Blog

Five Things to Stop Receiving Spam from Your Website

Five Things to Stop Receiving Spam Spam from your Website

Tired of your inbox being filled up with spam emails? It’s not just you. Junk email accounted for 45.1% of global e-mail traffic as of March 2021. Although this feels high, it is still on the decline, down from 55% in 2018 and a staggering 69% in 2012.

In this post, we reveal five things you can do to reduce the amount of spam in your inbox by making changes to your website.

How to Stop Spam

#1 Use Google reCAPTCHA

Google reCAPTCHA is a captcha service that can help assist you in preventing forms from being filled out by spambots.

There are two versions of reCAPTCHA. Version 2 requires a user to tick a box:

Google reCAPTCHA box that is not ticked

Much of the time, a site visitor merely ticks the box for it to be accepted.

Google reCAPTCHA box that has the green tick

Occasionally, the Google reCAPTCHA won’t accept the tick and will challenge you to make sure you’re human. Often, this will be clicking on squares of an image:

Google reCaptcha Challenge

Version 3 meanwhile, is hidden from site visitors and works in the background. You’ll know if it’s working and installed properly when you see the “protected by reCAPTCHA” label on the page:

Google reCaptcha Version 3

If you’re using regular HTML and CSS, Google provides a site key and secret key that are then implemented into your website.

For WordPress sites, form plugins will ask for the site key and secret key, which you can copy and paste from the admin console. For example, Contact Form 7 provides instructions on how to implement in version 2 and version 3.

As a side note, they can also be placed on login pages to help deter hackers from using automated scripts in an attempt to gain unauthorised access to your website.

#2 Change Direct Email Addresses

Captcha can help stop spammers, but they don’t stop bots from scraping your website for information like email addresses. It’s easy for them when emails are written in a format like [email protected].

As an alternative, consider removing your email addresses from the website and utilise a contact form in its place to cut back on the spam.

#3 Make Your Domain Information Private

When you purchase a domain, information is added to the domain registry, including email addresses.

Nowadays, it’s much easier to request your domain and hosting provider to make your information private. You’ll usually be offered this when you purchase the domain, or you can ask your hosting provider but may incur a small charge to make the change.

More Tricky Options

There are more advanced options you can use to cut back on spam, but you should be comfortable with writing code for websites. If you’re not sure and are struggling with spam issues, please contact XHost for free, a no-obligation quote.

#4 Add a Honeypot Field to Your Form

Most bots are simple and aren’t particularly smart. They’ll often fill in every field and this can be the key in stopping them.

A honeypot field is a field no human user will see since it’s hidden, but unless a bot has been configured to detect otherwise, it will look just like a regular field to be filled in. And when it is, the JavaScript or server-side PHP can be coded to detect a spammer and prevent the form from submitting.

If you have a WordPress site and are using Contact Form 7, the plugin “Honeypot for Contact Form 7” makes it easy to deploy.

For those on static HTML, CSS and JS websites, have a look at this simple but elegant solution from Felippe Regazio.

#5 Configure Your .htaccess File

You can add a series of rewrite conditions to your .htaccess file that sits at the root of your website directory. It tells your web server software like Nginx or Apache how to handle a wide range of things on your website.

One of those things can be blocking spammers so they can’t see your site and therefore any forms.

Check out this answer on Stack Overflow as an example of what can be done.

Important Note: Always make sure you know what changes you are making and never blindly copy and paste code.  Also make sure you backup your .htaccess file before editing or it could break it for your human visitors.

Summary: Five Things to Stop Receiving Spam from Your Website

  1. Use Google ReCAPTCHA to verify real humans are submitting forms
  2. Remove your email address from your website or make it a link with text like “email us”
  3. Have your domain registry information made private
  4. Add honeypot fields in your forms to find and stop the bots
  5. Add commands to you .htaccess file

XHost UK is always there to help. For more information, have a look at our services pages or contact us for a friendly chat about your website.