How to Stop Contact Form Spam in Joomla (Ultimate Guide For Beginners)

Published in Blog by Tassos Marinos on Monday, 01 August 2022

How to Stop Contact Form Spam in Joomla (Ultimate Guide For Beginners)

Are you looking for a way to stop contact form spam in Joomla forms?

The contact forms on your website can be easily abused by spammers and bots if the anti-spam mechanism is not properly implemented. Fortunately, to prevent spam through Joomla contact forms, you can use Convert Forms.

Convert Forms is a powerful Joomla Contact Forms Extension Builder that offers plenty of advanced features to help you create spam-free contact forms effortlessly.

In this post, we’ll guide you on how to reduce contact form spam using the anti-spam tools of Convert Forms.

Before we start, let’s first understand what contact form spam is.

Table of Contents

What Is Contact Form Spam?

stop joomla form span15

Contact form spam, as the name defines it, is a type of spam that is sent through contact forms on websites.

Generally, spammers fill out the contact form with false information containing links to malicious websites, phishing links, and promotional messages.

In some worst cases, these spam messages also included links with malware that spread viruses and might infect your whole site on clicking.

Contact forms work as a bridge between the outer world and your website; thus, spammers and hackers also find them an easy source to send spam & enter into your websites.

Whether you’re running a personal blog or enterprise website, or a large eCommerce store, contact forms are necessary to establish a connection with your site visitors and prospective buyers.

That’s why you need to use a powerful anti-spam tool that stops unsolicited emails & protects your site from being exploited by bots, hackers, and spammers.

How to Stop Contact Form Spam

Convert Forms is the best contact form extension for Joomla. Not only does it allow you to create different types of online forms, but it is equipped with advanced anti-spam features to reduce fake registrations and stop spam email messages.

Convert Forms includes a built-in honeypot anti-spam feature, and you can also add Captchas to your forms, block certain email addresses, and more.

Having said that, let's go over the different ways to prevent contact form spam in Joomla.

1. Native Honeypot Anti-spam Security

Before we discuss the Convert Forms' native Honeypot anti-spam feature, let's first understand what Honeypot is.

Honeypot is a spam prevention mechanism that lures and traps spambots by adding an invisible field to your contact forms.

To create a Form HoneyPot Trap, you need to add scripts to your contact form pages, which is a bit time-consuming and technical for beginners.

If you don't want to get entangled in all technicalities, you can simply use Convert Forms for your Joomla sites.

Convert Forms come with a built-in Honeypot anti-spam feature, so it doesn't require adding a single piece of code to your web pages.

If you just started using Joomla and are looking for the fastest and simplest way to secure your contact forms, Convert Forms is the best tool.

How Do You Add Honeypot to Contact Forms in Joomla?

Honeypot anti-spam protection is automatically enabled on each form you create using Convert Forms. If you want to locate and ensure that the anti-spam is enabled in your contact forms, follow these steps:

First, create a new form or edit an existing form. Once done, click on the Settings icon on the left toolbar.

stop joomla form span10

Open the Behavior Tab and make sure the Enable Anti-Spam Honeypot option is toggle-on.

stop joomla form span14

There you have it! This is the most flexible and easiest way to add Honeypot spam protection features in Joomla contact forms.

Let’s look at another anti-spam tool you can use with Convert Forms.

2. Protect Contact Forms Using reCAPTCHA

reCAPTCHA is a free and commonly used CAPTCHA service offered by Google. It helps you detect spam and protect your site from bots and other automated attacks.

stop joomla form span20

Google's reCAPTCHA is more advanced than the traditional CAPTCHA. Its reCAPTCHA verification process is based on artificial intelligence that helps it understand human behavior and distinguish between real users and bots by displaying different puzzles and running CAPTCHA tests.

As of now, there are three types of Google's reCAPTCHA version available:

  • Checkbox reCAPTCHA v2: In this version of reCAPTCHA, users must click the checkbox to verify that they aren't bots. Usually, a text with the words "I am not a robot" is displayed next to the checkbox. If users' activity is found suspicious on the page, they might be asked to do an image verification test to verify that they are real.
  • Invisible reCAPTCHA v2: This version of reCAPTCHA doesn't add a checkbox; instead, it works secretly and detects the user behavior to identify if the visitor is human.
  • reCAPTCHA v3: reCAPTCHA v3 is the most advanced of all the CAPTCHA types. Unlike the above two reCAPTCHA types, v3 works in the background. Its process is based on Java scripts and helps you detect abusive traffic on your website without user friction.

