Onar Alili
Engineer
9 minutes to read
Securing Bricks Form: Effective Strategies for Spam Prevention
Bricks is a popular new website builder for WordPress. Like other page builders, it includes a form element. Typically, page builders are in the form of plugins, but Bricks is a theme. Its performance and lightness are highly praised. It’s important to note that Bricks Builder is a premium theme, which means there is no free version available.
In this post, we will explore the spam filtering options for Bricks Form Element. The tool includes two integrated options out of the box: reCAPTCHA and hCAPTCHA (since version 1.9.2). But you can also use other third party anti-spam plugins like ours, OOPSpam WordPress plugin and set up a honeypot field yourself.
OOPSpam WordPress plugin
OOPSpam WordPress plugin (that’s us 👋) is another way to stop spam on your Bricks Form and WordPress comments. The plugin works with OOPSpam API that protects over 3.5M websites daily. While the other alternatives above are free, OOPSPam API is a paid service. But it does come with free 40/month spam checks for you to test and see the difference.
It’s likely you have already tried the below options, and they didn’t work for you. It could be a slow website from reCAPTCHA or overwhelming spam you are still getting despite implementing the below alternatives. These are benefits OOPSpam has over other alternative:
- Doesn’t slow down your website
- Keeps your site accessible to all users
- Stops both human spammers and bots
The plugin’s settings page also allows you to adjust how sensitive your spam filter should be. Even leaving the default setting Sensitivity Level will help you reduce spam to zero.
In addition, the plugin allows you to set up a filter to accept or block submissions only from certain countries and languages.
✨ Since then, we have also added the Block messages from these countries feature.
Here are a few steps to activate spam protection for Bricks form element:
-
Subscribe to get an API key then copy-paste the API key to the plugin’s appropriate field under Settings->OOPSpam Anti-Spam on your WordPress Admin Dashboard.
ℹ️ Make sure to select OOPSpam Dashboard on the setting page
-
If you have Bricks installed then a special section will appear on the OOPSpam Anti-Spam plugin’s settings page.
-
On this page, you need to activate the spam filtering for Bricks Forms by checking the Activate Spam Protection checkbox. You don’t have to do anything on your form. Once you activate spam protection on the OOPSpam plugin settings, you are good to go.
-
Done!
reCAPTCHA
Bricks Form supports reCAPTCHA v3, a spam protection solution developed by Google. Although reCAPTCHA has visible and invisible modes, some people are concerned about privacy and potential accessibility issues in visible mode, as well as its impact on website speed. At this point, Bricks Form only supports v3, which is invisible by default. doesn’t require users to solve a challenge. Instead, it tracks the user’s behavior on your site and scores the user from 0 (bot) to 1 (human). The default score threshold is set to 0.5, but can be adjusted using the bricks/form/recaptcha_score_threshold
filter. Refer to the example in the official Bricks documentation for details. It’s recommended to keep the default threshold, but increasing it to a more aggressive level like 0.8 can be effective if you get spammed.
reCaptcha is a free and effective method for dealing with simple automated spam bots. Enabling Honeypot + reCAPTCHA is especially beneficial for new websites.
To activate reCapthca on your Bricks forms, enter the reCAPTCHA Site Key and Site Secret Key under Bricks > Settings > API Keys.
Follow these steps to obtain the necessary reCAPTCHA keys:
- Go to the reCAPTCHA website and click on the “v3 Admin Console” button located on the top right corner of the page.
- Sign in to your Google account if you haven’t already done so.
- On the Admin Console page, click on the “Add” button to register a new site.
- Fill in the required fields, such as your website domain name and reCAPTCHA type (v2 or v3).
- After you’ve filled in the required fields, click on the “Submit” button to register your site.
- You’ll be taken to a page with your site key and secret key. These are the keys you’ll need to integrate reCAPTCHA into your website.
Once you have entered the necessary keys, edit your form on your page. Scroll to the bottom of the page, find the “Spam Protection” setting on the right sidebar, and enable reCAPTCHA to activate it.
hCAPTCHA
Bricks Forms also supports hCAPTCHA (added in version 1.9.2), which functions similarly to reCAPTCHA and suffers from the same limitations.
hCaptcha integration can be either visible or hidden. The most significant difference between reCAPTCHA and hCAPTCHA is privacy, as hCAPTCHA is considered a privacy-friendly alternative. Setting up hCAPTCHA follows a process similar to reCAPTCHA. Navigate to Bricks > Settings > API Keys and input the hCAPTCHA Site Key and Secret Key.
and follow these step-by-step instructions to get keys:
- Visit the hCAPTCHA website: Go to the official hCAPTCHA website.
- Sign up for an account: Click on the “Sign Up” button and provide the required information to create a new account.
- Create a new site: Once you’re logged in, navigate to the “Sites” section or dashboard.
- Register a new site: Click on the “Register a new site” button or a similar option to register a new website.
- Provide website details: Fill in the necessary information for your website, such as the website name, domain, and any other required fields.
- Select hCAPTCHA type: Choose the type of hCAPTCHA you want to use. You can select between the “Checkbox” or “Invisible” options depending on your preference.
- Get Site Key and Secret Key: After completing the registration process, hCAPTCHA will generate a unique Site Key and Secret Key for your website.
- Copy the keys: Copy the generated Site Key and Secret Key and keep them in a secure location.
If you are receiving unwanted messages and have already attempted other solutions, it may be helpful to try hCAPTCHA. This option is both free and simple to setup. However, in some cases, switching from reCAPTCHA to hCAPTCHA may not make a significant difference, as spammers can now navigate around CAPTCHA solutions.
Honeypot
We previously talked about how the honeypot technique prevents bots from spamming your forms. Although it’s less effective now, it still works to some extent. Bricks Form doesn’t currently provide a built-in honeypot field, so you’ll need to create one on your own. The hidden honeypot field will not be visible to humans, but bots will regard it as a valid field. Bots scan website pages and complete all fields, including the invisible field in your form. Bricks form element declines any submission containing an entry in a hidden field.
Securing your form with honeypot is a bit of work, but can be easily done by following this video tutorial.
Final thoughts
All websites eventually get hit by spammers. As a website grows and gets more traffic it attracts more serious spammers with advance bots. Both hCAPTCHA or reCAPTCHA will protect your website to a certain degree but they are not enough for targeted spam attacks, manual spam and sophisticated bots. I hope this article helps you find a solution for your spam problem.
That is all! Go on and create your forms.
Happy spam-free day!