Security Blog
Security Blog

Antispam protection for WordPress forms

Cerber anitspam and bot detection engine protects all forms on a website


Cerber antispam and bot detection engine is capable to protect all contact and registration forms on a website. It’s compatible with virtually any form. Tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms. It’s a great alternative to reCAPTCHA.

To enable protection go to the Antispam plugin admin page and check Protect all forms on the website with bot detection engine.

In most cases, the antispam protection works fine with default settings. But as a professional solution, Cerber offers several options to fine tune the anti-spam algorithm.

Exceptions for a set of IP addresses and IP networks

You can set up exceptions for a given IP address or IP network or any combination of them by adding all of them to the White IP Access List. Know more: Using IP Access Lists for protecting WordPress.

Exceptions for specific HTTP requests

Usually, you need to set these exceptions if you use a plugin or some technology that communicate with your site by sending POST requests programmatically. In this case, Cerber will block all of them because it recognizes them as generated by bots. To exclude a request from inspection by Cerber, you need to add the query string (request URI) that is used for sending POST requests. Do not include a hostname or a site domain. If Cerber finds a specified string in an HTTP request URI, the plugin engine doesn’t inspect and doesn’t block it.

Disable antispam inspection for logged in users

If you trust logged-in users, you can disable antispam inspection for all of them. The users will be able to use any form including comments without antispam check.

Safe anti-spam mode

If you come across some incompatibility with another plugin or theme, you can enable a special mode that tells the plugin to use less restrictive policies when it detects spam. Safe mode makes it compatible with the rest of the plugins and themes. Use it with caution.

Is Cerber antispam engine compatible with reCAPTCHA?

Absolutely. The spam detection engine is compatible with any captchas including reCAPTCHA that you can activate in the plugin settings. Please note: activating reCAPTCHA for the login form doesn’t protect a website from hackers.

How does the antispam engine work?

The Cerber spam detection engine uses the combination of JavaScript, jQuery, and cookies to understand is it a real browser and is it a real form has been submitted by clicking a submit button. Also, to make a decision, the plugin tracks all suspicious and malicious requests from an IP by using its Activity log.

Let’s sum up the capabilities of Cerber anti-spam engine

  • You can set up anti-spam protection for WordPress registration form and comments, for contact and WooCommerce forms
  • You can permit or deny form submissions for specific countries by configuring GEO rules *
  • You can set up exceptions for IP address, network or a specific request URI
  • If something goes wrong, you can enable safe anti-spam mode
  • You can enable reCAPTCHA and Cerber anti-spam protection at the same time
  • You can get notifications on email or mobile phone about spam activity
  • Performance of the anti-spam engine can be monitored on the Activity tab

Last posts from WordPress security blog


I'm a team lead in Cerber Tech. I'm a software & database architect, WordPress - PHP - SQL - JavaScript developer. I started coding in 1993 on IBM System/370 (yeah, that was amazing days) and today software engineering at Cerber Tech is how I make my living. I've taught to have high standards for myself as well as using them in developing software solutions.

View Comments
There are currently no comments.