Protected Forms is a light-weight, non-intrusive spam protection
module that enables rejection of node, comment, webform, user profile, contact
form and revision log submissions which contain undesired language scripts or
How it works
If a user attempts to add a content with a trigger pattern in the name, subject,
body or any other textarea or textfield type field, then the submission
is rejected giving the preset error message.
Roles can be configured to bypass the Protected Forms validation.
The number of rejected submissions is shown on the Reports > Status report
The rejected messages are logged and can be viewed on the Reports > Recent
log messages (
If IP address blocking module is
enabled, then threshold can be set for spammers to automatically get banned.
Download and place the recommended version of the module in your website's
modules directory, go to the Extend page (
/admin/modules) and enable the
Protected Forms module.
Alternatively, just run on CLI:
brush -y dl protected_forms
brush -y en protected_forms
Go to the Protected Forms configuration page
/admin/config/content/protected_forms), set the allowed language
scripts, reject message text and the trigger patterns for rejection.
If you want to protect only anonymous submissions, then make sure to go to
Permissions page (
put a check mark for authenticated user role next to the Bypass Protected
Submissions validation option.
Report all the issues on