How to Add Google reCAPTCHA to Joomla Contact Forms Using Convert Forms

Now that you know what Google reCAPTCHA is, let's see how you can integrate Google reCAPTCHA with contact forms in Joomla.

With the current version of Convert Forms, you can integrate Checkbox reCAPTCHA V2 and Invisible reCAPTCHA V2.

We are working on adding reCAPTCHA V3 to Joomla Forms using Convert Forms and will release it soon.

Add Checkbox reCAPTCHA v2 to Joomla Forms

This version of reCAPTCHA displays the "I'm not a robot" checkbox that requires users to click a checkbox to prove the user is not a robot.

stop joomla form span35

Let's see a step-by-step process of adding the checkbox reCAPTCHA v2 to Joomla forms using Convert Forms.

Generate reCAPTCHA Keys

To enable reCAPTCHA; first, we need to generate Google reCAPTCHA API keys and connect them with Convert Forms.

To get your keys, log in to your Google account and open the Google reCaptcha site.

Once the site opens, click on the v3 Admin Console button present at the top.

stop joomla form span10

Next, you'll be redirected to a page where you need to fill in details to register your site for reCAPTCHA.

The first step is to fill out the Label field. If you wish, you can add the name of your website or any other name of your choice. The label name will help you to recognize the keys later.

stop joomla form span7

Afterward, you need to choose the reCAPTCHA type. Here we are generating keys for the Checkbox reCaptcha, so select reCAPTCHA v2 and then the "I'm not a robot" Checkbox.

stop joomla form span32

Once you select the reCAPTCHA type, you will need to enter the domain address of your website. Enter the full domain name without https://.

stop joomla form span4

Fill in all the required details, and click the Accept checkbox. If you like to receive notifications about your reCAPTCHA, you can click the second checkbox.

stop joomla form span6

Lastly, click the Submit button to save your details. 

As soon as you click the Submit button, you'll be redirected to the page showcasing your Site key and Secret key.

stop joomla form span23

Copy your reCAPTCHA keys and head over to your Joomla site.

Select reCAPTCHA Type in Convert Forms

We need to paste the keys into Convert Forms. To do that, open your Joomla administration environment and click Components > Converts Forms.

stop joomla form span28

This will open the settings page of Convert Forms. Click on the Options box. 

stop joomla form span28

On the next page, you'll find multiple tabs. Select reCAPTCHA from the tabs across the top. Once you click on the icon, you'll see settings for reCAPTCHA on the bottom. Here you need to add the Site key and Secret Key.

stop joomla form span24

Paste the keys and click Save.

Create a New Form or Edit an Existing One

Now that we have completed all the necessary settings, it's time to enable reCAPTCHA on your form. You can create a new form or edit an existing one as per your preference.

To create a new form, go to the main administration menu and click Components > Convert Forms.

On the next screen, click on the New Form tab.

stop joomla form span22

This will open a pop-up box containing pre-built form templates offered by Convert Forms. You can choose any form template or also start from scratch.

stop joomla form span26

Once you choose your template, you'll be taken to the form builder dashboard of Convert Forms. 

stop joomla form span11

Using the form builder, you can add, edit and remove form fields just with a single click. 

Add Checkbox reCAPTCHA Field to Your Form

Now we have our form ready, next, we just need to add the reCAPTCHA field.

On the left, select Add Field tab, look under the Advanced Fields section and click on the reCAPTCHA field.

stop joomla form span28

Following that, you have the option of choosing the reCAPTCHA Theme and Size in the respective field settings.

Also, if you want to hide the field name, you can do that too.

stop joomla form span15

Choose the theme and color of the reCAPTCHA and click on the Save button.

stop joomla form span18

Great! You've successfully added the checkbox reCAPTCHA field to your Joomla forms.

Add Invisible reCAPTCHA v2 to Joomla Forms

Unlike the visible reCAPTCHA, the invisible reCAPTCHA doesn't require the user to click on a checkbox; instead, it displays challenges to users when they detect suspicious behavior during form submission..

