How can we help?
Please get in touch using the form below.
5 minute read
Typically, this event is unexpected and sometimes unavoidable, and one that often causes at least a little mayhem as you scramble to clear your emails from junk submissions and solve the issue. To combat this, we’ve pulled together a list of our eight top tips to help you reduce the chances of your WordPress website falling victim to spam.
If you’re using WordPress, we recommend opting for a form builder plugin such as Ninja Forms or Gravity Forms instead of building PHP forms. Form builder plugins are generally more secure, stay up to date with the latest industry standards, and allow for additional security measures such as basic Honeypot spam protection as well as some of the different methods we’ve explored below. They also make the setup process a lot easier, and they’ll keep form submissions logged in the WordPress admin area – much better than relying on email notifications.
In most cases, spam is automated, meaning that instead of actual humans trying to target your site, software and bots are used to bulk-attack websites. Therefore, one of the simplest ways to stop this is by using some kind of check that only a human can do. Below are several examples that you can add to your site to help prevent spam:
It’s worth highlighting that malicious software and bots are becoming more sophisticated and aim to bypass these methods. While they may provide decent protection, they may not stop all spam.
Cheap hosting will not necessarily make you more prone to spam, but it will not improve the situation. We recommend using a reputable hosting provider suitable for your requirements. You can learn more about the different types of hosting here. We use WP Engine to host many of our client’s websites. They have built-in security measures to help protect against spam and hacking.
You may have noticed that most websites will allow you to use Autofill, which pulls saved data such as email, mobile, name, address, etc. from your stored information when you go to complete a form. You can deactivate this for your website to help prevent spam.
By blocking copy and paste functionality on your website, you’ll prevent spammers from copying and pasting their details straight into your form. Although this does create a negative user experience for actual users so should only be done as a last resort.
If you notice suspicious behaviour from a particular IP address or a country that you don’t directly deal with, you can block traffic from them to prevent spam. You might also consider this if you notice a high traffic volume from a particular place/ address over a short period or increased form submissions.
If you have a WordPress website, there are a wide range of security plugins that can help prevent spam and other malicious activity, and we’d recommend using them even if you’re not getting spammed.
Two that we’d recommend are Sucuri, who also offer a paid monitoring, clean up and firewall service, and WordFence, which have several advanced features to help prevent traffic from suspicious sources coming to your website. They carry a blacklist of known spammers and can block them from visiting your website. They’ll also be able to identify abnormal activity from a specific IP address (as mentioned above) and block this without your involvement. These plugins have free and paid versions, including AI (Artificial Intelligence) and ML (Machine Learning) technology to help predict and prevent spam.
The final step you can take to improve your site’s security and reduce the risk of spam is to keep any themes, plugins and the WordPress core up to date. This means carrying out regular updates either internally or via your web agency or hosting provider.
We hope you found this blog useful. If you’d like to stay up to date with our marketing hints and tricks, please register for our newsletter below.
Our friendly team of designers, developers and digital specialists are ready and waiting to help with your website project.