I recently disabled hCaptcha on our website’s forms at my client’s request, as they preferred not to show it to end users for a seamless experience. However, since removing it, they’ve been overwhelmed with spam emails, including empty submissions and gibberish messages like “iMFPcvjSDTsdPdb UVbEldCsokokfDr.” This has become a major problem, and I’m now looking for a solution to combat spam without going against my client’s preferences.
I’d like to know if it’s possible to enable hCaptcha only on the contact form. During testing, I noticed that selecting the “Enable on contact and comment forms” option also activates hCaptcha on the subscribe form, which my client wants to avoid. Ideally, we’d like to apply hCaptcha solely to the contact form to reduce spam there, while keeping the subscribe form free of any visible CAPTCHA for a smoother user experience.
I reached out to customer service, and they suggested switching to a different form builder. However, I’m wondering if the spam might not be coming from my frontend page, since I’ve set the content field as required. Even if I switch to another form creator, couldn’t attackers still exploit the Shopify API to send spam?
Has anyone encountered a similar issue and found a solution?