Heat Level: 
Mild: These tips are beginner-friendly.
Bottom Line: How annoyed do you get when you receive a new lead from your website... only to see that it's spam? While most spam sent to you from your website's contact form is harmless, it can be an obnoxious waste of time. Worse, it can be a sign of scammers trying to exploit weaknesses in your site.
Do This: Tighten up the reins to secure your site. This handful of security checks will help reduce the number of spammers and scammers trying to slide into your inbox.
Spam. We all hate it.
And we’re not talking about the stuff that comes in a can. Spam is the pet peeve of any website owner who just wants to receive quality leads and subscribers. But it's especially frustrating for Realtors who rely on email as their primary form of communication and lead generation.
From a digital perspective, spam occurs when unsafe entities or bots send unsolicited messages through contact forms, leave comments on page posts, or sign up for newsletters with the intent to do harm and compromise your website’s security.
If you’re tired of getting weird and obscure contact form submissions or spam comments and subscribers, this guide will teach you how to tighten up your website’s security.
Spammers look for several ways to hijack your site or use it for their own personal gain by scouting for any vulnerabilities within your website’s contact or signup form. They can then send emails to your contact’s inboxes making it look like the email came from your company but with links to their website instead of yours. The spammer then gets traffic and engagement thanks to your domain authority.
Spammers can also take advantage of your site’s comment section by posting links and promotional messages for their own website. This tactic allows spammers to gain link equity and bolster their own SEO efforts using your site.
Spammers may also just scour the internet and gather email addresses to sell to other spammers which can lead to an influx of unwanted comments or emails.
Regardless of whether or not your contacts click on these links or open these messages, spammers ruin your site’s reputation and take away precious time you could be spending nurturing quality leads.
Ready to do something about it? Good. Read on to learn how to secure your site’s forms and comment section.
This nifty tool from Google is a good first line of defense for protecting your site. reCAPTCHA works by prompting users to take a small test before submitting a form entry or any other online request. This helps weed out bots and separate spam submissions from real human submissions. If you’ve ever been asked to click on tiny boxes to confirm you’re not a robot before submitting an online request, you’ve used reCAPTCHA before. Learn more about reCAPTCHA and how to add it to your site.
reCAPTCHA is a widely-used application for thwarting unwanted spam that is easy for users to use and generally hard for bots to get through. reCAPTCHA is best used on important forms like registration or sign-up forms but don’t overdo it. Adding reCAPTCHA to every single form may hinder users from completing actions on your site.
Sometimes referred to as a Honeypot, this tactic involves adding hidden fields to your contact form using either CSS or Javascript or sometimes a little bit of both. Bots read the code of the page and will fill out the form fields that humans are unable to see. Your form action script will then automatically delete any of the forms that have hidden fields filled in. There are plenty of plugins available to add to your WordPress site if you have one.
Honeypot forms are great for websites with lots of traffic and several different forms because it automates the process of filtering out spam. However, it may take some trial and error to find a plugin that works best for you. If your website is custom-built it may take some development work to add a honeypot form to your site. Get in touch with our local web development specialists to see what your options are.
Session cookies aren’t edible, unfortunately. So what exactly are they?
When you visit a website, session cookies, or “HTTP cookies” are used to track the behavior of a user on the site. The most common example of a session cookie is on an e-commerce site. When you’re browsing products and loading new pages, your shopping cart still has the items you’ve placed in it thanks to session cookies temporarily storing your data.
Session cookies can help filter out bots because most bots usually go straight to your site’s contact form without visiting any other pages, unlike a human user. Suspicious sessions only on your website’s contact page without any other page visits can then be flagged as spam.
Session cookies are a more sophisticated way to monitor user behavior and flag fishy behavior on your site. They also help provide more accurate data reporting since spam traffic and engagement are filtered out. Learn how to set up session cookies using Google Tag Manager.
Another way spammers will take advantage of your website is posting comments under blog posts and pages. On most WordPress sites, users only have to provide a name and email address in order to post comments meaning they don’t have to verify their identity. Comments left by spammers can contain malicious links that can harm a user’s computer if clicked on. To remedy this, you can manually approve comments before they’re posted to your website.
Login into your WordPress website and go to Settings and then click on Discussion. Scroll down to the Before a comment appears section and select the Comment must be manually approved checkbox.
If you don’t want the hassle of approving every single incoming comment, another option is to enable Comment Moderation. Any comment that contains a set amount of links can be held in a queue for you to review. This setting can also be turned on in the Discussion Settings under the Comment Moderation section.
You can also manage incoming comments by setting up email notifications each time a user leaves a comment or when a comment is held for moderation under the Email me whenever section. To see a full list of comments on your website, go to the Comments section in the backend of your website.
Spam is annoying and can potentially harm your site if you don’t regularly monitor it. There are options available to filter out spam and these methods are constantly being improved with new updates. However, no method is perfect. It’s best to employ a combination of tactics to keep your website’s security in check. Get in touch with us to see which methods are best for your website.
Chelsea helps keep the team on track with daily to-do lists and enjoys writing content for clients. Whenever she has free time, Chelsea likes managing her food blog, heading to the gym bright and early, and kayaking.How did you like this article?
Just right! Give me more of this level.
Too easy! I need more of a challenge.
