If you have a form, you’ll get spam. That’s the inevitable truth.

So you need a way to block spammers from flooding your form submissions.

Up until a few years ago, the accepted anti-spam device was CAPTCHA — a program designed to protect against spambots by generating tests that only humans could pass.

The idea was to create a system that was nearly impossible for bots to fill in your form. It wasn’t a perfect system by any means, but for years it was all we had to add any level of security to our devices.

Recently, however, Google declared the death of CAPTCHA.

Bots were getting too smart for it to work as intended, and humans were getting too annoyed with the process to keep it around.

But with its passing, there leaves a big gap in form security. So what’s left to replace it?

[content_upgrade cu_id=”12192″]Don’t miss our FREE download: 7 Tips for Reducing Spambots in WordPress[content_upgrade_button]Click Here[/content_upgrade_button][/content_upgrade]

Why CAPTCHA Never Really Worked for Form Security

The theory behind CAPTCHA went something like this: humans are smarter than computers, so only a human could bypass complicated form security questions.

So CAPTCHA developed an anti-spam tool that you could add to your forms to ask complicated questions.

You probably recognize it:

One thing that this theory failed to account for is the fact that bots would start learning.

Advancements in AI have all but guaranteed that bots would eventually find ways around CAPTCHA, leaving users with the same spam problem they would have without it.

It also failed to account for human annoyance.

People didn’t like having to answer complicated questions when they were filling out a simple form. It was an extra step in the process that felt totally unnecessary, and it hurt form conversions.

In one A/B usability test, only 62% of participants were able to successfully complete a CAPTCHA question on their first try, and 23% struggled through multiple attempts before finally succeeding.

On top of that, many people in the disabled community began voicing concerns that CAPTCHA was difficult to use, especially for those with hearing impairments, limited sight or other challenges.

At the end of the day, everyone was struggling with CAPTCHA. Well, everyone except bots.

But without CAPTCHA, how can users protect their forms? Surely something is better than nothing, right?

The good news is that there are alternative solutions to CAPTCHA that provide some protection and a better user experience. Here are a few options you can use:

 

Solution #1: ReCAPTCHA

In an effort to save a dying program, Google introduced another anti-bot alternative called reCAPTCHA.

Instead of a bulky questionnaire, users had only to click a button to identify themselves as human.

In terms of user experience, reCAPTCHA is a major leap in the right direction.

When it comes to security, it does have a better level of anti-bot protection compared to traditional CAPTCHA (bots can crack reCAPTCHA with 23% accuracy), but it’s not perfect.

Google recently announced a newer version of reCAPTCHA, called No CAPTCHA, that eliminates the “I’m not a robot” checkbox all together, unless a user is flagged as “suspicious.”

If someone fails to input the correct password one too many times, for example, the box would appear, or users would have to undergo more rigorous security checks.

A “suspicious” user might see a reCAPTCHA that looks like this instead:

In defense of reCAPTCHA, Google assures users that they are applying “the human bandwidth to benefit people everywhere” and that it does provide protection against “most bots.”

If you’re using Gravity Forms, setting up reCAPTCHA is fairly straightforward.

Using the field requires signing up for a free reCAPTCHA API account and entering the Private and Public API keys in the Gravity Forms Settings Page.

You can then add the reCAPTCHA field to any form using the form builder.

You also have the option to use the plugin Really Simple CAPTCHA alongside Gravity Forms to simplify the process further.

Solution #2: Honeypot Method

If you want to skip CAPTCHA/reCAPTCHA all together, you can also use the honeypot method.

Honeypots are extra bits of code used to catch bots without users knowing that they exist. The most common example of this is the hidden form field.

With this method, an extra field is added and then hidden from human users with JavaScript or CSS.

Bots, however, will still recognize the field as legitimate and fill it out. If the field is filled out, the form is automatically rejected.

The benefit of the hidden form field is that it doesn’t impact the user experience.

For the most part, legitimate users never even know it’s being implemented, and your forms are still protected from spambots.

However, there is a downside for users who have any sort of auto-fill feature or screen reader that populates fields for them. These tools might see the invisible fields and auto-fill them the way a spambot would, causing the form to be rejected.

So it’s not a perfect solution by any means. But it is a good one if you know a little code and you don’t want to mess around with reCAPTCHA.

To enable honeypot spam fields in Gravity Forms, do the following:

1. Go to the WordPress admin menu > Forms
2. Hover over the form you want to edit, then hover over Settings, and click Form Settings
3. At the bottom, check the box for Enable Anti-Spam Honeypot
4. Click Update Form Settings

Here’s what the anti-spam honeypot option looks like:

Be sure to track your form submissions after enabling the honeypot method.

If you’re still receiving too much spam, you may need additional help via a plugin like Akismet to help fight spam site-wide.

Solution #3: Akismet Plugin Integration

Another option that can be used alongside either of the above solutions is to use an anti-spam plugin like Akismet.

The nice thing about using a plugin is that a lot of the work is done for you. Aksimet, for example, has its own testing system for monitoring comments, trackbacks, and pingbacks on your website.

Unlike the other options on this list, Akismet might cost you some coin.

They do have a free option which will fight against spam, though their higher level features (like stats) are only available under their “Plus” plan or above.

But if your site suffers from a lot of spam, it might be worth the investment, especially if you have reCAPTCHA (or you loathe reCAPTCHA) and it’s just not working for you.

Akismet is totally compatible with Gravity Forms.

To install it, simply search for it under Plugins > Add New on your WordPress Dashboard.

For the most part, Akismet is an out-of-the-box solution for protecting your site against spam.

But it won’t protect against everything. If you’re still seeing a lot of spam, consider using more than one approach from this list to ensure maximum protection.

[content_upgrade cu_id=”12192″]Don’t like any of the above solutions? Here are 7 more options you can try[content_upgrade_button]Click Here[/content_upgrade_button][/content_upgrade]

Final Thoughts

There is no perfect solution when it comes to stopping spambots… yet, anyway.

As technology and AI (and Google’s algorithms) continue to evolve, we might see another more successful option appear later on down the road.

Or Google could release a newer version of reCAPTCHA that does the job better than previous iterations.

But until then, your best bet is to work with the solutions that are available.

Install security plugins, work with the latest form of reCAPTChA, and watch your form submissions closely.