cultivate logo

How to Keep Bots from Spamming Your Contact Forms


With the rise of artificial intelligence, spam bots are getting even more difficult to fend off. You may have already noticed that your contact forms are receiving more submissions than they used to. Letting bots through can bog down both your staff and your server. High quantities of fraudulent usage can be prevented by ensuring your site is equipped with a cutting-edge front line of defense.

Step 1: Install Google reCAPTCHA

Google reCAPTCHA Basics

The free reCAPTCHA service is a security measure implemented by Google to protect websites from spam and abuse. It helps differentiate between humans and automated bots attempting to submit forms on websites. reCAPTCHA works by presenting users with various challenges or tests to prove that they are human. The most common form of reCAPTCHA is the “I’m not a robot” checkbox, where users simply need to check the box to confirm their humanness. However, more advanced versions of reCAPTCHA may include additional tasks, such as image recognition or audio challenges, to provide a higher level of security.

When a user interacts with a reCAPTCHA-enabled form, the reCAPTCHA system analyzes various factors, including mouse movements, click patterns, and browsing behavior, to assess the likelihood of the user being a bot or a human. It also takes into account the user’s IP address and browsing history. If the system detects a high probability of the user being a bot, it may present additional challenges to further confirm their authenticity. For instance, the user may be asked to select specific images that match a given description or solve a puzzle.

By implementing reCAPTCHA, website owners can significantly reduce the number of spam form submissions. The system effectively blocks automated bots from submitting forms, as they typically fail to complete the reCAPTCHA challenges accurately. This helps ensure that genuine users can interact with the website while keeping unwanted spam submissions at bay.

Google reCAPTCHA Pros & Cons

Key advantages:

  • Google typically stays one step ahead of the average spammer
  • reCAPTCHA is utilized by millions of websites and adapts to spam trends across that entire network
  • Compatible with almost all website and contact form providers

Drawbacks:

  • reCAPTCHA pulls in a lot of code which can slow down your site and lower your PageSpeed score
  • Having to complete a captcha may deter a small percentage of users from submitting a form

Step 2: Route Traffic Through Cloudflare

What is Cloudflare?

Cloudflare is a publicly traded company that provides a suite of services aimed at enhancing the performance, security, and reliability of websites and online applications. It operates as a content delivery network (CDN), reverse proxy, and DNS provider, offering a range of features to optimize and protect websites. The basic premise is that you point your domain name to Cloudflare as an intermediary between users and your website host.

Cloudflare acts as a reverse proxy by sitting between the website server and the user’s browser. This positioning allows Cloudflare to filter and inspect incoming traffic, blocking malicious requests, spam, and DDoS attacks. It employs various security measures, including web application firewall (WAF) rules and rate limiting, to safeguard websites from common threats.

Cloudflare also offers DNS services, allowing website owners to manage their domain’s DNS records efficiently. This includes features like DNSSEC, which adds an extra layer of security to the DNS infrastructure. SSL/TLS encryption is also applied to enable secure HTTPS connections, protecting the confidentiality and integrity of data transmitted between visitors and the website server.

Overall, Cloudflare acts as a protective shield and performance booster for websites, helping to ensure their availability, security, and fast loading times. It is widely used by businesses of all sizes, including small websites, large enterprises, and even internet giants, to improve their online presence and user experience. It can be particularly beneficial for small to medium-sized websites that may not have the resources or infrastructure to handle large-scale DDoS attacks or optimize performance on their own. The free plan is typically sufficient.

Google reCAPTCHA Pros & Cons

Key features:

  • Cloudflare provides robust distributed denial-of-service (DDoS) protection using their vast network infrastructure to mitigate attacks
  • Firewall rules can be setup to block malicious traffic
  • Acting as a shield, Cloudflare absorbs the cost of bot traffic and keeps your server from getting bogged down

Potential issues:

  • Part of Cloudflare’s methodology involves caching (saving a copy) of webpages, which can cause issues with websites that include their own caching mechanism
  • Verifying an SSL certificate (like Let’s Encrypt) on your server is slightly more complex when traffic routes through Cloudflare

Step 3: Block Traffic from Other Countries

Should I block traffic from foreign countries?

If your website caters only to a local or regional audience, blocking traffic from foreign countries is a worthy option to consider. You can potentially improve website performance by reducing server load and optimizing resources for the intended users. If you have identified specific regions or countries that are a significant source of malicious traffic, hacking attempts, or spam, blocking traffic from those areas may help mitigate security risks. This approach can reduce the potential attack surface and provide an additional layer of protection for your website.

