Current Best Spam Prevention?

Hi @stumur

I hope you’re well today!

Formiantor has a basic spam protection built-in in form of “honeypot”. It’s a special field that’s meant to “fool” bots and you can enable it in “Behavior” settings of each form separately.

It isn’t really strong protection but it should help limiting spam amount a bit.

Then the captcha (there’s support for hCaptcha and reCaptcha built-in) is another way to limit spam.

On top of that, if both these ways together are not sufficient, I would recommend adding some spam protecton plugin after all – Akismet or CleanTalk Anti-Spam (both integrated with Forminator).

It’s always a good idea also to look through traffic stats to try to identify bots (IPs and/or user-agent strings) that may be responsible for most of the spam and consider blocking them using firewall on server or via plugin such as our own Defender.

Best regards,
Adam

Thanks Adam. I should have pointed out that the spam comes to me in the form of emails to my domain’s Thunderbird email client, not spammers making comments on the site etc.. only through emails. Does this require a different approach?

Hi @stumur

Thanks for response!

I mentioned anti-spam plugins (two specific plugins only) because they integrated with Forminator and and they actually can check and asses form submissions. So if that spam e-mail is a “form spam” indeed – steps that I suggested should help.

I can’t promise they’ll stop spam entirely but they should significantly reduce it.

The question, however, is then: is that spam really related directly to Forminator?

Note that form (unless you have specifically added it in open text) itself does not expose your e-mail address anywhere and there’s no way to “extract” e-mail address from it.

If that spam comes through the Forminator form, you would see

a) that e-mails have the same subject/format/data as e-mail notifications configured for your Forminator forms

b) and if you have forms set to save submissions to database, you’d also see related entries on “Forminator -> Submissions” page.

Steps described previously should help limit amount of this kind of spam.

If that’s not the case and you are just getting various (different content, different format etc) spam e-mails directly into your e-mail inbox – it’s quite unlikely to be related to Forminator.

It would still be worth to secure forms but fighting such spam is yet another thing and may not be easy or possible.

First thing to do would be to make sure that e-mail address is not exposed anywhere on site – neither in open text, nor even as an “image” (as bots nowadays can easily read images).

If you must have it openly published on site, then the only thing that can help would be some spam filters at your e-mail provider level and/or some fine-tuning of your e-mail client app (I think Thunderbird also allows adding some filters that would help with it). But that’s not really related to Forminator and not even WordPress.

If you can remove e-mail address from the site then also look into other plugins and theme if it’s not exposed in page source in some way – e.g. via some integrated (other than Formiantor) contact widgets/forms and try removing it from there as well.

It would still be also recommended to consider checking site/server analytics to try to identify spamming bots and block their access to the site (as described previously). Other than that, server level and in-app e-mail client spam filtering is a way to go in such case.

Kind regards,
Adam

Hi @stumur,

Since we haven’t heard from you for a while. I’ll mark this thread as resolved for now. Please feel free to re-open the thread if you need further assistance.

Best Regards
Nithin