Data Hygiene: Minimize the Risk of Spam Contact and Contribution Creation

Any public facing fill-out form can fall victim to nefarious robots looking for a way to gain access to admin-only areas of your system or payment forms that can be used to test stolen credit card numbers. If they take hold of a given form, this can result in the creation of thousands of contact and contribution records. Since these robots are relentless and continuously adapt to new security measures, there is no 100% fool-proof method of stopping them. However, their activity can be limited by adding anti-spam measures to any front-facing fill-out form that can be submitted by anonymous users (users that are not logged in):

  • reCAPTCHA can be enabled in the advanced settings of any CiviCRM profile
  • If you use Webforms, anti-spam challenges can be added via a number of Drupal modules such as CAPTCHA*
  • If you use Caldera Forms, there are several anti-spam methods that can be used to protect WordPress forms
  • In addition to anti-robot challenges, protect online payment forms through the use of payment processor fraud protection and IP address blocking

IMPORTANT TIP: Every form should be tested by going through the entire submission process. You will want to use either an incognito window or log in/masquerade as an anonymous user. This will allow you to experience the exact process that anonymous user will have when submitting anything through your website. 

*Cividesk enables the relevant Drupal modules and reCAPTCHA challenges to applicable Webforms for new and migrating clients, as well as to any Webforms developed by Cividesk on behalf of our clients.