A client of mine was beginning to get a ton of spam through their contact form on their website and it seemed to be manual submissions because Captcha and other antispam bot efforts were not working.  Many of the spam entries were for SEO services or other web related marketing tactics.  One thing I noticed was that there were consistent keywords being used in these solicitations and I though if I could block those keywords I could prevent alot of the spam coming through the site.

Gravity Forms  for WordPress has all sorts of great addons both free and paid however this sort of keyword filtering is not an addon I could find.  I did some Google searches and came across a great post detailing how to accomplish exactly what I wanted. The only downside to this is you need access to your functions.php file and it cannot be implemented through a plugin.  Maybe soon someone will take this on as a plugin but until then here is how to accomplish this:

 * Use an array to search a string
 * Allows us to pass the stop words list and our post data
function strpos_arr($haystack, $needle) {
    if(!is_array($needle)) $needle = array($needle);
    foreach($needle as $what) {
        if(($pos = stripos($haystack, $what))!==false) return $pos;
    return false;
 * Our bad words validation function
add_filter('gform_validation', 'custom_validation');
function custom_validation($validation_result){
    $form = $validation_result["form"];
	$stop_words = array(
		'Sir/ Madam',
		'Sir / Madam',
		'Sir /Madam',
		'long term relationship',
	$stop_id = array();
	foreach($_POST as $id => $post)
		if(strpos_arr($post, $stop_words))
			 * We have a match so store the post ID and initiate validation error
			 $stop_id[] = $id;
	if(sizeof($stop_id) > 0)
		$validation_result['is_valid'] = false;
		foreach($form['fields'] as &$field) 
			foreach($stop_id as $id)
				$the_id = (int) str_replace('input_', '', $id);
				if($field['id'] == $the_id)
					$field['failed_validation'] = true;
					$field['validation_message'] = 'Please do not send us unsolicited messages';
    //Assign modified $form object back to the validation result
    $validation_result["form"] = $form;
    return $validation_result;

To add your keywords to the code just replace the words in the section called $stop_words with your own.

Thank you to http://www.blueliquiddesigns.com.au/ for this awesome bit of code.

This Post Has 58 Comments

  1. David Smith

    Hey Chris, definitely a handy snippet.

    If you’re looking for a plugin + UI to handle this, check out GP Comment Blacklist (part of Gravity Perks). A lot of users don’t know that WordPress offers a setting to specify a list of blacklisted words for your WordPress comments. It’s called the Comment Blacklist (available via the WordPress admin menu under Settings -> Discussion). You can add a lot of power to this setting with this unofficial list of recommended blacklist words:


    Combine that with GP Comment Blacklist, and you can extend that same blacklist validation from your WP comments to your Gravity Forms.

    If a UI isn’t important to you, you could apply that same list of blacklist words to your current snippet.

    Thanks for sharing. 🙂

    1. Chris Moore

      Thanks for the great tip, David! I will definitely have to check out Gravity Perks as well.

  2. J


    If you hit submit, this snippet works and gives you an error message when a word/phrase triggers the spam filter.

    However, if you just click submit again, the form will submit even with the word/phrase triggers still in the message/form field(s).

    Any idea how to fix?

Leave a Reply

Get in Touch

Please fill out the form below and we will get back to you ASAP

  • This field is for validation purposes and should be left unchanged.