Recommended releases

Download Released


Protected Forms is a light-weight, non-intrusive spam protection
module that enables rejection of node, comment, webform, user profile, contact
form and revision log submissions which contain undesired language scripts or
preset patterns.

How it works

If a user attempts to add a content with a trigger pattern in the name, subject,
body or any other textarea or textfield type field, then the submission
is rejected giving the preset error message.

Roles can be configured to bypass the Protected Forms validation.

The number of rejected submissions is shown on the Reports > Status report
(admin/reports/status) page.

The rejected messages are logged and can be viewed on the Reports > Recent
log messages
(admin/reports/dblog) page.

If IP address blocking module is
enabled, then threshold can be set for spammers to automatically get banned.


Download and place the recommended version of the module in your website's
modules directory, go to the Functionality page (/admin/modules) and
enable the Protected Forms module.

Alternatively, if you have Brush installed, then just run on CLI:

brush -y en protected_forms


Go to the Protected Forms configuration page
(/admin/config/content/protected_forms), set the allowed language
scripts, reject message text and the trigger patterns for rejection.

If you want to protect only anonymous submissions, then make sure to go to
Permissions page (/admin/people/permissions#module-protected_forms) and
put a check mark for authenticated user role next to the Bypass Protected
Submissions validation


Report all the issues on


The Protected Submissions module had initially been created for Drupal and has been ported to Backdrop by AltaGrade team.