all of its plugins and themes, you can help reduce the chances of your site being targeted by spam bots.

Defeating the Spam Email Bot: Final Thoughts

Thanks for reading! To summarise this article:

  • A CAPTCHA provides a challenge a user needs to solve before using a contact form
  • A CAPTCHA will block email spam bots using your contact form to send you spam emails
  • It’s quick and easy to include a CAPTCHA to your contact form

Using WPForms is the easiest way to create great looking forms for WordPress websites all of them can be secured by adding a CAPTCHA to block a pesky spam email bot abusing your website.


If you found this article helpful, please consider sharing it with your network by using the social media sharing buttons below. Thank you for your support!

Leave a Comment