Want to prevent spam on your website? There are solutions (and plugins) for that!

If you have a contact form on your website, you may have noticed that you are receiving quite a few e-mails that are not exactly kosher – sometimes you can even get hundreds of spam messages a day! Fortunately, there are some solutions available to prevent spam from being sent via your website.

CMSs such as WordPress are wonderful to work with, but they are often also easy targets for spambots that use contact forms to send annoying e-mails. We would like to provide you with some information on how you can prevent this spam.

How does spam end up in your mailbox via your website?

If you have a contact form on your website, people can use it to send you messages, like a request for a quote or for information.

When someone who visits your website sends you such a message, your website (with your own e-mail address) forwards the message in question to your e-mail address. In addition, that visitor will often receive a copy of the message he sent via the form.

Unfortunately, not all visitors are equally reliable. Among them are also spammers, i.e. people (or bots) who send you messages containing dangerous links in the hope that you will click on them. This technique is known as phishing.

example of spam via contact form wordpress
An example of spam sent via a contact form

A contact form is always a better option than just publishing your e-mail address. Because if you publish your e-mail address openly on your website, spammers will jump at the chance to save it and spam you to death.

By the way, if you keep a blog, visitors can often post comments there as well. If you do not use a spam filter, chances are that the comments section under your posts will be flooded with spam.

Why prevent spam?

Irritating, dangerous and a waste of time

First of all, spam is annoying, and it wastes your time because you constantly have to check and delete your e-mails. But it only takes a second of distraction to click on a link contained in the spam message. And that is how you can infect your computer with viruses or give hackers access to your files.

The reliability of your e-mail address

Every time someone fills in a form on your website, you receive an e-mail. That e-mail is not sent from the e-mail address of the person who filled in the form, but from your own website, which means from your own e-mail address as well! This is detrimental to the reliability of your e-mail address. Because it can lead to your own e-mail address being listed as unreliable and to your own e-mails ending up in your recipients' spam folder in the future.

Tip for your e-mail marketing

If you send newsletters and do not want them to end up in your contacts' spam folders, be sure to read our article 'Ensure that your e-mail marketing will not be considered spam'.

Your reputation

When a bot fills in a form on your website, it can enter someone else's e-mail address as its e-mail address. In most cases, that person will receive a copy of the sent form in his or her mailbox. Which is bad for your reputation, because that copy is sent from your e-mail address!

Besides, having a website full of spam comments under your articles also looks very bad.

Prevent spam using reCAPTCHA

One of the things that can help you avoid spam on your website is (re)CAPTCHA. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart, so let's just stick with the acronym 😉.

CAPTCHA requires a visitor to pass a certain test to prove that he or she is not a robot. This can range from a simple checkbox to identifying pictures containing traffic lights.


reCAPTCHA is a free CAPTCHA service provided by Google. If you use a WordPress plugin for your contact form, you can usually install reCAPTCHA very easily. Your form plugin usually comes with all the instructions you need!

Every year, we at Combell help hundreds of customers with their spam issues. In 2020, we encouraged 351 customers to integrate a Captcha code on their website.


Our SiteBuilder also offers the possibility of integrating a CAPTCHA.

Prevent spam using an anti-spam plugin

There are great plugins for WordPress that will make it impossible for spammers to attack you. Below is a list of some of the best anti-spam plugins available today.

Akismet plugin

The Akismet plugin is a free plugin that you can use to prevent spam comments. For example, if you have a blog where comments can be posted, Akismet will check each comment to see whether it is spam or not (by looking at the IP addresses of your visitors, among other things).

As mentioned above, Akismet is a free plugin. But there is more: it is already installed by default when you create a WordPress website! The only thing left for you to do is to create an Akismet key via the Akismet website. Akismet will not work without this key. But do not worry: non-commercial websites can get an API key for free.

WordPress zero spam

Another useful anti-spam plugin is WordPress Zero Spam. Instead of asking a user to fill in a CAPTCHA, WordPress Zero Spam detects whether you are dealing with a spambot or not. The plugin is easy to integrate with other plugins, like the one for forms (more on that below!).

Antispam Bee

Antispam Bee is also one of the best anti-spam plugins. It scans every e-mail that comes through your website, without CAPTCHA. Antispam Bee is one of the most popular anti-spam plugins for WordPress.

Prevent spam using a good contact form

A contact form is the first place where spam hits you. It is therefore common sense to use a good form plugin. Many of these forms come with a built-in spam filter.

Contact form 7

Contact Form 7 is one of the most popular plugins for creating a form – and, as is often the case, it is completely free.

The Contact Form 7 form has a number of associated plugins, such as Spam Protect or the Honeypot plugin. You can also add a CAPTCHA to it.

Such a honeypot is as simple as it is ingenious. (Spam)bots always want to fill in all fields of your contact form, so that they can behave like 'real people'. So when you add a 'hidden' field to your form, which ordinary visitors cannot see, the spambot will also fill in that field. This means you can be sure that visitors who fill in that field are spammers. Caught in the honeypot!

Ninja Forms

Ninja Forms also uses a Honeypot, which is installed by default on the plugin. It is also possible to use Captchas, but Ninja Forms itself advises against the use of those. According to them, Captchas are not an ideal solution and are annoying for your visitors.

Disable anonymous comments

Ninja Forms also uses a Honeypot, which is installed by default on the plugin. It is also possible to use Captchas, but Ninja Forms itself advises against the use of those. According to them, Captchas are not an ideal solution and are annoying to your visitors.

With anonymous comments, certain information, such as a name or e-mail address or website, is not required. This obviously gives spambots plenty of opportunity to post spam in the comments section under your posts. In order to prevent this, you have to check a special option ('Comment author must fill out name and email') in your WordPress dashboard.

Need any advice?

Here at Combell, we fight cybercrime every day – which obviously includes spambots. If you want to keep your website free of spam, we can certainly help you with that. Because top-quality, spam-free websites work best with a good hosting provider!

Frequently asked questions