Formitor checks your forms by sending a real (synthetic) submission and then confirming the lead was actually delivered. Many forms sit behind a CAPTCHA or an anti-spam filter, which are designed to block automated submissions — so without special handling they would block Formitor's tests too and make a working form look broken.
The Formitor plugin solves this by recognising its own test requests. Every Formitor test carries a cryptographically-signed token; when the plugin sees a valid token, it lets that single request pass the protection — and nothing else. Real visitors are always fully protected, and the bypass only ever applies to the one signed test request.
Supported protections
- CAPTCHA: Cloudflare Turnstile, Google reCAPTCHA v2 and v3, and hCaptcha — across WPForms, Contact Form 7, Elementor, Fluent Forms and Ninja Forms.
- Anti-spam: CleanTalk (Spam protection by CleanTalk).
Do I need to configure anything? No. It works automatically once the Formitor plugin is installed and active. If a form behind a CAPTCHA or anti-spam filter is showing failures, make sure each site is running the latest plugin version (you can download it from the dashboard), then re-test.