A block on traffic outside your market can also have legal and compliance benefits. Some industries or organizations have different requirements in foreign countries that mandate restricting access to services or data. This can be related to data privacy, export controls, or other regulatory obligations. In such cases, blocking traffic from specific countries could prevent your website from falling outside the local laws in that region.

Do note that users from your target audience will also be blocked when they travel abroad or use an international VPN. For this reason, it is typically best to setup a “challenge” rather than an outright “block.”

How to Implement Geolocation Controls

Best Option: Cloudflare’s JavaScript Challenge

The built-in firewall in all Cloudflare plans allows webmasters to add custom rules. Visit the “Security” tab and click “WAF” (web application firewall) to view your current ruleset. Apply a new custom rule to all traffic outside your target region: Set the rule to “JS Challenge” those visitors, which means Cloudflare will prompt a JavaScript challenge that functions much like Google’s reCAPTCHA. The majority of bots cannot pass this challenge and will not be able to reach your site, but real human users can easily pass through it.

Strongest Protection: IP Address Blocking

If your website does not have Cloudflare or needs an absolute block on traffic from certain regions, the best method is to block all devices within those regions’ IP address ranges. WordPress sites can set this up by installing a plugin and most others can do so by editing their “htaccess” file on the server. This option will prevent bots and real users from viewing the site, so be careful not to include any regions that host customers, employees, or even software that is connected to your website.

Recent Articles

Back to Blog
Web Design & Development

How to Keep Bots from Spamming Your Contact Forms
With the rise of artificial intelligence, spam bots are getting even more difficult to fend off. You may have already...
Discover More
Blog SEO Web Design & Development

A Comprehensive Guide to Domain Changes
Any seasoned SEO professional will tell you that changing your domain name will have purely negative SEO consequences. Even if...
Discover More
SEO Web Design & Development

What is Lazy Loading?
Lazy loading is a growing trend in web design. It’s gained popularity since Google started showing a stronger emphasis on...
Discover More

Dominating Competition with SEO-Infused Websites

A beautiful website is only as effective as its visibility. That’s why our approach to web design and development, intertwined with proprietary SEO best practices, creates the foundation for dominating your market. We seamlessly integrate search engine optimization into your website’s architecture, ensuring it ranks well on Google and other popular search engines. Our team employs proven on-site and off-site SEO strategies—optimizing the site’s architecture, key elements, page speed, and mobile responsiveness are just some of the basics you can expect when working with Range. The result? A website that not only captivates your audience but also attracts organic traffic.

More About SEOView all services

Stunning Website Design & Development

As a business owner in today’s digital culture, you absolutely need a website to reach customers. Your website should not only look nice, but also help you achieve your unique goals every single day. At Range Marketing, we’ll custom build your beautiful, mobile-friendly website with a focus on conversions, without losing sight of your brand ideals and goals.

More about webView all services

Headless E-Commerce

Harness the power of native/headless e-commerce to take your dispensary’s online presence to the next level. Unlike traditional platforms, headless e-commerce gives you the freedom to custom-brand your menu, seamlessly integrate shopping CTAs throughout your entire site, and unlock more robust SEO benefits. This flexibility allows you to craft unique, seamless shopping experiences across all devices and touchpoints. Plus, with our AI-driven Cannaboost product, you can supercharge your site’s SEO performance while keeping it fast, responsive, and visually stunning. If you’re aiming to scale your business or outpace the competition, headless e-commerce delivers the agility and innovation you need to thrive in the modern cannabis market.

More about HeadlessView all services

Captivating Content That Ranks

In the SEO world, content is still king, and we know just how crucial it is in today’s digital landscape. Beyond stunning design, our website development services include top-tier content creation and integration. We craft SEO-optimized content that doesn’t just look good but speaks directly to your target audience, driving engagement and results.

View all services

Data-Driven Insights for Informed Decisions

Data-driven decision-making is at the core of our web design and development strategy. We provide real-time dashboard analytics to give you actionable insights into your website’s performance. Our customizable dashboards offer a comprehensive view of key metrics, such as traffic, user behavior, and conversion rates. This empowers you to make informed adjustments and optimizations, ensuring that your website continues to evolve and meet your business objectives effectively.

View all services

We Can’t Wait to Meet You.

We will take a close look at your business and your current website. One of our experts will contact you with informed analysis and a plan to grow your business. Request a free analysis:

(716) 240-9140

  • This field is for validation purposes and should be left unchanged.
Company Logo 1
Company Logo 2
Company Logo 3
Company Logo 4

Our results speak for themselves! Book Now!Free website evaluation

We drive traffic & leads to small businesses.

Enter your company's information below: