How To Prevent Bots With Web Forms

Blog No Comments

“Bots,” for those not familiar with the term, are computer programs that “surf” multiple websites to perform a variety of automated tasks. Short for “robots”,  an example of Bots includes those used by the Internet, which may also be known as Web robot or WWW robot. Some bots surf your website looking for web forms and email addresses to send you spam. Others probe your website for security susceptibility. In this article, I will tell you how to fix bots with your web forms.

Form Field Validation:

There are different types of validations you can perform:

  • Required fields
  • Correct format
  • Confirmation fields.

The most important information that should be validated is needed information – information without which operation cannot be performed successfully. While using web form, you can comfortably add a lot of validation fields to your form. It does not block your actual users. In fact, it only helps them if they have missed something on the form or made a typo.  For example, if you’re asking for an email address and the user enters an invalid number, bots can catch up on that . The equivalent goes for all kinds of fields such as names, email addresses, websites and so on. Required fields should be explicitly checked to inform users about what information has to be provided up front.

For Example, I am adding the required field in my web form.


Once I fill out the required fields then I add some wrong email address, after which you can see the result below in the screenshot.


Ban IP Addresses With .htaccess:

Sometimes, you just don’t want a particular person (or bot) accessing your website at all. One simple way to prevent them is to ban their IP address:


The case above shows how to block three different IP addresses. Seldom you might want to prevent a whole range of intelligent property addresses.


The above code will prevent any IP address starting with “192.168.” or “10.0.0.” from reaching your site.

Lastly, this  code will prevent any particular Internet Service Provider from getting access:



In web form you have a choice of not just one, but three different types of CAPTCHA test:

  1. Standard CAPTCHA
  2. Simple math CAPTCHA
  3. Google ReCAPTCHA


Standard CAPTCHA

The user sees a few letters on the screen to complete the form submission.


Simple math CAPTCHA

A math captcha is automated to prevent your form submissions by spam or bots, etc.




A number of your users can immediately attest people are human without having to solve a CAPTCHA.




Not only do spambots fight with identifying required fields, but they also fight with knowing CSS or JavaScript. The simplest answer, then, is to add a totally random field to specific form and then to drop it using any number of such methods. For example:


<input type=”text” style=”display: none;” name=”for”>

Also, you can use Javascript to remove the arbitrary field from display as the page loads, for example:

<div id=”fordiv”>
<label for=”for”>Leave this field blank</label>
<input type=”text” name=”foo” id=”for”>
<script type=”text/javascript”>

(function () {

   var e = document.getElementById(“fordiv”);




Notice how the field in the example has been given a label directing the user to leave the field blank on the off possibility they have JavaScript disabled.



I hope this blog helps you Prevent Bots With Your Web Forms. If you need clarification or have any questions, please leave a comment below.



Saud Razzak is the WordPress Community Manager at Cloudways – A Managed WordPress Hosting Platform. Saud is responsible for creating a buzz, spread the knowledge, educate the people about WordPress in the WordPress Community around the globe. In his free time, he likes to play cricket and learn new things on the Internet. You can contact him via email at m.saud(at)

We really appreciate you for visiting PremiumCoding and reading this article! Now you might also want to check out our Themes here.