Protecting your Web Forms (and your inbox!) from Spam

Many of you collect non-personal data from your website’s users using forms. CMS provides you with the powerful Gravity Forms plugin to help you with that. Most of your web forms will be open to the public – i.e. not only available to those who are signed in – and with this comes the risk of form spam.

A common tactic for those trying to glean information about a web platform is to fill out any unprotected web forms hundreds or thousands of times. And each of those form submissions (often containing what looks like gibberish) will likely generate at least one email. Whilst CMS (and the infrastructure it sits on) has multiple layers of protection in place to help detect and prevent issues, the tactics such actors use changes all the time.

One proven way that you can help to protect your website, CMS as a whole, and your inbox, is to use Google reCAPTCHA. It is an anti-spam mechanism that you can activate once on your site which will then help protect all of your forms. We have detailed instructions of how you can protect your forms from spam. It takes less than 5 minutes to implement, and can save you hours and hours of dealing with a ‘spam attack’.

If you enabled reCAPTCHA more than 12 months ago, it’s likely that you are using version 2. This has now been deprecated by google and replaced with v3 and it is just as important for you to migrate from v2 to v3 as it is for those who don’t have any protection on their forms. Please follow our instructions on enabling version 3 of reCAPTCHA.