There are different types of keys used in each of the reCAPTCHA methods. So, if you decide to switch from one type of Google reCAPTCHA to another, you'll have to generate new keys.

So for adding invisible reCAPTCHA to your Joomla Contact forms, we need to generate new keys. 

Generating keys for invisible reCAPTCHA follows the same process we've mentioned above. Check out this link for all the required details.

3. Secure Your Forms Using hCaptcha 

hCaptcha is another free anti-spam tool that helps you fight spam and protect your website from hackers. It works similar to Google's reCAPTCHA and stops fake form registrations by showing challenges to visitors. If visitors successfully complete the challenge, it will allow visitors to fill out the form.

stop joomla form span33

If you're looking for a Google reCAPTCHA alternative, hCaptcha is the best tool. Also, their privacy policy is compatible with recent regulations such as GDPR and CCPA.

For website owners concerned about their site's privacy & user data when using a spam protection tool, hCaptcha might be a good solution.

Further, hCaptcha supports both Checkbox hCaptcha and Invisible hCaptcha, so you can choose the hCaptcha type that works best for your website.  

How to Add hCaptcha to Joomla Forms

Integrating hCaptcha to Joomla forms requires advanced coding knowledge and a tedious process of adding HTML codes to your web pages.

Convert Forms is the best tool that makes adding hCaptcha to Joomla super easy and convenient.

It has a built-in integration that allows you to add hCaptcha to your Joomla contact forms without writing a single line of code.

So let's see a step-by-step guide on how to add hCaptcha to Joomla forms using Convert Forms.

Generate hCaptcha Keys

To connect the hCaptcha service with Convert Forms; first, we need to generate the hCaptcha Site and Secret keys.

Open the hCaptcha site and create a new account by clicking the Sign Up button.

stop joomla form span19

hCaptcha is a freemium service, and you can choose its free or pro version depending on your website traffic. For starting, we suggest you go with a free plan and later update to a pro plan for additional features. 

To use the free plan, click the tab under Add hCaptcha to your service (free).

stop joomla form span16

Next, you need to sign up for your hCaptcha account. You can sign up directly using Github or Google accounts or add custom details.

stop joomla form span12

Once you create your hCaptcha account, you'll be taken to the welcome page. Click the Continue button.

stop joomla form span27

This will redirect you to your hCaptcha account dashboard. Here click on the New Site button.  

stop joomla form span36

A new page will open, where you need to fill out a form and add site details. 

The first field you'll see here is the Add New Sitekey. You can add a specific name to this site key, but this is only for your reference and not mandatory to fill.

stop joomla form span8

The next section is General Information. Here you need to add Hostnames (optional), choose hCaptcha Behavior, and select Passing Threshold type.

Once you add all details and choose your preferences, click the Save button on the upper right corner of the page.

stop joomla form span5

Next, you'll be redirected to the site key's settings page. Click the Settings button to get your site key.

stop joomla form span31

Once you click the Settings button, a new page will open. Under the Sitekey Settings tab, you'll find your site key. Copy your Site Key and paste it somewhere on your desktop.

stop joomla form span21

Next, we need the Secret Key. To get your key, click on the profile icon at the top of the page.

stop joomla form span21

A list of options will open. Click on the Settings option.

stop joomla form span2

On the Settings page of hCaptcha, you'll find your Secret key. Copy the key and head over to your Joomla site.

stop joomla form span25

Select hCaptcha Type in Convert Forms

Now we have both the Site key and Secret key ready. It's time to enable hCaptcha in your forms. First, open your Joomla administration environment and click Components > Converts Forms.

This will open the settings page of Convert Forms. Click on the Options box. 

On the next page, you'll find multiple tabs. Select hCaptcha from the available tabs options.

Once you click on the hCaptcha icon, you'll see fields to add Site Key and Secret Key. Paste the keys and hit the Save button.

stop joomla form span29

Add Checkbox hCaptcha to Joomla Forms

Now, you can add hCaptcha to your Joomla forms. Create a new form or edit an existing one using Convert Forms.

