How can I Protect My Webforms from Spam?

  • Updated
Many law firm websites receive large amounts of bot and spam submissions to public forms embedded on their websites. These submissions can get in the way of reporting and require submissions to be cleaned of any junk.
There are multiple methods that can be used to stop spam from being submitted depending on the platform the firm website is being hosted on. We recommend reaching out to your web/digital agency or contact us so that we can put you in touch with an expert.
If your website is hosted on the Wordpress platform and you have integrated CARET Legal CRM to your website using our WordPress plugin with Gravity Forms as the form builder, you can protect that webform from spam by adding reCAPTCHA and enabling honey pot. 


  1. Login to the admin panel of your firm's WordPress site.
  2. Select Gravity Forms from the menu.
  3. Hover over a form.
  4. Select Settings > Form Settings.
  5. Scroll to the bottom and Enable anti-spam honeypot.


Gravity Forms can only support reCAPTCHA v2 and will not work when there is more than one form per page
  1. reCAPTCHA is a service provided by Google. It’s free but requires a site key and secret key. You can easily generate those keys for your site by visiting Google’s reCAPTCHA setup page.
    1. Once you are on this setup page, click on the Admin Console button in the top right corner and sign in to your Google account.
    2. After logging in, you’ll be redirected to a page where you can register your site for reCAPTCHA.  If you’ve already registered a website for Google reCAPTCHA in the past, you’ll see a different screen. In that case, just click on the plus sign to Register a new site.

    3. Enter the name of your website in the label field. This is for your own use so that you can identify the website if you ever needed to access the keys again.

    4. Then, choose the type of reCAPTCHA you want to add to your website. In this example, we’ll select reCAPTCHA v2 and then the “I’m not a robot” checkbox.

    5. Gravity Forms can only support reCAPTCHA v2 and will only work when there is one form per page
    6. Then, you need to add your website’s domain, such as

    7. To save your site, click Submit to generate your Site Key and Secret Key.

  2. Link Gravity Forms to the Site Key and Secret Key generated from reCAPTCHA
    1. Login to the admin panel of your law firm's WordPress site.
    2. Select Gravity Forms from the menu.
    3. Select Settings in the submenu.

    4. Scroll to the bottom and paste your Site and Secret Keys under the reCAPTCHA settings.

    5. Select Type based on what was specified when creating the Site and Secret Keys in Google.

    6. If needed, click Validate, then select Save Settings.
  3. Enable reCAPTCHA for each form

    1. We recommend Field Label Visibility to be Hidden
    1. Select Gravity Forms from the menu.
    2. Select the form you would like to add reCAPTCHA to. From here, you will be able to edit the form.
    3. On the right-hand side, under Advance Fields drag over the CAPTCHA field to the bottom.
    4. Click on the CAPTCHA field to expand the options.
    5. Select Save.

Was this article helpful?

0 out of 0 found this helpful