3 security tactics that can prevent your form from receiving unwanted entries

Imagine you’ve built a majestic form to register folks for your upcoming event.  

As soon as you send it to your list of prospective attendees, you get out of your chair and begin to jump around in celebration. Minutes later, even better news arrives: You’re already seeing form entries come in. Amazing! You quickly transition to your sitting robot dance. But as you take another look at the responses you notice that something’s off…

You don’t recognize the people who filled out your form, and the responses themselves make little to no sense.

Any form is susceptible to receiving entries from unwanted people or pesky bots. We’ve taken this to heart by building several features that can keep them at bay and ensure that your form only collects responses from the people you’re interested in.

Let’s breakdown the top 3 features that can give your form the protection it needs! 

1. Limit your form to one entry per IP address.

A common tactic for a spammer, and a person with nothing better to do, is to repeatedly take your form on a single computer or mobile device. After all, they might not have many computers or devices they can use.

You can block them from doing so by restricting the entries submitted from a given IP address to one

Just keep in mind that in certain cases, this isn’t ideal. Groups like family members or teachers might use the same computer at different points in the day. If you’re confident that this is the case for your audience, consider skipping this security tactic. In its place, make sure you adopt the following 2, and take a close look at the entries that come in to see if you can spot duplicates

2. Password-protect your form.

Sometimes, form takers do things that don’t float your boat. Maybe it’s sharing your form with a buddy or colleague, or, perhaps worse, posting it on social media.   

Prevent respondents’ unpredictable behaviors from hurting the integrity of your data by giving your form password protection. Once you have, any potential respondent will need to provide the password you’ve set up before they can answer any of the fields, let alone submit your form. 

Adding password protection doesn’t have to be permanent. You can remove it at will, and sometimes you should. Say you initially use password protection on an event form to limit the number of attendees you’d like to register. If you later discover that you want a whole lot more attendees, and your requirements for who you’d like to attend get loosened, you might consider removing the password protection. 

Note: For the sake of keeping your form as protected as possible, only remove password protection if you’re using the other 2 security tactics on this page. 

3. Add a CAPTCHA at the end of your form. 

Dear bots and spammers: You’ve met your match—thanks to our dear friend, CAPTCHA. 

You probably have first-hand experience with CAPTCHA. It’s that thing that asks you to either type in certain letters or identify certain images before you submit something—with the goal of filtering out computers. In fact, this is literally what the acronym stands for: “Completely Automated Public Turing Test to Tell Computers and Humans Apart.” 

When you add a CAPTCHA to your form, your respondents will be asked to complete one before they submit their responses. This effectively prevents you from dealing with bots’ and spammers’ entries, and teaches them that your forms are as impenetrable as a steel box.

You have the flexibility of deciding when to use a CAPTCHA. The “Auto” mode uses it when your form takers act sketchy, like taking your form several times from the same network. Alternatively, you can pick “Always Show,” which is exactly how it sounds. We recommend you pick the latter just cause it never hurts to keep your form more protected!

Once you’ve added these security measures to your form, you can be confident that your responses will come from the right people—giving you little reason to curb any celebrations once they pour in!


Add a Reply

You may use HTML for style.