Securing forms in Joomla

Form spam is a common issue with websites - this is when either the site administrators email get sent spam via an attack on the sites contact forms. This can be compounded if your registration form is unprotected as an attacker can then register false accounts and then send spam to these that appears to come from your site.

There are a number of steps you can take to mitigate this risk and improve the security of your Joomla site.

  1. Register for Google reCAPTCHA
    Your first port of call will be to follow our guide on registering your site for Google reCAPTCHA - link opens in a new window. You'll need your Google reCAPTCHA Site and Secret keys to complete the following steps.
  2. Replace any Joomla contact forms and disable the Contacts extension (com_contact)
    We suggest using a replacement for the in-built Joomla contact form and disabling the com_contact component. This can be found under the Extensions > Manage > Manage
    Search for contacts and click the green tick - it'll become a red cross to disable the Contacts extension.
    Suggested replacements include RSForm Pro (paid), RSContact (free) or Breezing forms (free and paid versions) - these all integrate with Google reCAPTCHA to secure your contact and registration forms.
  3. Switch from PHPMail to SMTP for sending emails
    Visit System > Global Configuration
    Select the Server Tab
    Select SMTP from the Mailer drop-down and configure the remaining settings. You can either use details for an existing mailbox or create a new mailbox in cPanel for your site to use.
  4. Setup reCAPTCHA
    Visit Extensions > Plugins and search for captcha.
    Enable the matching version on CAPTCHA to that which you configured within Google.
    Once enabled click on the plugin name and enter the Site and Secret keys for your site from Google.
    Click Save to complete this step.
  5. Enable reCAPTCHA for Joomla contact forms and disable user registration (if not required)
    Visit System > Global Configuration
    Then select Users.
    Set Allow User Registration to No
    Set Captcha to the version you set up in step 4.
    Click Save to complete this step.
  6. Update Joomla, themes and all extensions to the latest version
    As with any CMS based website, we always suggest you keep up to date.
    It can be useful to use the Softaculous (Clone or Staging) to create a copy of your site on which you can test updates before rolling them out on your live site.
    Please make sure you have reliable backups before making any changes to your live site - so you can roll-back should there be any issues.


How did we do?


Powered by HelpDocs (opens in a new tab)
© Krystal Hosting Ltd 2002–