---

How to Block Foreign-Language Spam in WordPress Forms

If your WordPress contact forms are flooded with submissions in Russian, Chinese, or other foreign languages, you can stop them using a combination of native form plugin filters, a keyword blocklist, and a dedicated anti-spam plugin like OOPSpam. This guide walks you through each method clearly and efficiently.

Why Foreign-Language Spam Is a Growing Problem

Foreign-language spam clogs your inbox, corrupts your CRM data, and wastes time that your team could spend on real leads. Spammers increasingly use bots that rotate IPs and submit forms in bulk, often targeting sites with little or no language-based filtering in place.

If your business serves English-speaking customers only, there is no legitimate reason to receive form submissions written in Cyrillic, Mandarin, Arabic, or other scripts. Blocking them is both practical and safe.

Method 1: Use a Plugin with a Built-In Language Filter

The fastest and reliable approach is to install OOPSpam (that’s us 👋), an anti-spam plugin built specifically for WordPress forms. It works silently in the background, requires no CAPTCHA, and does not slow down your site.

How OOPSpam’s Language Allowlist Works

OOPSpam uses machine learning and a database of over 500 million malicious IPs and emails to evaluate every form submission. For foreign-language blocking specifically, it includes a Language Allowlist feature:

Install and activate the OOPSpam Anti-Spam plugin from the WordPress plugin directory.

Go to OOPSpam > Settings in your WordPress dashboard. 

Enter your API key (available after creating a free account at oopspam.com).

Navigate to the Country and Language settings. You will see three fields:

• Country Allowlist: Select the specific countries you want to accept submissions from. Only those submissions will be processed. Leave it empty to accept from all countries not on your blocklist.
• Country Blocklist: Select countries you want to block outright. OOPSpam includes quick-add buttons for common choices such as China and Russia, countries in Africa, or EU countries. Blocked submissions will be rejected unless the sender also appears in your Trusted Countries list.
• Language Allowlist: Choose the language(s) you want to accept (e.g., English, Spanish). Only messages written in those languages will be processed. Leave it empty to accept all languages.

Save your settings.

Any submission that does not match your selected language(s) is automatically flagged and blocked before it reaches your inbox.

Note: The Language Allowlist works best when your form includes a textarea or a message field with at least a few sentences. Short fields like “Name” or “Email” may not provide enough text for accurate language detection.

This two-layer approach (language + country) gives you much stronger protection than either method alone.

Supported form plugins include: WPForms, Fluent Forms, Elementor Forms, WS Form, Forminator, HappyForms, Gravity Forms, and more.

Method 2: Use WPForms’ Native Keyword and Country Filter

If you are already using WPForms, you can take advantage of its built-in filtering.

1. Open the WPForms form builder and select the form you want to protect.
2. Go to Settings > Spam Protection and Security.
3. Click on the Filtering tab.
4. Enable the Country or Keyword Filter option.
5. Add the countries or keywords you want to allow or block.
6. Save the changes.

This native setting is straightforward and works well for basic filtering needs. However, it is less granular than OOPSpam’s language detection and may not catch submissions from bots that spoof their location.

Method 3: Build a Keyword Blocklist

For a simpler, no-cost option, you can create a keyword blocklist using WordPress’s built-in comment filtering or your form plugin’s native blocklist feature. This method targets specific characters or words that appear frequently in foreign-language spam.

Steps via WordPress Core (Discussion Settings):

1. Go to Settings > Discussion in your WordPress dashboard.
2. Scroll down to the Disallowed Comment Keys box.
3. Paste in the characters or words you want to block, one per line.
4. Click Save Changes.

Note: WordPress’s built-in Disallowed Comment Keys setting applies only to WordPress’s native comment system. It does not protect contact forms or any other form builders on your site. If your goal is to filter form submissions, this method alone will not work. 

Steps via OOPSpam’s Manual Moderation Tab:

If you are already using OOPSpam, you do not need a separate blocklist tool. The plugin includes a dedicated Manual Moderation tab that lets you manage blocked keywords alongside blocked emails, IPs, and allowed senders, all in one place.

Unlike the WordPress core option, the Blocked Keywords feature in OOPSpam works across both the WordPress comment system and all supported form builders.

1. In your WordPress dashboard, go to OOPSpam Anti-Spam > Settings.
2. Click the Manual Moderation tab.
3. Expand the Blocked keywords section.
4. Add your foreign-language terms or character sets, one per line (for example, Cyrillic words, common Chinese spam phrases, or spam-linked domain extensions like .ru).
5. Save your settings.

Any form submission containing a blocked keyword is rejected automatically. This is particularly useful when you have already spotted recurring spam phrases in your inbox and want to shut them down immediately without waiting for the machine learning filter to catch up.

What to add to your blocklist:

• Common Cyrillic characters or words (useful if you receive Russian spam)
• Specific spam phrases you have already spotted in your inbox
• Domain extensions frequently linked to spam, such as .ru

Important limitation: Keyword blocklists, whether managed through WordPress core or OOPSpam, require occasional updates as spammers shift their tactics. Treat them as a quick-response tool within a broader spam protection setup, not a standalone solution.

Combining Methods for Maximum Protection

No single method is 100% foolproof, but layering your defenses significantly reduces the risk. Here is a practical stack that works for most WordPress sites:

1. OOPSpam as your primary filter (language allowlist + country blocking + machine learning)
2. WPForms’ built-in language filter as a secondary gate (if you use WPForms)
3. A keyword blocklist for catching anything that slips through

This layered approach handles both automated bot submissions and manual human spam, which is increasingly common as spammers bypass basic CAPTCHA systems.

Final Thoughts

Foreign-language spam is a manageable problem with the right tools. For most site owners and developers, OOPSpam offers the most complete and low-maintenance solution, especially with its Language Allowlist, Keyword blocklists, and country-based filtering working together. 

Start with the method that fits your current form plugin and budget, and scale up your protection as your site grows.