Spam bots and cold marketers have increasingly targeted contact forms on WordPress websites — especially those built using Gravity Forms. These submissions often include phrases like “Click here,” “Earn extra cash,” or “Web design services” and can clutter your inbox or CRM.
We recently faced this issue across multiple client websites and decided to build a custom plugin to block spammy form entries using keyword-based filtering. Here’s a breakdown of the problem, how native Gravity Forms validation works, and how our GF Custom Validations plugin solves it.
The Problem: Too Many Spammy Submissions
Gravity Forms, by default, does not include keyword filtering. Even with Google reCAPTCHA and Akismet enabled, bots or real users with spammy intent can bypass them.
Here’s what we were seeing:
- Cold leads from SEO/Web design agencies
- Repeated financial schemes
- Entries containing fake offers or “act now” urgency language
Why Regular Validation Wasn’t Enough
We initially tried the gform_field_validation hook:
add_filter('gform_field_validation', function ($result, $value, $form, $field) {
if (stripos($value, 'free money') !== false) {
$result['is_valid'] = false;
$result['message'] = 'Spam content detected!';
}
return $result;
}, 10, 4);This worked — but only when blocking submissions. It didn’t help when we wanted to allow the submission but flag it as spam (to be reviewed later). Also, hardcoding keywords wasn’t flexible for client-specific use cases.
The Solution: GF Custom Validations Plugin
To solve this across all clients, we developed a reusable WordPress plugin that:
- Lets you toggle spam filtering per site
- Allows site admins to add/edit stop words
- Gives the choice to:
-
- Block the submission with a custom message
- Allow the submission but send it to Gravity Forms’ spam folder
- Lets you choose which fields to check (email, phone, website, etc.)
- Logs all flagged submissions with:
-
- IP Address
- Field name
- Entry value
- Timestamp
- Offers a downloadable CSV log viewer in the WP admin dashboard
Smart Spam Handling with Hooks
We combined two Gravity Forms hooks for accuracy:
1. Field Validation (blocks submission)
add_filter('gform_field_validation', function ($result, $value, $form, $field) {
if (stripos($value, 'get rich quick') !== false) {
$result['is_valid'] = false;
$result['message'] = ' Spam detected.';
}
return $result;
}, 10, 4);2. Post-Submission Spam Detection (marks as spam)
add_filter('gform_entry_is_spam', function($is_spam, $form, $entry) {
foreach ($form['fields'] as $field) {
$value = rgar($entry, $field->id);
if (stripos($value, 'get rich quick') !== false) {
return true; // Gravity Forms will mark it as spam
}
}
return $is_spam;
}, 10, 3);Logging Everything (Bonus Feature)
We log all spammy entries to a spam-log.csv file with full transparency. This is especially helpful for marketing teams who want to review and whitelist or analyze flagged entries later.
Result
Our plugin is now live across multiple client websites. In the first week alone, we saw a 70–90% drop in spam entries. Clients now have the confidence that their contact forms are clean — and if anything gets flagged, it’s easily traceable.
Want to Use It?
The plugin is available to all our managed hosting and SEO clients. If you want to implement this spam prevention setup on your WordPress site, get in touch with us here.