Once you're in the Convert Forms form builder dashboard, add a hCaptcha field to your form.

stop joomla form span17

Further, you get multiple customization options for your hCaptcha field:

  • You can select the hCaptcha type: Checkbox or Invisible.
  • Choose hCaptcha theme: Light or Dark.
  • Select hCaptcha box size: Normal or Compact

stop joomla form span30

And that's it! This is how simple it is to add hCaptcha to Joomla Forms using Convert Forms.

4. Add Math CAPTCHA

Another spam protection method that you can use to secure your Joomla forms is Math CAPTCHA. As the name says, this type of captcha requires users to solve a mathematical problem to prove they are human.

In order to add a Math CAPTCHA to your form, you must be familiar with PHP and HTML.

Don't know how to use PHP & HTML, worry not! We have covered you with Convert Forms' built-in functionality to add Math CAPTCHA to your Joomla forms with just a click.

With Convert Forms, you don't need to write a line of code or generate keys to add a Math CAPTCHA to Joomla forms. To enable Math CAPTCHA, create a new form or edit an existing Joomla form. 

Add Math CAPTCHA to Joomla forms

Once you’re in the form builder editor, head over to the Add Field tab, look under the Advanced Fields section, and click on the Math Captcha field.

When you click on the field, you’ll see a math problem displayed on the form, and setting options open up on the left.

The form field will automatically display a randomly generated math question that site visitors need to solve before submitting their form on your site. A new math problem will appear whenever the page loads or refreshes.

This is how simple it is to add Math Captcha to your Joomla forms!

5. Block Email Addresses or Email Domains

Captchas are effective in stopping automated bots, but not humans. 

With the intent of promoting products, increasing traffic on sites, or for any other malicious intent, people fill the form on your site and send you tons of spam emails.

It's not easy to stop them from using Captcha services as they are real visitors. The best way to stop contact form spam generated by humans is to block their email addresses and email domains. 

To block specific email addresses or domains, use the code snippet shown below. Copy the code and place it into the PHP Scripts >> Form Process area of your form.

// You can add as many email addresses as you'd like to this list.
$blacklist = [
    '[email protected]'

// The name of the field representing the email address input
$field_name = 'email';

// The error message to show when an invalid email address is submitted
$error_message = 'This email is not allowed';

// Do not edit below
foreach ($blacklist as $blacklist_email)
    if (stripos($post[$field_name], $blacklist_email) !== false)
        throw new Exception($error_message);

6. Block Form Submissions Containing Profanity (Bad Words)

Blocking email addresses is one way to stop spam submissions from human visitors. Another method you use to stop the spam bypass Captcha is to create a list of expletive words.

Create a list of bad words you would like to filter out, and then add the below code snippet into the PHP Scripts >> Form Process area of your form.

// The list of not allowed words
$not_allowed_words = [

// The Field Name where search will be performed against the not allowed words
$field_name = 'text';

// The helpful message that will appear if bad words are found
$error_message = 'Your text contains words that are not allowed.';

// Do not edit below
foreach($not_allowed_words as $word)
	if (stripos($post[$field_name], $word) !== false)
		throw new Exception($error_message);

This PHP snippet is quite helpful for users also, as when a user submits a form, and one of the words you've listed occurs in it, this PHP snippet will additionally show them a warning message.

7. Custom Validations With PHP

Convert Forms is developer friendly and allows you to create custom validation fields for your forms.

For example, the below-shown code snippet displays an error message when the field message exceeds the characters' limit.

$max_chars = 50;
$error = "Maximum character limit reached.";

if (strlen($post["message"]) > $max_chars) {
   throw new Exception($error);

If you have experience with PHP and MySQL, you can add as many custom validations in the PHP Scripts section of Convert forms.

What Is the Best Method to Stop Spam in Joomla?

Still, questioning? Which spam-protection method works best for you?

If you're a beginner and just started using Joomla forms, we suggest you go with the native Honeypot Anti-Spam feature of Convert Forms.

It's a user-friendly and built-in feature, so you don't have to make any extra efforts.

You can add Google reCAPTCHA or hCaptcha to your contact forms if you're looking for advanced protection and extra security.

If you're familiar with HTML codes, you can use code snippets to protect your form from spam.

And that's it! These are some proven methods to block and reduce contact form spam in Joomla.

I hope this post helps you build secure and protected online forms.

Join over 41,500

Subscribers to get Free Joomla! tips, extension updates, and deals!