FROM CACHE - en_header
Promotion image

Tons and tons of spam from contact form... How to increase security?

Tons and tons of spam from contact form... How to increase security?

AZColin
New Member
5 0 0
‎03-10-2025 01:41 PM

We've had the shop live for 3 days and have received an insane amount of spam. I have the two options enabled but they are apparently very weak. My guess is this is yet another way for Shopify to make yet another app a necessity?

 

How can we make this more effective without doling out yet more money to a third party to provide something that should be a stock feature?

 

alienzero.bike is the domain

 

Here's the form:

<form method="post" action="/contact#ContactForm" id="ContactForm" accept-charset="UTF-8" class="isolate scroll-trigger animate--slide-in" data-cptcha="true" data-hcaptcha-bound="true"><input type="hidden" name="form_type" value="contact"><input type="hidden" name="utf8" value="✓"><div class="contact__fields">
        <div class="field">
          <input class="field__input" autocomplete="name" type="text" id="ContactForm-name" name="contact[Name]" value="" placeholder="Name">
          <label class="field__label" for="ContactForm-name">Name</label>
        </div>
        <div class="field field--with-error">
          <input autocomplete="email" type="email" id="ContactForm-email" class="field__input" name="contact[email]" spellcheck="false" autocapitalize="off" value="" aria-required="true" placeholder="Email">
          <label class="field__label" for="ContactForm-email">Email
            <span aria-hidden="true">*</span></label></div>
      </div>
      <div class="field">
        <input type="tel" id="ContactForm-phone" class="field__input" autocomplete="tel" name="contact[Phone number]" pattern="[0-9\-]*" value="" placeholder="Phone number">
        <label class="field__label" for="ContactForm-phone">Phone number</label>
      </div>
      <div class="field">
        <textarea rows="10" id="ContactForm-body" class="text-area field__input" name="contact[Comment]" placeholder="Comment"></textarea>
        <label class="form__label field__label" for="ContactForm-body">Comment</label>
      </div>
      <div class="contact__button">
        <button type="submit" class="button">
          Send
        </button>
      </div><div class="h-captcha" data-sitekey="f06e6c50-85a8-45c8-87d0-21a2b65856fe" data-size="invisible"><iframe aria-hidden="true" data-hcaptcha-widget-id="06lb2qmj9f0q" data-hcaptcha-response="" src="https://newassets.hcaptcha.com/captcha/v1/14dbe0f1619b8014e2630bcdde727e7785a80dee/static/hcaptcha.html#frame=checkbox-invisible" style="display: none;"></iframe><textarea id="h-captcha-response-06lb2qmj9f0q" name="h-captcha-response" style="display: none;"></textarea></div></form>
Labels:
175 Views
0 Likes
Report
Replies 2 (2)

Dotsquares
Shopify Partner
177 6 17
‎03-11-2025 03:09 AM

hi @AZColin 

Thanks for reaching out to the Shopify Community. I understand how frustrating it can be to deal with spam, especially just a few days after launching your store.

Since you already have the built-in spam protection enabled, here are a few additional steps you can try to reduce spam without relying on third-party apps:

Enable reCAPTCHA V3: Double-check if reCAPTCHA V3 is enabled in your Shopify admin under Settings > Customer accounts. This helps filter out bot submissions more effectively.

 

Restrict Form Submissions: If you're primarily receiving spam through the contact form, you can modify the form to only accept submissions from logged-in customers or add a hidden "honeypot" field to trap bots.

 

Block Specific IPs: If you notice spam coming from specific locations or IP addresses, you can block them using Shopify’s built-in security features.

 

Reduce Form Fields: Simplifying your form fields or requiring email verification before submission can help minimize bot submissions.

Dotsquares Ltd


Problem Solved? ✔ Accept and Like solution to help future merchants.


Shopify Partner Directory | Trustpilot | Portfolio
96 Views
0 Likes
Report
In response to Dotsquares

AZColin
New Member
5 0 0
‎03-11-2025 03:16 PM

I see nowhere in Customer Accounts that references reCAPTCHA.

 

I've used honeypot fields before when hand coding PHP but checking that the field is filled or not requires form submission and I have yet found a way to view the full code (assuming it's PHP) to create that check. As a matter of fact, when I navigate to admin > pages > contact, that page appears to be blank so I can't even wrap the form in the {% - if customer -%} tags to require being logged in.

 

When I look at page.contact.json there's no form there to wrap.

 

When I look at contact-form.liquid I see the form inputs but don't see the opening or closing <form> tags to wrap.

70 Views
0 Likes
Report

Community Blog Articles

shopp-e-1741972742895593780274096851.png
Canadian merchants: Update account details by March 24, 2025 to continue us...

Shopify and our financial partners regularly review and update verification requiremen...

By Jacqui Mar 14, 2025
Shopify_0-1741780029041.png
New learning path from Shopify Academy: How to create a digital marketing s...

Unlock the potential of marketing on your business growth with Shopify Academy's late...

By Shopify Mar 12, 2025
CRO-Community-Promo.jpg
Expert insights on conversion rate optimization (CRO) from Shopify Academy ...

Learn how to increase conversion rates in every stage of the customer journey by enroll...

By Shopify Mar 5, 2025
Terms of Service Privacy Policy