Securing forms in Joomla
Form spam is a common issue with websites - this is when either the site administrators email, or worse, clients email addresses saved on the site get sent spam via an attack on the sites contact forms. This can be compounded if your registration form is unprotected as an attacker can then register false accounts and then send spam to these that appears to come from your site.
There are a number of steps you can take to mitigate this risk and improve the security of your Joomla site.
- Register for Google reCAPTCHA
Your first port of call will be to follow our guide on registering your site for Google reCAPTCHA - link opens in a new window. You'll need your Site and Secret keys to complete the following steps.
- Replace any Joomla contact forms and disable the Contacts extension (com_contact)
We suggest using a replacement for the in-built Joomla contact form and disabling the com_contact component. This can be found under the Extensions > Manage > Manage Search for contacts and click the green tick - it'll become a red cross to disable the Contacts extension.Suggested replacements include RSForm Pro (paid), RSContact (free) or Breezing forms (free and paid versions) - these all integrate with Google reCAPTCHA to secure your contact and registration forms.
- Switch from PHPMail to SMTP for sending emails
Visit System > Global Configuration Select the Server TabSelect SMTP from the Mailer drop-down and configure the remaining settings. You can either use details for an existing mailbox, or create a new one in cPanel for your site to use.
- Setup reCAPTCHA
Visit Extensions > Plugins and search for captcha.Enable whichever version of capture you've chosen CAPTCHA - reCAPTCHA (v2) or CAPTCHA - Invisible reCAPTCHA (v3)
Once enabled click on the plugin name and enter the Site and Secret keys for your site from Google.Click Save to complete this step.
- Enable reCAPTCHA for Joomla contact forms and disable user registration (if not required)
Visit System > Global ConfigurationThen select Users.Set Allow User Registration to No
Set Captcha to the version you setup in step 4.
Click Save to complete this step.
- Update Joomla, themes and all extensions to the latest version
As with any CMS based site we always suggest you keep up to date.
It can be useful to use the Softaculous (Clone or Staging) or Installatron (Clone) tools to create a copy of your site on which you can test updates before rolling them out on your live site.
Please make sure you have reliable backups before making any changes to your live site - so you can roll-back should there be any issues.