How to stop spam form submissions on your WordPress
Enable antispam protection for WordPress forms with Cerber antibot engine and deny form submissions from specific countries
The antispam and bot detection engine is capable to protect all contact forms on a website. It’s compatible with virtually any form. Tested with Caldera Forms, Gravity Forms, Contact Form 7, Ninja Forms, Formidable Forms, Fast Secure Contact Form, Contact Form by WPForms and WooCommerce forms. It’s a great alternative to reCAPTCHA.
To enable protection go to the Antispam plugin admin page and check Protect all forms on the website with bot detection engine.
In most cases, the antispam protection works fine with the default settings. But as a professional solution, Cerber offers several options to fine tune its anti-spam algorithm.
Block form submissions from specific countries with GEO rules
The GEO rules allow you to permit or block form submissions from a set of specific countries. If you want to be in touch with people in your country only, this is the right way. GEO rules are available in the Cerber Security Pro version. Note that this setting affects all forms on your website except the standard WordPress registration form. To create the list of the countries:
- Go to the Security Rules admin page and click the Countries tab.
- Click Submit forms.
- Create a list of countries by clicking on the country name in the left window. Selected countries are listed in the right window. To remove a country from the list, click on the country name in the right window.
- Once you’ve created the list, set its type. If you want to block form submissions from the selected list of countries, click Selected countries are permitted to Submit forms, other countries are not permitted to. If you want to allow form submissions, click the second option Selected countries are not permitted to Submit forms, other countries are permitted to.
- Click the Save all rules button.
Block form submissions from specific IP addresses or a network
To completely block form submissions from a given IP address or an IP network or any combination of them add them to the Black IP Access List. Keep in mind that rules in the IP access lists have highest priority and processed first. Know more: Using IP Access Lists for protecting WordPress.
Exceptions for a set of IP addresses and IP networks
You can set up exceptions for a given IP address or an IP network or any combination of them by adding all of them to the White IP Access List. Know more: Using IP Access Lists for protecting WordPress.
Exceptions for specific HTTP requests
Usually, you need to set these exceptions if you use a plugin or some technology that communicates with your site by sending POST requests programmatically. In this case, Cerber blocks all of them because it recognizes them as generated by bots. To exclude specific requests from inspection by Cerber, you need to add the query string (request URI) that is used for sending POST requests. Do not include a hostname or a site domain. If Cerber finds a specified string in an HTTP request URI, the engine doesn’t inspect the request and doesn’t block it.
To exclude specific requests go to Antispam admin page and enter the some unique part of requests string (path) to the Query whitelist setting.
Disable antispam inspection for logged in users
If you trust logged-in users, you can disable antispam inspection for all of them. The users will be able to use any form including comments without antispam check.
Safe anti-spam mode
If you come across some incompatibility with another plugin or theme, you can enable a special mode that tells the plugin to use less restrictive policies when it detects spam. Safe mode makes it compatible with the rest of the plugins and themes. Use it with caution.
Is Cerber antispam engine compatible with reCAPTCHA?
Absolutely. The spam detection engine is compatible with any captchas including reCAPTCHA that you can activate in the plugin settings. Please note: activating reCAPTCHA for the login form doesn’t protect a website from hackers.
How does the antispam engine work?
How to stop spam user registrations on your WordPress?
Cerber Security has five antispam and antibot options which can be enabled simultaneously to stop the registration spam nightmare.
Follow this guide: How to stop spam user registrations on your WordPress.
Let’s sum up the capabilities of Cerber anti-spam engine
- You can set up anti-spam protection for WordPress registration form and comments, for contact and WooCommerce forms
- You can permit or deny form submissions from specific countries by configuring GEO rules *
- You can set up exceptions for IP address, network or a specific request URI
- If something goes wrong, you can enable safe anti-spam mode
- You can enable reCAPTCHA and Cerber anti-spam protection at the same time
- You can get notifications on email or mobile phone about spam activity
- Performance of the anti-spam engine can be monitored on the Activity tab
Last posts from WordPress security blog
- WP Cerber Security 6.5 March 18, 2018
- How to stop spam user registrations on your WordPress March 12, 2018
- Development version 6.3 March 10, 2018
- How to clean up activity and live traffic logs February 16, 2018
- How to protect WordPress against CVE-2018-6389 DoS attacks February 11, 2018