How to stop spam form submissions in Webflow?
Spam form submissions are a common problem on Webflow sites. Bots find forms and flood them with junk — cluttering your dashboard, triggering unwanted automations, and wasting your plan's submission q
Spam form submissions are a common problem on Webflow sites. Bots find forms and flood them with junk — cluttering your dashboard, triggering unwanted automations, and wasting your plan's submission quota. Here are the practical ways to filter them out.
Enable Webflow's built-in spam filtering
Webflow includes automatic spam detection on all native forms.
- Go to your Webflow dashboard
- Navigate to Forms for your site
- Click Forms Settings (the gear icon)
- Toggle Spam Filtering to On
This uses server-side detection to block known spam patterns before submissions reach your dashboard. It catches a significant portion of bot traffic with zero configuration.
Add reCAPTCHA to your form
For stronger protection, Webflow supports Google reCAPTCHA v2 (the "I'm not a robot" checkbox).
Steps:
- Go to google.com/recaptcha and register your site to get a Site Key and Secret Key
- In the Webflow Designer, select your form element
- In the Add Elements panel, drag a reCAPTCHA widget into your form
- Go to Project Settings > Integrations > reCAPTCHA
- Paste your Site Key and Secret Key
- Publish your site
Visitors must complete the reCAPTCHA challenge before submitting. Most bots can't pass it.
Note: reCAPTCHA adds a visible widget to your form. If that doesn't fit your design, consider the next options.
Use a honeypot technique
A honeypot is a hidden field that humans won't see but bots will fill in. If the field contains data, you know it's spam.
Webflow doesn't have a built-in honeypot feature, but you can add one with custom code:
- Add a plain text input field to your form
- Give it a name like
websiteorurl(bots love filling these) - In the Style panel, set it to
display: noneoropacity: 0 - Use Zapier or Make to filter out any submissions where this field is not empty
This is invisible to real visitors and catches most basic bots without affecting the user experience.
Switch to a third-party form provider
If spam is a persistent problem, consider replacing Webflow's native forms with a dedicated form service:
- Typeform — built-in spam protection, better UX
- Formspree — drop-in HTML forms with aggressive spam filtering
- Netlify Forms — honeypot support built in
- Paperform — includes CAPTCHA and submission filtering
Embed these via an HTML embed component or link to them externally. The tradeoff is losing Webflow's native submission dashboard and direct Zapier integration — but you gain much stronger spam controls.
Additional strategies
- Rate limiting: If bots submit rapidly, Webflow has some built-in rate limiting, but for heavy attacks you may need Cloudflare (set up on your DNS level) to add CAPTCHA challenges before traffic even reaches your site.
- Block known spam IPs: Check your submission logs for patterns. If submissions consistently come from certain IP ranges, block them at the DNS/CDN level.
- Don't use common form field names: Bots target fields named
name,email,message. Using less obvious names (while still labeling them clearly for humans via placeholder text) can reduce automated targeting.
Which approach to use
| Method | Effort | Effectiveness | User impact |
|---|---|---|---|
| Webflow spam filtering | None (toggle on) | Moderate | None |
| reCAPTCHA v2 | Low | High | Extra click |
| Honeypot | Medium | Moderate | None |
| Third-party form | Medium-High | Very High | Varies |
| Cloudflare protection | High | Very High | None (if configured well) |
Start with Webflow's built-in filtering. If spam persists, add reCAPTCHA. For severe cases, move to a third-party form provider or layer on Cloudflare.