Spam can be both aggravating and dangerous to a website. If left unnoticed, it will compromise the authority of your website and the information provided by your visitors. Luckily, there are precautions you can take to stop spam and protect the safety and security of your information.


Bots and trackers scan plain text and will add any valid email address found to a spamming list. The best way to avoid this is to use a form to submit to your email address, hiding the true contact email address.


Forms that ‘refer a friend’ or auto-send to email addresses entered by visitors are especially susceptible to spammer abuse. The custom message field will be filled with a spam message and the email address box will be populated by email addresses on their spam list. Once a website host detects a spike in spam email activity, the emailing service will most likely be shut down and the site will be flagged. Sometimes the spam email activity is flagged too late and the spammer has already completed the damage to your website and possibly other sites sharing the same host.

If you MUST use something like a ‘refer a friend’ email form, do not enable a custom text field. You can also install reCAPTCHA, honeypots, or custom questions to protect your email server and prevent it from being used as a spamming service.


CAPTCHA is a service that processes user-data to determine if it is encountering a spamming bot or an actual human. You might remember a difficult-to-read image with letters or numbers in it that asked you to type the text in a box below. Now with Google’s newer version of reCAPTCHA, mouse movements are tracked with clicking pictures to match a topic. ReCAPTCHA is added to email forms on a website and usually asks the visitor to select a checkbox that reads “I am not a robot.” Installing CAPTCHA or reCAPTCHA on any form that collects user data will help to fight against unwanted spam.


Honeypots are invisible fields on a form that appear in the backend code. When these fields have any value, the code refuses to send the form, preventing spam bots from auto filling your form and sending out spam. Honeypots act as a ‘robot trap’ that normal visitors are unable to see.


You can also protect your form by adding a simple question by requiring the user to answer correctly before the email will be sent. Though sometimes off-putting to a user, this determines whether the user is a real thinking human or a robot. Some companies have been adding humor or branding questions. Some questions may have multiple answers and are often easy, non-common riddles. An example question could be “What is the most common color of a Rose?” or “ What is the first letter of the last day of the week?” The only downside of this method is normal user error. A simple math question like 2+1 has a clear answer and is a popular solution that we’ve seen work quite well.


Unfortunately, online traffic from certain countries is often the source for spam on websites. However, spam can come from any country, so it is important to monitor your traffic analytics. Blocking certain countries or locations that have been identified as bringing spam to your site will help eliminate unwanted traffic.

You can also stay proactive by blocking locations not occupied by current or potential customers. To block certain countries or geographical locations from accessing your site, use a plugin or talk to your hosting provider.


For WordPress websites that are not running a blog or utilizing the discussion function –  turn off all comments, pingbacks and trackbacks. These can be turned off in the Discussion settings of your website, or can be turned on or off individually for each page or post. If you are having issues with spammers leaving comments on pages or posts, install a plugin to handle the spam. These plugins remove unwanted comments from your site, as well as block all incoming comments from your site entirely.


Unprotected websites are the perfect target for spreading spam. It is important to make securing the information of your site and the personal information of your visitors a top priority.  By taking the above precautions, you can work to avoid experiencing potentially harmful spam activity.

If you are unsure whether your site is secure or would like to switch to 24/7 security monitoring, please reach out to us. Our website hosting and security plans include 24/7 security monitoring, uptime monitoring, weekly off-site backups, daily malware scans, access to our team of professional designers and developers, and more. At Vervocity, we offer peace of mind knowing your website is safe and securely maintained.