Prevent malicious bots from abusing your WordPress sign-up form with fake sign-ups by installing Google reCAPTCHA
A bot is just a computer program that performs a repetitive task over the internet. Though not all bots are bad, malicious bots are designed with the intent to disrupt or cause harm. For example, a bot could exploit a contact sign-up form to create hundreds or thousands of fake email list sign-ups to bog down the system and cause you an administrative headache trying to weed out the valid email addresses from the bad ones.
If you’re using the Constant Contact Forms plugin in your WordPress account, there is a hidden “honeypot field” included in the form that isn’t visible to people, but bots can see it. If the hidden field is filled in, Constant Contact rejects the form submission. The “honeypot field” isn’t a foolproof method, but it does a good job of combating false sign-ups.
Another simple precaution is to add Google ReCAPTCHA to your form. It lets you add an “I’m not a robot” checkbox to the bottom of your form, which ensures everyone who signs up for your list is a real person. You need to have a Google account to use Google reCAPTCHA. If you don’t have one, sign up for one: it’s free.
- Go to http://www.google.com/recaptcha/admin.
- Log into your Google account.
- Because you can create multiple reCAPTCHAs for different parts of your website, give your reCAPTCHA a name so you know where it lives.
- Select reCAPTCHA v2 > Checkbox.
- Enter your website domain. If you have multiple domains, add each one on their own line.
- Click Register.
- Copy the Site Key and Secret Key.
Tip: Having a second browser window open for your WordPress account makes the copying and pasting much easier!
- In WordPress, open the dashboard for your website and click Contact Form.
- Scroll down to the Google reCAPTCHA section and paste the Site Key and Secret Key into their fields.
- Click Save.
Your sign-up form now has the “I’m not a robot” reCAPTCHA checkbox at the bottom, and can’t be submitted until the box is checked.
Any links we provide from non-Constant Contact sites or information about non-Constant Contact products or services are provided as a courtesy and should not be construed as an endorsement by Constant Contact.