How to avoid website form spam

If you have a website, you’ll know about spam and the problems it causes. And if you have website contact signup forms, you’ll most likely have run into form spam. This can cause major headaches because web forms are one of the best ways your brand website can collect information from your customers or potential customers.

How to avoid website form spam
Giles Taylor writes for W/Brand Design Blog
Giles Taylor, January 16, 2024

In this guide, we’ll take a deep dive into website form spam, why it’s important to have defences on your website contact signup forms, some ways to keep it at bay, and how a website agency can help.

What is website form spam?

If your website is hit by form spam, your forms have been attacked with malicious intent. When spammers – which can be bots as well as humans – submit form spam, they are including information in links or scripts that can be:

  • False
  • Inappropriate
  • Irrelevant

What type of forms are affected by form spam?

Unfortunately, any type of website form can be affected by form spam. This includes:

  • website contact signup forms
  • payment forms
  • forms for users to leave comments.

How does form spam happen?

The most common spam form submissions include:
Links to the websites of spammers. They do this in the hope of getting links published on your WordPress or other website platform. Whether they end up as comments or elsewhere on your site, it can boost their search engine optimisation (SEO).

Empty offers to website owners, promising to improve their rankings on Google.

Most dangerously, malicious links that can infect your computer with a virus, steal your personal information or restrict site access.

Why should I stop form spam on my brand website?

With all this in mind, you might still be tempted to think spam form is just a minor issue that might not impact you too much. But the damage it causes can be serious.

At best, form spam takes up a lot of your time if you’re constantly working through leads that prove to be fake. Your time is valuable – think of the opportunities you’re missing out on. This distraction can also result in a drop in customer satisfaction. And fake leads can also skew your data, so you could end up wasting time cleaning it up to make it more accurate.

But it’s the security risks caused by malicious links that can really cause havoc. One click on a malicious link can cause real damage to your website. If it results in downtime, it can affect trust in your brand website, and even damage your finances.

Ways to prevent form spam

Fortunately, there are a number of effective methods to keep form spam away from your website.

Hidden form fields

You can use CSS and/or Java to hide form fields from legitimate site visitors and customers. Lots of bots can only read HTML, so if one of those hidden fields is filled, you’ll know it was done automatically by a bot. This is also known as ‘the honeypot method’.

Unfortunately, bots are becoming more sophisticated, and some are now designed to read CSS and Java. But you will catch the less sophisticated spambots, and make it harder in general for them.


You’ll have seen CAPTCHAs on many websites – if you’ve been asked to identify and retype ‘squiggly ’letters, you’ve used a CAPTCHA. This is a script that blocks bots from accessing your website. It can be very effective, but it also causes frustration for real visitors, because the letters can sometimes be hard to read. Because of this, it’s a good idea to get the balance right and not overuse CAPTCHAs on your brand website.

Ask questions

Bots can’t answer the most basic questions in forms. So, if you ask a straightforward question such as: ‘What is 2 + 2?’, and then filter the submitted forms to look for the correct answer, you can delete the forms without answers and be rid of the bots.


If you notice spam repeatedly coming from specific IP or email addresses, you could block them from being able to access your forms, or flag them as spam so they’re filtered out.

Or, you could reduce bot submissions by setting up your forms so they can only be completed once per user or per session. The only issue there is the danger of rendering forms inaccessible for real visitors if, for example, they need to fill in a contact form more than once.

User authentication

Extra security techniques such as email verification and two-step authentication (2FA) help to stop bots and human spammers. However, there’s danger in overusing such tools, because extra measures can frustrate potential customers, who could ultimately decide to go elsewhere. So, maybe save user authentication for high-value forms, such as trial sign-ups, rather than standard contact forms.

Third-party services and plugins

Website platforms such as Wordpress have lots of spam prevention plugin options – for example, Akismet. This form software automatically checks all comments, and filters out any it recognises as spam. Akismet also offers the option to buy a plan that blocks spam on other forms.

How a website agency can help

Spam is a nuisance that won’t go away. But with the right team of website designers and digital marketing experts on your side, the battle against the spammers gets that much easier. We’re not just about making your website look pretty – function matters as much as form. And we’ll pay attention to your forms, too, ensuring the spammers are kept at bay as much as possible.

Get in touch to find out how WithBrand can help today

Giles Taylor writes for W/Brand Design Blog

Giles Taylor

Giles is the founder and creative director for W/Brand. A graphic designer from Reading in Berkshire, UK, he's a dad with two wonderful children who enjoys walking and playing the guitar.  

Get started today!

Please type your first name.
Please type your last name.
Invalid email address.
Invalid Input

I have read and agree with W/Brand's privacy policy

Brand Agency Get In Touch Start your Brand Journey