---

4 ways to protect your MetForm from spam

To effectively secure MetForm, combine its built-in anti-spam options with Cloudflare Turnstile and OOPSpam’s ML spam protection + rate-limiting. This layered method blocks automated bots, human-generated spam, VPN abuse, and repeat attacks without harming legitimate users or lead flow.

Modern spam tactics can bypass basic CAPTCHAs. The following steps ensure your MetForm forms remain secure and reliable.

1. Enable reCAPTCHA or hCaptcha

MetForm natively supports reCAPTCHA and hCaptcha, providing an initial challenge layer to screen automated traffic.

Recommended configuration:

• reCAPTCHA v3 (invisible user scoring, minimal friction)
• hCaptcha (alternative for privacy-focused sites or persistent bot traffic)

Steps:

1. WordPress Dashboard → MetForm → Settings → General
2. Select reCAPTCHA or hCaptcha
3. Register your site → obtain Site Key & Secret Key
4. Paste keys into MetForm settings
5. Add the CAPTCHA widget to the form

Start with reCAPTCHA v3. Increase score threshold if suspicious traffic persists.

2. Add Cloudflare Turnstile

Cloudflare Turnstile is a modern CAPTCHA alternative that verifies user authenticity without traditional image puzzles. It uses behavioral signals and device checks, minimizing user friction.

Why Turnstile matters for MetForm

• Lightweight, privacy-friendly verification
• Works even when bots bypass conventional CAPTCHA
• No Google dependency
• Ideal complement to reCAPTCHA v3

Setup overview

1. Create a Cloudflare account (if not already using Cloudflare)
2. Navigate to Turnstile in the dashboard
3. Register your site → get Site Key and Secret Key
4. Install a WordPress Turnstile plugin (since MetForm doesn’t include native Turnstile support yet)
5. Add keys in plugin settings
6. Enable Turnstile for forms site-wide

3. Limit Total Form Submissions

MetForm Pro offers a Limit Total Entries feature to cap form submissions. This prevents automated flood attempts and protects capacity during campaigns.

Steps:

1. Open the form settings
2. Enable Limit Total Entries
3. Define maximum submission count
4. Add a custom closure message

Best for event forms, giveaways, lead magnets, and periods of elevated spam activity.

4. Implement OOPSpam for Advanced Filtering 

Today’s spam campaigns bypass simple CAPTCHA. OOPSpam (that’s us 👋) provides intelligent screening and rate limiting, ensuring MetForm receives real submissions only.

Key Capabilities

• Machine learning-powered spam scoring
• Rate-limiting by IP and email
• VPN/Proxy/TOR blocking
• Country-based filtering
• Language-based filtering
• Contextual analysis
• Works directly with MetForm

This approach provides enterprise-grade protection while preserving user experience.

How to Set Up OOPSpam for MetForm

Go to Plugins → Add New. Search for OOPSpam Anti-Spam. Install and activate the plugin.

Create an OOPSpam account. Copy your API Key from the OOPSpam dashboard.

In WordPress, open OOPSpam → General Settings and paste your API Key.

Turn on MetForm Spam Protection and click Save Changes.

OOPSpam will now evaluate every form submission in real time.

Enable Advanced Filters

Turn on the following options inside OOPSpam:

• VPN/Proxy/TOR Blocking - Blocks anonymous networks commonly used by bots and attackers.
• Country Rules (allow only regions you serve) - Ensures only traffic from approved countries can submit forms.
• Language Filter (reject irrelevant content) - Filters submissions written in languages outside your target audience.
• Rate Limiting - Prevents repeated submissions from the same IP or email in a short timeframe.
• Contextual Detection - Analyzes message content and patterns to identify spam behavior.
• Logs - Stores submission data so you can review blocked attempts and fine-tune rules.

These filters block modern spam vectors, including distributed bot networks and human-assisted spam activity.

Recommended MetForm Security Stack

Defense Layer	Protection Benefit
reCAPTCHA v3	Blocks basic bots
Cloudflare Turnstile	Blocks advanced bots with less friction
Limit Entries	Prevents mass-submission attacks
OOPSpam	ML spam scoring + rate limiting + advanced blocking

Final thoughts

The most reliable way to protect MetForm from spam is through a layered approach. With this configuration, your site benefits from:

• Accurate lead capture
• Zero friction for real users
• Automated abuse control
• Sustainable long-term spam prevention

This combination prevents both automated and human-generated spam while maintaining accessibility and user experience.