Blog Post

Fighting spam in Gravity Forms

With the use of coreSecurity Pro, you can add a wide range of antispam features to combat entries spam received through forms created by the Gravity Forms plugin.

Gravity Forms is one of the most popular plugins for creating custom forms and doing all kinds of amazing things using an intuitive drag-and-drop editor with a wide range of fields, over 50 official addons for eCommerce, polls, reports, user registration, and much more. I have used Gravity Forms for all my websites for over ten years and never needed other contact form plugins.

Regarding spam in the received contact form entries, Gravity Forms does have a few anti-spam features (honeypot and optional addon for Captcha). Honeypot can be useful against some types of bots, and Captcha is plain annoying to have on any page, and it is not any protection if actual humans generate the spam.

coreSecurity Antispam for Gravity Forms

Now, with the coreSecurity Pro plugin, you can use a very advanced set of 20+ antispam filters and services to identify spam and ban any IP that repeatedly attempts to post spam. Banning offending IPs is a very important step because it will discourage repeated offenders, it will minimize server handling of malicious requests, and you can ban IPs on a temporary basis or permanently. All entries marked as spam are still saved in the Gravity Forms database and can be used to check them again manually or as a reference for future spam checks.

Not only that, coreSecurity Pro has 20+ features related to website security (firewall, login and registration protection and control, file scanner, antispam for comments, bbPress forums, various forms plugins)

coreSecurity Gravity Forms Antispam Feature options (small part of the page)
coreSecurity Gravity Forms Antispam Feature options (small part of the page)

Antispam for Gravity Forms in coreSecurity Pro has a long list of settings (check out the knowledge base article about configuring the feature, and every option contains basic explanations about how they work and how to set them up. Options are split into two main groups: filters that are run directly on each entry content (email, email domain, content…) and options for using external services to protect against spam. For every form entry, the plugin will try to extract various fields from the entry that can be used to test for spam: email, URL, name, and content. From email, the plugin will also extract the domain name. To see the list of all antispam measures that can be used to fight spam, check out this knowledge base article.

Filters that the plugin runs will be used against content, email, email domain, URL, and name, and if any of these are missing related checks, filters will be skipped. coreSecurity Pro has an extensive list of disposable email domains (for fake email services, very common spam sources), it can determine the domain structure based on TLD analysis (a lot of spam comes from invalidly formatted domains), and various regular expressions to check for spam. What is very important is that you can add more regular expressions, domains, and emails for filtering purposes and improve future spam detection.

When it comes to external services, the plugin can run checks of the DNS records from the email server, check the IP against DNS Blacklist databases, and check via the StopForumSpam website.

Review spam in Security Logs

To see how much spam has been stopped, you can check out the Security logs and filter the log by the Gravity Forms Spam event, and you will see something like the list in the image below. For each entry marked as spam, the plugin will show one or more reasons the message has been flagged, including information about the source.

Gravity Forms Antispam in the Security Logs
Gravity Forms Antispam in the Security Logs

If the IP is a repeated offender, coreSecurity Pro can auto-ban that IP, but for any IP, you have the option to ban it. From this list, you can go to an entry in the Gravity Forms if you need to get more information or see the entry.

Gravity Forms Integration

coreSecurity Pro Antispam Feature for Gravity Forms integrates into Gravity Forms to add one new option in each form Settings panel to enable Antispam (this way, you can select which forms entries you want to be protected – not every form you have will be used for contact, and not every form will be exposed to spam), and a metabox will be added to each entry page so you can have some additional options related to spam.

coreSecurity integration into Gravity Forms Settings
coreSecurity integration into Gravity Forms Settings

How effective is coreSecurity Antispam?

coreSecurity Pro has been active on Dev4Press for about two months, protecting 2 Gravity Forms, and compared to the months before, as soon as it was activated, coreSecurity Pro Antispam for Gravity Forms eliminated 92% of all spam coming through the protected Gravity Forms forms. Few spam messages have been coming through (some spammers can be very smart not to fill the contact form with too many links, or they use clean emails), but based on the spam that was not caught, I have added some additional expressions to the content filter to improve detection.

And, in the past ten days, coreSecurity Pro has eliminated 100% of spam messages. That number will fall once new spammers get smarter, but identifying new patterns will help. I expect that spammers will change patterns occasionally, and I will update coreSecurity Pro with new filter expressions and even new antispam tools (two new antispam tools for Gravity Forms are in development).

These numbers will be different on different websites, depending on the traffic it gets spam methods used, and I am always open to adding new filters to improve existing measures. If you have any suggestions on further improving the antispam capabilities of coreSecurity Pro, leave a comment and let me know.

And, if you decide to give coreSecurity Pro a try and buy the license to protect your website and to stop spam coming through Gravity Forms forms, here is the 10% discount coupon: GRAVITYANTISPAM, valid until the end of this year.

Please wait...
The best and full-featured forms plugin for WordPress
Gravity Forms Plugin

With Gravity Forms plugin for WordPress, you can create any number of custom forms using very easy to use drag and drop editor, and expand the plugin features using 50+ official addons for eCommerce, reports, polls and more.

Disclosure: This post contains affiliate links, which means that I receive compensation if you make a purchase using this link.
coreSecurity Pro plugin for WordPress
Proactive protection and security hardening

Deploy a wide array of security measures to stop spam registrations, spam content, various types of malicious threats, limit and ban access to repeated offenders and more.

About the author

Milan Petrovic
Milan Petrovic

CEO and Lead developer of Dev4Press Web Development company, working with WordPress since 2008, first as a freelancer, later founding own development company. Author of more than 250 plugins and more than 20 themes.

Subscribe to Dev4Press Newsletter

Get the latest announcements, release digests, promotions and exclusive discounts, and general Dev4Press-related news straight into your mailbox.

This form collects your email (optionally your name) for the purpose of sending you newsletters. Check out our Privacy Policy for more information on how we store and manage your data. We will not send you any spam. Newsletters are sent 2 to 4 times every month.

Latest From The Blog

plugins relase corsecurity 1 9

coreSecurity Pro 1.9

coreSecurity Pro 1.9 brings several very important bug fixes (related to the file scanner), several new features related to antispam control, user session management, improvements to the file scanner, and more.
plugins relase dev4press updated 4 7

Dev4Press Updater 4.7

The new version of Dev4Press Updater, brings a regular set of updates to the plugin, including support for coreSecurity Pro plugin installation and updates, various fixes and tweaks, updated shared library.
plugins relase debugpress 3.9

DebugPress 3.9

It has been a while since the new DebugPress release was announced on Dev4Press, but the plugin has been getting regular updates almost every month, and today, it has reached version 3.9.

Leave a Comment

WP Rocket - Make WordPress Load Fast in a Few Clicks
Grammarly - Number 1 Writing App