If you’ve ever been on the internet before, you’ve heard about or experienced spam. Whether it was an unwanted pop-up or email, every one of us has been exposed to an irritating and unwanted ad. Spam isn’t just annoying ads though. I’ve had to help our clients fight against bots filling out forms, sexually explicit comments about Viagra or worse, and other annoying forms of spam. It’s malicious, it’s harmful, and I’m pretty sick of it. My clients are too.

There’s a good chance you’ve had a credit card exposed or been a victim of some other leak, but now there are ways we can protect ourselves and our users. There are a ton of new spam-fighting techniques - but where do you start?

Hackers are constantly evolving, but so is the technology we use to protect ourselves from them. As website owners and managers, we’re the ones responsible for preventing any and all of this. That’s why I’ve put together a list of advanced spam-fighting techniques that you need to be using on your websites.

Website Spam Fighting Methods

The Honey Pot Technique

Spam bots are smarter than you think, but that’s something you can use to your advantage. “Honey Pot” is a popular term these days. Honeypots are a form of captcha that can help save your sites from spambots. The technique will create a hidden link or input field in a form that is hidden for humans – basically CSS hides it. When the spambot finds and interacts with that field, because it’s been lured, the captcha recognizes the bot and prevents it from doing whatever it was programmed to do.

Contact Form 7, which I use all the time for contact forms on WordPress, has a plugin to add a honeypot. Gravity Forms, another WordPress plugin, has one as a built-in option. I’ve used both plugins and techniques to help protect my clients and you should too.

Screenshot of a video where Marc audits a website, overlaid with a play button

Free 5 Minute Video Website & SEO Audit

Delivered right to your inbox

It might be the least effective method but considering the honey pots don’t impact the user experience, I think it’s a good first step to securing your site. Once you’ve lured those pesky bots with the technique, they’ll be dealt with.

Utilizing reCaptcha

Who doesn’t like a free service? I know I do. Thanks to Google, you can use reCaptcha for the small price of nothing. We use it all the time on our contact forms and you should be too since you can find it on both Contact Forms 7 and Gravity Forms. All a user has to do is select that they are not a robot and they’ve passed Google’s Turing test, right? Nope.

Google goes a couple of steps beyond that. reCaptcha creates an unreadable problem for bots. Because most bots are preprogrammed, they can’t “figure out” problems the way you and I can. By adding a simple form with images, you can prevent malicious software from completing their mission.

Google also spends significant resources constantly improving its system, making sure that spammers can’t easily manipulate it. That’s a win for you and an easy loss for spambots. Unfortunately, reCaptcha can bug users with some frustratingly odd puzzles, but considering they’ll keep their data I promise it’s worth the hassle.

As a spam prevention method, this one is pretty bulletproof. It will stop 95% of spam. Bot makers are smart and the good ones can bypass some reCaptchas.

Cloudflare Firewalls

Threats come from anywhere these days - and I mean everywhere. Some nations don’t regulate cyber security in the same way other countries do. That means that cyber threats can come from illegal outfits in countries like Russia, China, or India. Cloudflare firewalls are the most advanced way to fight that threat. This is a pretty extreme option, as you can effectively blacklist or challenge entire countries from accessing your website or purchasing from your online store.

It will require some DNS configurations, but you’ll up your security levels against growing threats. The only users who have to be worried are the ones doing some bad shit, otherwise, there’s no impact.

Wordfence on WordPress

WordPress is a web content management system that is beloved by users all over the world, especially me. It also comes with a few nifty tools like Wordfence. I’ve used it for years on every one of our WordPress sites and we’ve never had a hack while using it, making it one of our top choices.

WordPress itself is a great system, giving users access to a large number of plugins like, Yoast SEO, to optimize or protect their websites. Wordfence is one of the many security measures that WordPress plugins offer, with several ways to protect your users from malicious malware or hacks. You can schedule scans, set up a firewall, or even add login security protocols. If Wordfence catches anyone doing something suspicious, it immediately blocks their IP address from the website.

BOOM, just like that, bad users are gone! Considering it protects over 4 million websites, I’m not surprised that Wordfence is the most popular security plugin on WordPress.

Protecting Your Login URL

I hate to tell you, but it’s not always a great idea to have an easily accessed login page. It makes it easier for some users but leaves you vulnerable to breaks from bots trying to brute force their way through that page. Thankfully, WordPress plugins and other systems are here to save the day by… changing the URL.

Using plugins like WPS Hide Login will reduce the number of attacks on your website and reduce malicious login attempts by simply changing the login URL. A simple trick to keep your website squeaky clean and free from virtual breaks.

Optimizing Security and User Experience

So now you’ve covered your website in security measures. Great idea, right? The only problem is that your website is a nightmare, forcing users to complete multiple forms of identity verification just to order. Think about the user experience when adding any of these plugins, because most will have an effect. Yes, I want my users to be secure, but I also don’t want them to hate using my websites.

When trying not to piss your web traffic off, use Honey Pot security measures that filter out bots without users even noticing. Then, for an added layer of protection, integrate reCaptcha, which also has its own invisible option. No matter what you do some users will always be annoyed, but at least they’ll be protected. And, normally, these 2 forms of protection will be enough and you’ll see a huge reduction in spam.

Fighting Manual Spam

So, you’ve managed to handle the bots, but what about actual people?

Manual spam is human-created. Whenever someone uses false info to fill out a form or post a link, they’re creating manual spam. Most of the time reCaptcha is enough, but really good bots and manual spam can get through and cause problems.

I’ve found that most people doing this are from the following countries: Russia, India, and China. This is where you’d want to use Cloudflare to block these countries.

Monitoring and Evaluating Your Success

I bet you’re wondering just how you’re going to know all of your new security measures are working. It’s not that easy to tell at first, which is why there are many web vulnerability scanners like Cloudflare. They can analyze your site and give you a report that either proves you’ve made the right calls or offers you some tips to improve protection.

Another test you can do is to look at the number of spam emails, comments, or fake accounts being made. Have they been reduced? If so, keep using those strategies. Drops in comments and emails might have you sweating with worry, but that just means that you’ve started to filter out the crap and make a safe environment for your web traffic.

Keep online visitors safe and they’ll turn into happy customers.