Testing forms protected by CAPTCHA or anti-spam


Updated June 15, 2026 · also available in the in-app Help center

Formitor checks your forms by sending a real (synthetic) submission and then confirming the lead was actually delivered. Many forms sit behind a CAPTCHA or an anti-spam filter, which are designed to block automated submissions — so without special handling they would block Formitor's tests too and make a working form look broken.

The Formitor plugin solves this by recognising its own test requests. Every Formitor test carries a cryptographically-signed token; when the plugin sees a valid token, it lets that single request pass the protection — and nothing else. Real visitors are always fully protected, and the bypass only ever applies to the one signed test request.

Supported protections

  • CAPTCHA: Cloudflare Turnstile, Google reCAPTCHA v2 and v3, and hCaptcha — across WPForms, Contact Form 7, Elementor, Fluent Forms and Ninja Forms.
  • Anti-spam: CleanTalk (Spam protection by CleanTalk).

Do I need to configure anything? No. It works automatically once the Formitor plugin is installed and active. If a form behind a CAPTCHA or anti-spam filter is showing failures, make sure each site is running the latest plugin version (you can download it from the dashboard), then re-test.

Questions the docs didn't answer?

The in-app assistant knows your own sites, or reach us directly.