Back to blog
How to Protect WPForms from Spam and Bots

So, you want to patch any holes in your site? Well, it turns out, the most vulnerable points of any site are the ones the guest can interact with. And contact forms are perfect targets for any kind of random wannabe-hacker schmucks. If not protected enough, they can be subject to any kind of violation. Starting from classic bruteforce,  DDoS attacks, and ending with SQL injections.

So, when you want to make sure your site forms are, what are the necessary steps to achieve that? Luckily we have prepared a brief but thorough guide that tells you exactly what you can do if you use WPForms. 

“What are the benefits of protecting your site?”

When you set the protection for your site, it’s not just access protection. First of all, it is a measure to make sure your investments are safe. Building a site is not an easy and cheap endeavor. Even the most basic ones can cost their owner more than 12 000 dollars if you hire a design team for that purpose. 

If you are the victim of an attack, you also lose profit due to the site’s inability and suffer reputation loss, which means fewer people would trust your site and use it. 

Luckily there are cheap, and even free protection tools on the market. Let’s see what you can do to bulk up your WP Form.  So in contrast to the risk of losing a lot of money, time, effort, and reputation, even pricy options look like a good deal.

reCaptcha Solution

The goal of reCaptcha is to observe whether your site’s visitor is a person or a robot.

It comes in a variety of forms, each of which works in a somewhat different way. Some are completely invisible, which has the advantage of not bothering your visitors, but they do necessitate some maintenance.

Others employ drills and quizzes to verify the visitor’s identity.

We propose using the reCaptcha by BestWebSoft plugin to secure your WPForms.

You must complete the following steps to enable the anti-bot defense after acquiring both the reCaptcha and WPForms plugins.

  1. Go to the reCaptcha settings on your WordPress admin Dashboard and activate the “WPForms” on the External Plugins section. 

2. After that open the WPForms > All Form page. Click Add New or edit the existing one.


3. Name your form and choose a template for it.


4. Just drag-and-drop the BWS reCaptcha extension into the form builder and save changes.


5. Depending on the reCaptcha version used, the appearance of your contact form may change. For example, if reCaptcha Version 3 is used it will look on a page as follows.

contact form

That makes the contact form protected. The reCaptcha plugin by BestWebSoft offers additional settings like hiding it for certain user roles or managing the Allow/Deny list.


Captcha Solution

The main differences between reCaptcha and the Сaptcha by BestWebSoft plugin are Captcha does not require linking and managing your Google Account, and the checking procedure takes a more direct approach. 

Like reCaptcha it is compatible with the most popular contact form plugins, WPForms included.

After installation and configuration of both plugins, you will need to take additional steps.

  1. Open the Captcha plugin settings page on Admin Dashboard and enable the WPForms on the “External Plugins” section. Then click “Save Changes”.

2. Like with the reCaptcha, you need to make a new form, name it and choose a template.


3. Drag-and-drop the BWS Captcha extension to the Form Field and click the Save Changes button.


4. For example, the WPForms with “SlIde Captcha” may look as follows:

contact form

That’s all you need to do to protect the contact form. Other options can help you to change the appearance and functions of the captcha.



These two different tools have a somewhat similar flavor. The choice here mostly depends on your expectations from interaction with guests. Both of them do their job just fine.

Popular Posts

Like This Article? Subscribe to Our Monthly Newsletter!

Comments are closed.