Spam Protection in Divi Form Builder (Divi 5)

Divi Form Builder offers several ways to reduce spam. In Divi 5, configure them in the Form module’s Content tab under Spam Protection.

Prerequisites

Before enabling advanced spam controls:

• Confirm the form is already working without spam tools enabled.
• If using reCAPTCHA, create keys at Google reCAPTCHA Admin.
• Add your site domain correctly in your reCAPTCHA project.
• Make sure site key and secret key are saved in the correct environment.

Where to find it (Divi 5)

Select the Form module in the Divi 5 Visual Builder → Content tab → Spam Protection section.

Options

1. Google reCAPTCHA

• reCAPTCHA v2 — Checkbox or image challenge. You need a reCAPTCHA site key; add it in the form’s Spam Protection settings and select reCAPTCHA v2.
• reCAPTCHA v3 — Invisible; uses a score. Add site key and secret key, set the score threshold. Often better for UX.

2. Basic CAPTCHA

Simple math (e.g. “4 + 11”). Enable Add Basic CAPTCHA field? and optionally set custom text.

3. Honeypot CAPTCHA

Hidden field that bots tend to fill; if filled, submission is treated as spam. Enable Add Honeypot CAPTCHA field? (often on by default).

4. Hide Submit Button Until Validation

• Field Validation — Submit button appears only when a specific field matches a value (e.g. a “human check” field).
• Time Validation — Submit button appears only after a set number of seconds (reduces fast bot submissions).

Configure Validation Type, field ID (for field validation), or wait time (for time validation).

Recommended baseline setup

For most forms:

1. Enable Honeypot CAPTCHA.
2. Add reCAPTCHA v3 with a sensible score threshold.
3. If spam persists, add Time Validation to slow fast bot submissions.
4. Use Basic CAPTCHA for high-risk forms where visible friction is acceptable.

Verify it works

After setup, test with normal and spam-like behavior:

• A normal human submission succeeds.
• Known bot-like fast submissions are blocked or challenged.
• No major increase in false positives from valid users.
• Submit button timing/validation behavior matches your configured rules.

Common failure scenarios

• reCAPTCHA not rendering: check key type (v2 vs v3), domain mapping, and cached script conflicts.
• Valid users blocked too often (v3): lower threshold slightly and retest.
• Spam still getting through: combine honeypot with reCAPTCHA and time validation.
• Submit button never appears: verify selected validation field ID and expected value.

What's Next

• Form settings - configure redirects and notifications after spam checks.
• Form AI - Start Here - secure AI-enabled forms against abuse.
• Form payments - harden payment forms with layered anti-spam checks.