Webform Spam Prevention

Sometimes online forms get spam submissions. These unsolicited or undesirable responses are often submitted by an internet bot. Bots are programs that run automated tasks on the internet, that imitate human activity, such as form submissions, usually on a large scale. This type of bot activity can cause disruptions, or even harm, business operations for targeted sites. Taking the steps on this page can better protect your form from spam submissions.

Adding a CAPTCHA

Adding a CAPTCHA to your form(s) can help identify and prevent non-human submissions.

Using the admin menu, navigate to Structure > Webforms > Form. This will display a page listing all of the forms on that site.

1. Select the form you want to want add a CAPTCHA to by clicking on its title
2. Using the tabs towards the top of the page, click Build
3. Click the Add Element button 
4. Use the search tool to find and add the CAPTCHA element, then click Save
5. The CAPTCHA element will be added to the bottom of the list on the Build page. 

Note: The CAPTCHA will not be visible on the form while you're logged into the site. Test the CAPTCHA by opening the form in a logged out browser window. 

Third-Party Bot Settings

Honeypot and Antibot are settings that can be enabled to prevent spam. They are both specifically designed to identify and remove submissions from bots. Use the checkboxes on the form's Settings page under Third-party settings.