Title: Suddenly more form spam Last modified: November 11, 2025 --- # Suddenly more form spam * [Olaf Lederer](https://wordpress.org/support/users/finalwebsites/) * (@finalwebsites) * [5 months, 3 weeks ago](https://wordpress.org/support/topic/suddenly-more-form-spam/) * Hi, I get more and more complains form customers about spam form submissions. Mostly (almost) empty forms or messages like “qtNPeIFRxMdUXUCupoyA”. The submitted email address look are looking realThe forms are created with Elementor Pro.Anyone else here with the same behavior? Viewing 7 replies - 1 through 7 (of 7 total) * [homu9](https://wordpress.org/support/users/homu9/) * (@homu9) * [5 months, 3 weeks ago](https://wordpress.org/support/topic/suddenly-more-form-spam/#post-18716045) * Hi, are they also come from VDsina’s IP range? [https://wordpress.org/support/topic/some-spammer-broke-through/](https://wordpress.org/support/topic/some-spammer-broke-through/) * I used different strategies to deal with the new spam. * One website I used Cloudflare to block VDsina’s AS number, which has worked well so far, but it will stop working if the spammer changes its IP. * For other websites, I used Cleantalk: * [https://cleantalk.org](https://cleantalk.org/?pid=392722) * Note that it has some false positives and false negatives. You can use a filter with IPs < 3 to quickly identify the most likely false positives. * If you are an agency with an Unlimited Plan, I recommend purchasing the Extra Package, which retains logs for a longer period and allows you to delegate access permissions to clients through Website Access Delegation. * Thread Starter [Olaf Lederer](https://wordpress.org/support/users/finalwebsites/) * (@finalwebsites) * [5 months, 3 weeks ago](https://wordpress.org/support/topic/suddenly-more-form-spam/#post-18716155) * Hi, I checked recent spammer’s IP addresses and all of them are from Dubai (different problem). * The problem is that some spambots act like real visitors. Using Turnstile helps, but I don’t wanna change 100+ websites 😒 * [homu9](https://wordpress.org/support/users/homu9/) * (@homu9) * [5 months, 3 weeks ago](https://wordpress.org/support/topic/suddenly-more-form-spam/#post-18716187) * [@finalwebsites](https://wordpress.org/support/users/finalwebsites/) * Yes, bulk management is crucial for agencies, so I tested different alternative services and setup methods. * I used Human Presence, but they stopped providing services at the beginning of the year, and clients couldn’t see which spam was blocked. Choosing a service is not just a single issue, but also involves other plugins and services that work with it. * Cleantalk only allows easy spam viewing for each site when using the built-in integration with Fluent Forms, so I suggested adding an Entries status filter to Fluent Forms a few days ago. I also asked Cleantalk for an easier log check solution. However, due to privacy concerns, website access delegation is currently the only available option. * My advice to all clients is to avoid using Elementor’s built-in forms; if you must use them, use the Global widget. * This is because with shortcode forms, you can set them globaly, while with Page Builder’s built-in forms, you need to find each form and set it individually. * Thread Starter [Olaf Lederer](https://wordpress.org/support/users/finalwebsites/) * (@finalwebsites) * [5 months, 3 weeks ago](https://wordpress.org/support/topic/suddenly-more-form-spam/#post-18716360) * [@homu9](https://wordpress.org/support/users/homu9/) WP Armour is a good working anti spam solution and the best thing is, that you don’t need to change the forms. The same for the Turnstile integration after you finished the installation.I’m sure that the current issue I have on some sites is a temporary problem. * > My advice to all clients is to avoid using Elementor’s built-in forms; if you > must use them, use the Global widget. * Nothing wrong with Elementor forms, sure you need to use the Global widget if you include the same form on many pages. * Thread Starter [Olaf Lederer](https://wordpress.org/support/users/finalwebsites/) * (@finalwebsites) * [5 months, 3 weeks ago](https://wordpress.org/support/topic/suddenly-more-form-spam/#post-18716372) * I opened on of my client’s site: Hey, WP Armour has blocked **22869** spam submissions till date… * I see this kind of numbers often, even after 1 month of using WP Armour. I’m good here 😃 - This reply was modified 5 months, 3 weeks ago by [Olaf Lederer](https://wordpress.org/support/users/finalwebsites/). * [homu9](https://wordpress.org/support/users/homu9/) * (@homu9) * [5 months, 3 weeks ago](https://wordpress.org/support/topic/suddenly-more-form-spam/#post-18716439) * [@finalwebsites](https://wordpress.org/support/users/finalwebsites/) I tried Turnstile too, with Fluent forms integration, Clients reported that if there are multiple forms on the same page, one Turnstile may affect the other.WP Armour works great until recently, only some manually spam could bypass it’s honeypot. It was my default setup.And it has problem with PayPal Express checkout and Gtranslate. It’s not a problem with WP Armour, because Gtranslate, like Cloudflare, is a reverse proxy. * For forms without short codes, such as those where you want to modify the “From” field for email notifications or uniformly change “actions after submit,” it’s inconvenient. Not choosing Elementor form is just like seeing the shining point of WP Armour. * When there are many submissions in the backend, deleting records is also inconvenient. There’s no easy way to preview submission content, no advanced filtering or on- demand export, and no daily submission statistics… Furthermore, when using TranslatePress, the form content is also translated, a problem that takes too long to resolve with elementor official support. * For the past month, I’ve been checking the WP Amour forum every few days to see if there’s any progress and to see if new spam has been contained on client websites. I’m currently writing an Access Key generator to make things easier for clients. * If the spam isn’t resolved, the Mail Relay used for form notifications will also experience excessively high bounce rates. * Thread Starter [Olaf Lederer](https://wordpress.org/support/users/finalwebsites/) * (@finalwebsites) * [5 months, 3 weeks ago](https://wordpress.org/support/topic/suddenly-more-form-spam/#post-18716459) * You’re right comment form spam is huge problem not only for all the spam submissions you don’t want. I develop my own contact form plugin (search for “WP Armour” to find it in the repo) and spent a lot of time for adding anti spam methods even for sessions where Javascript is disabled. The funny thing is that most of spam is still very simple to block. But there are some annoying spam attempts too. Viewing 7 replies - 1 through 7 (of 7 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsuddenly-more-form-spam%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/honeypot/assets/icon-128x128.gif?rev=3093155) * [WP Armour - Honeypot Anti Spam](https://wordpress.org/plugins/honeypot/) * [Frequently Asked Questions](https://wordpress.org/plugins/honeypot/#faq) * [Support Threads](https://wordpress.org/support/plugin/honeypot/) * [Active Topics](https://wordpress.org/support/plugin/honeypot/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/honeypot/unresolved/) * [Reviews](https://wordpress.org/support/plugin/honeypot/reviews/) * 7 replies * 5 participants * Last reply from: [Olaf Lederer](https://wordpress.org/support/users/finalwebsites/) * Last activity: [5 months, 3 weeks ago](https://wordpress.org/support/topic/suddenly-more-form-spam/#post-18716459) * Status: not resolved