Contact form spam is annoying, but the fix should not punish real customers. The goal is to block obvious automated submissions, slow down abuse, and keep the form easy for genuine visitors to complete.
Start With the Form Plugin
Most mature form plugins include anti-spam settings. Check whether your plugin supports honeypot fields, rate limiting, CAPTCHA integrations, blocked words, or email address restrictions. Enable the lightest controls first, then tighten if needed.
Use a Honeypot
A honeypot is a hidden field that normal visitors do not fill in. Many bots fill every field they find, so submissions with the hidden field completed can be rejected. This is low-friction because real visitors do not see it.
Add CAPTCHA Carefully
CAPTCHA can reduce automated spam, but it can also frustrate visitors. Use it when lighter controls are not enough, and test the form on mobile as well as desktop.
Rate Limit Repeated Submissions
If the same IP address or session submits the form repeatedly in a short time, rate limiting can help. Be careful not to block shared office networks or legitimate users who make a mistake and resubmit.
Validate Fields
Require valid email formatting, set sensible length limits, and reject messages that are clearly not useful. Avoid overfitting rules so tightly that genuine customers cannot contact you.
Protect Notification Email
Make sure your form sends from an address on your own domain or through an authenticated mail service. Do not blindly set the visitor's email address as the sender, because that can cause authentication failures. Put the visitor's address in the reply-to field instead.
Keep the Site Updated
Old form plugins can have security issues or weak spam controls. Keep the plugin updated and remove abandoned forms you no longer use.
If a form on your TekLan-hosted site is being flooded, open a support ticket with the form URL and the approximate time the spam started.
