Formit spammers

Hi there,

is there a way to block an IP address from submitting forms via formit?
Being spammed quite heavily all from the same IP.

I can’t find anything online about this apart from adding extra security, but not sure that will work with this as the submissions are filling out all the fields (even with nospam enabled)


You could add a custom hook.
In the snippet check the value of $_SERVER['REMOTE_ADDR'] and return false if the IP matches the known spammer.

Also, maybe it works if you use the spam hook and set the property &spamCheckIp to true.

Thanks. I am using the spam hook but don’t understand how to set the property &spamCheckIp to true?

Is that within the hook call itself? Can’t work out the syntax. Also, how do I tell it which ip to check against?


If it’s one specific IP, just block them from your site entirely. Easy to do in your .htaccess or in a server control panel.

I don’t think the spam hook actually works anymore in FormIt (unless recent versions fixed it).

If you want to properly block spam, use Akismet.

Add &spamCheckIp=`1` to the properties in the FormIt snippet call:


You can’t. The “spam” hook (if it still works) uses the API from and they use their own list of known spammer email- (or IP-) addresses to check against.

Ah right of course. That makes sense. Prevent them getting to the site in the first place. I’ve had 189 submissions all from the same ip.

Will look at askimet too though if it continues.


Ah right I see thanks. I have multiple hooks but assume that will still work. Sounds like it might not actually work now anyway though. Will investigate.

Maybe have also a look here: Spam via contact form - #3 by jenswittmann

Do you have a captcha in place? That’s what I usually use to prevent unwanted form submissions. There’s the obvious Google reCaptcha but also alternatives like hCaptcha. ReCaptcha has also it’s own extra, but it’s not ready for the latest reCaptcha version if I’m not mistaken. For hCaptcha I gave an example how to implement it here.

It doesn’t have captcha - I prefer not to use it because users don’t like them much (who does!)
but will implement if the IP blocking doesn’t work.

I hadn’t seen hCaptcha so will give that a look - thank you!

This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.

+1 for Akismet.

FWIW, SPForm is remarkably spamproof, though it may not do what you want. I’ve been using it for many years (without the Captcha option) and have received only two or three spam emails, all of which appear to have been hand-written.

1 Like