How to protect Joomla site from spammers

How to protect Joomla site from spammers
Thank you for rating this article.

Spam is the way of life on the internet these days. We will get spammed at some time. So how to we defend from it? Learn how to protect you Joomla website from it in this article.

Depending on your website purpose and structure you can implement multiple solutions which are available to you some for free and some requiring subscriptions and payment for its services.
Let us explain some of the most known solutions such as Google reCAPTCHA, Akismet, HoneyPot and StopSpamForum and some of the server spam protections related to email spamming.


We have all seen that message on many websites asking us to click on I am not a robot when submitting something or doing something on websites we visit.
Google is well know player in anti spam fight and thankfully our beloved Joomla has support for it. To be able to implement Google reCAPTCHA in Joomla native contact forms you need to register at Google reCAPTCHA website so you can get keys needed for integration in Joomla. Visit Google reCAPTCHA website and click on button myRECAPTCHA and head on to enter site details. Joomla 3.X series supports Google reCAPTCHA version 2 and you need to select Checkbox field to proceed.
After that you need to insert domain names for which you want them to be active. Make sure you enter domain name in list containing www and non www prefix like in example screenshots bellow. After that you need to accept terms of use and click on Register button to get integration keys.

For Joomla we need Site key and Secret key, copy them and login into your Joomla administration and visit Plugins section and open CAPTCHA - reCAPTCHA plugin.
In there select version 2 from drop down menu and paste your site key and secret key in appropriate fields. After that is done you need to activate and set reCAPTCHA plugin as default one in Global Configuration of Joomla by visiting System - Global Configuration and selecting CAPTCHA - reCAPTCHA from drop down like in screenshot bellow.

After that is done your reCAPTCHA will be auto loading by all components which support loading and using Joomla default captcha plugin you might use on your website. In many cases different components and plugins might require you to insert Google reCAPTCHA
site and secret keys in their configuration panels and settings. But that is on site per site basis. But good thing is that almost every Joomla component or plugins which has some sort of spam protection support Google reCAPTCHA.

Update: Starting from Joomla version 3.9 it is possible to add Google Invisible reCAPTCHA and make interaction on your website even more easier.

Google reCAPTCHA website


Akismet Anti spam solution for Joomla

Akismet spam protection when comparing to Google reCAPTCHA is not free not counting free integration for personal blogs, and native integration into joomla is not posible without either some plugin or with little bit of coding.
We have seen that components which require interaction with users for example like community extensions (like JomSocial for example) and many others have implemented Akismet into their functionalities.

Akismet website

Project HoneyPot

Project HoneyPot anti spam solution for Joomla

This anti spam service is available for so many years now and it is a excellent way to fight spammers. If functions by simply creating hidden traps for spammers in non technical terms and it is free.
Integration is done by available api keys and if you do not want to get to technical you can use some of the plugins available in Joomla extension directory. We need to mention that many extensions available for Joomla have incorporated HoneyPot in their extensions.
Another way is to use for example security extensions such as Admin Tools by Akeeba and RSFirewall! by RSJoomla! where you can insert integration key received by HoneyPot and get another layer of spam protection.

Project HoneyPot website


StopSpamForum Joomla anti spam solution

This solution is based on ip addresses reported as spammers and it can reduce your spam rate it is widely available in many Joomla extensions. It operates on principle of reported IP addresses of users considered as spammers.
Integration is done by api keys which are generated after registration on their website.
More info is available on official website.

StopForumSpam website

Apache SpamAssassin

Apache SpamAssassin anti spam solution for website

SpamAssassin is one of the most known server inti spam solutions and it is widely available on many hosting platforms and it can greatly reduce your spam rate. It offers configuration where you can set rules
which will apply to your website needs but as with many it can produce false positive and block legit users. So you need to step with caution when setting it up and activating it.

General anti spam practices

When above automated solutions can not eliminate spam on your website you can take different approach. Here are some of them:
Making harder for spammers to post content to your website by setting different rules for your forms and parts for interaction on your website such as minimum length of titles, not allowing urls as titles, including no-follow tags to links posted, captcha challenges for newly registered members, moderation of new posts and comments.
One of great practices is also to enable report function on your forms and engage normal users to report spam content. If you get constant spam from some IP you can set block rules based on that IP address using htaccess file.
It all depends generally on site structure you have. Good practice is also to have hidden fields on your forms so that spam bots can not read your email addresses on your website, many of security tools available for Joomla can cloak them.

We hope that these guidelines will help you fight the spammers and make your website and your mailboxes clean of spam messages.
Feel free to comment below if we missed something or post on our forum if you need help setting some of the protections mentioned above.