WS Form Spam Protection

Stop WS Form Spam Without CAPTCHAs

Every WS Form submission can hand spam straight to your entry list and your notification emails. ActiveLayer scores each one on the server and blocks the spam before WS Form saves the entry or runs an action. Real people just hit submit. No puzzle in the way.

Get Spam-Free WS Form →

Server-side AI

Zero CAPTCHAs

Blocks before the entry

1,000 checks free

Built by Awesome Motive. Software trusted by 30,000,000+ websites worldwide.

WPForms AIOSEO MonsterInsights OptinMonster WP Mail SMTP SeedProd

Everything Your WS Form Submissions Need to Stay Spam-Free

One per-form toggle, on by default, checking each submission before WS Form writes it down.

Server-Side AI

Every submission is scored by AI on our servers. There is no challenge to render and no widget loading in your visitor’s browser.

Zero CAPTCHAs

No puzzles, no checkboxes, no “select all the traffic lights.” Your WS Form forms render exactly as you built them.

Blocks Before the Entry

A spam verdict stops the submission before WS Form writes the entry or runs its actions. No entry row, no notification email, nothing to clean up later.

Per-Form Control

Each form is checked only if its protection toggle is on. Turn it off for one form from the form editor’s Spam tab, and the rest stay guarded.

A Clear Inline Message

A blocked submission sees a plain WS Form message: “Your submission was flagged as spam. Please try again or contact support.” Nothing a bot can learn from.

On By Default

WS Form protection switches on the moment your API key connects. Every form is protected by default, with nothing extra to configure first.

The Submissions Log

Every submission is logged, blocked or clean, under each form’s own label, so you can see exactly which form a check ran on.

Fails Open

If our API is slow or unreachable, the submission proceeds as if the check passed. A real submission is never lost because of an outage on our end.

Covers the Spoofable Path

WS Form’s public action post mode skips conditional logic but still saves the entry and sends email. ActiveLayer spam-checks it just like a normal submit.

Spam-Free WS Form in 3 Steps

Setup is the same shape as every other ActiveLayer install.

1

Install the plugin

Install ActiveLayer free from the WordPress plugin directory and activate it like any other plugin.

2

Paste your API key

Sign up at app.activelayer.com for 1,000 free checks, no credit card, and paste the key into Settings → ActiveLayer.

3

Protection switches on

WS Form protection is on for every form by default. You’ll see it under ActiveLayer → Integrations, with a per-form toggle if you ever want it off.

Why WS Form Sites Switch to ActiveLayer

Real submissions get through. Spam doesn’t. Nobody solves a puzzle.

Your Entry List Stays Clean

WS Form ships its own honeypot and IP throttling, and that catches some of it. But the spam that gets through lands in your entry list and triggers a notification email before you ever see it. ActiveLayer adds a synchronous AI check that runs first, per form, so a spam verdict stops the submission before WS Form writes the entry or sends the email. The entries you read are from real people, not a backlog you have to sort through later.

WS Form contact form showing an inline message blocking a spam submission
A WS Form form with no CAPTCHA in the way

The Check Runs Before the Entry Is Saved

ActiveLayer scores each submission on the server, in the same request, inside WS Form’s own validation and before the entry is written or your notification emails go out. A spam verdict returns a plain inline message and writes nothing. The spam never becomes an entry, and a real visitor never notices the check ran. There is no challenge to solve and no change to how your form looks.

Watch It Work in the Submissions Log

A spam filter you can’t see is one you can’t trust. ActiveLayer logs every submission it processes, blocked or clean, in ActiveLayer → Submissions. WS Form checks show up under each form’s own label, with the verdict and the score behind it, so you can tell one form’s traffic from another. If a real submission ever gets caught, open the entry and report it. The AI retrains on that signal, so the same mistake gets less likely over time. You audit the door instead of trusting it blindly.

ActiveLayer Submissions log showing blocked WS Form submissions across multiple forms by their form labels
A clean WS Form entry list with no spam submissions

Visitors Don’t Have to Prove They’re Human

Submitting a form is a high-intent moment. Someone decided your form is worth filling out, so the last thing you want is a puzzle between them and the send button. ActiveLayer works entirely server-side with hidden signal fields injected into the form, so there is no challenge to solve and no change to how the form looks. Real visitors just submit, while the AI scores it behind the scenes.

