Contact form drowns in spam, but reCAPTCHA is annoying.
reCAPTCHA v3 leaks data to Google and frustrates real visitors. For most SMB forms a honeypot plus a timing check is enough.
Try this first
- 1Add a honeypot field: a text input hidden via CSS with a normal-looking name (website, fax). Bots fill it, humans don't.
- 2Add a timing check: forms submitted within three seconds of page load are almost certainly bots. Reject or send to bin.
- 3Add a required field with a simple context question (which city, which year). No maths, just a check a generic bot fails.
- 4Plugins like Fluent Forms, WPForms and Gravity Forms ship honeypot. Turn it on; only enable reCAPTCHA if spam still leaks through.
- 5Block known spam IPs via Cloudflare WAF. A free Cloudflare account stops a lot of bot traffic before it reaches your server.
- 6Monitor for a week. Zero spam and all real leads landing means the job is done.
When to bring us in
If targeted spam attacks (e.g. directed vulnerability scans) keep getting through, hCaptcha or Cloudflare Turnstile are privacy-friendlier alternatives to reCAPTCHA.
See also
- WordPress, plugins and theme have gone 6+ months without updatesOut-of-date WP is the number-one entry for malware. Don't just hit 'update all', back up first.
- Theme update broke the layout or threw a fatal errorThemes overwrite custom CSS on update unless you use a child theme.
- WordPress shows a blank screen after a plugin install or updateWSOD (white screen of death) is usually one crashing plugin. You isolate it.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.