Frequently Asked Questions

Everything you need to know about protecting WS Form submissions with ActiveLayer.

How do I enable ActiveLayer for WS Form?

Install the free ActiveLayer plugin, then paste your API key in Settings → ActiveLayer. WS Form protection is on for every form by default the moment the key connects, so there is no separate step. You can confirm it under ActiveLayer → Integrations, where WS Form shows with a per-form toggle, and the same toggle lives in each form’s editor on the Spam tab.

How do I turn protection on or off for a single form?

Open the form in the WS Form editor and go to the Spam tab. ActiveLayer adds its own fieldset there, after WS Form’s honeypot and IP-throttling settings, with a single “Enable” checkbox. Toggle it off to stop checking that one form. The same per-form toggle is mirrored on the ActiveLayer Integrations screen, and the two stay in sync in both directions. Every form is enabled by default.

When exactly does the spam check run?

Synchronously, inside WS Form’s own submission validation, before WS Form writes the entry or runs any of its actions. So on a spam verdict, no entry row is saved and no notification email, webhook, or integration fires. The check happens in the same request as the submission, not in a background queue, so a blocked submission is stopped on the spot.

What does a blocked visitor see?

WS Form shows a plain inline message: “Your submission was flagged as spam. Please try again or contact support.” No entry is written and no actions run. The message gives a bot nothing to learn from, and you can override the wording in code with a filter if you want something different.

What does this protect, and what does it not?

It protects real form submissions on WS Form Lite and Pro, including the public action post mode that skips conditional logic but still saves the entry and sends email. A few things are deliberately out of scope. Draft saves are never checked, so saving a partial form always passes. A form with its per-form toggle disabled is not checked, and only that form is affected. And nothing is checked when no ActiveLayer API key is configured, or when the API is unreachable, in which case the submission passes through untouched.

What signals does the spam check use?

The submitted fields, mapped into name, email, message, and website slots, plus hidden environment, behavioral, and honeypot signals ActiveLayer adds to the form. Because WS Form rebuilds the form in the browser as it renders, the plugin injects those signal inputs into a hidden sibling box and a small bridge script clones them into the form after WS Form finishes rendering. They are invisible to visitors and don’t change how the form looks.

Will real submissions get blocked?

ActiveLayer only blocks on a clear spam verdict, and it fails open. If our API is slow, unreachable, or your quota is used up, the submission proceeds as if the check passed. A real submission is never turned away because of an outage on our end. You don’t have to take it on faith either: every checked submission lands in the Submissions log with its verdict, confidence score, and signals, so you can audit every decision made at your door. If a legitimate submission is ever caught, report it from the log and the AI retrains on that signal.

Does it work with WS Form Lite and Pro?

Yes. ActiveLayer activates whenever WS Form is present, and both the free Lite edition and the commercial Pro edition are supported. The spam gate hooks WS Form’s own submission validation, so it runs after WS Form’s nonce, required-field, and honeypot checks and before the entry is saved or actions run. It works the same whether your form is rendered by shortcode or block.

I also build forms with WPForms. Are those covered?

Yes, by a separate integration in the same plugin. ActiveLayer ships 16 integrations, all managed from one settings page, and WPForms is one of them. So your WPForms forms are protected through the WPForms integration, while your WS Form forms are protected through this one. One ActiveLayer key covers every integration on the site.

What if your API goes down or times out?

ActiveLayer fails open. The submission proceeds as if the check passed, and your form never breaks because we had a bad afternoon. The same is true if your quota is exhausted. Spam protection resumes automatically the moment the API is reachable again.

How much does ActiveLayer cost?

Free plan: 1,000 checks in total, unlimited sites, no credit card. Pro: from $5/month for 5,000 checks, scaling up to 250,000. Enterprise: from $149/month for 500,000+ checks, custom SLA, SSO, dedicated support. Every plan covers unlimited sites.

Every Form. Zero Spam Entries.

Connect your key and your WS Form submissions are protected by the time you finish your coffee. No CAPTCHA to configure, nothing to tune.

Get Spam-Free WS Form →

1,000 checks free · Setup in minutes · No credit card required