Gravity Forms is one of the most powerful form builders for WordPress.
It’s flexible, feature-rich, and integrates seamlessly with countless plugins.
But like any form system, it can be misused.
One common issue WordPress site owners face is users submitting unwanted links or URLs inside form fields. These links can clutter your database, introduce spam, and in some cases even pose a security risk.
Fortunately, with just one small snippet of code, you can completely block links from being submitted into your Gravity Forms fields—while still allowing users to enter their email addresses.
In this guide, you’ll learn step by step how to:
- Install and use the Code Snippets plugin.
- Add a custom function that prevents URLs from being submitted.
- Apply the validation to a specific form and exclude the email field.
- Keep your forms clean, safe, and professional.
Why Block Links in Gravity Forms?
There are several reasons you may want to stop links from being submitted into your Gravity Forms:
- Spam Prevention – Bots and spammers often drop links in forms hoping to promote their websites.
- Clean Data Collection – If you’re collecting feedback, surveys, or customer input, you don’t want messy URLs cluttering up your entries.
- Security Hardening – Some links can redirect to malicious sites, creating unnecessary risk for your team or clients reviewing submissions.
- Professionalism – Preventing links ensures only relevant content is entered, keeping your data consistent and trustworthy.
The Tool You’ll Need: Code Snippets Plugin
Instead of editing your theme’s functions.php file (which is risky and gets reset when you update your theme), you can use the Code Snippets plugin.
Code Snippets is a free plugin that lets you safely add custom PHP code to your WordPress site without touching core files. It provides:
- A clean interface for adding snippets.
- The ability to enable/disable snippets without losing them.
- No need for a child theme.
👉 To install it:
- Go to Plugins → Add New in your WordPress dashboard.
- Search for Code Snippets.
- Install and activate it.
Now you’re ready to add your custom code.
The Snippet Code to Block Links in Gravity Forms
Here’s the exact snippet you’ll need. It works on Form ID 9, and blocks links in every field except the Email field (ID 2).
// Block URLs in ANY field of form ID 9 except the Email field (ID 2)
add_filter( 'gform_field_validation_9', 'block_urls_except_email', 10, 4 );
function block_urls_except_email( $result, $value, $form, $field ) {
// Skip validation for Email field
if ( $field->id == 2 ) {
return $result;
}
$nourl_pattern = '/https?://|www.|[a-z0-9-]+.[a-z]{2,}/i';
// Recursive function to check arrays for URLs
$contains_url = function($val) use ($nourl_pattern, &$contains_url) {
if ( is_array($val) ) {
foreach ($val as $v) {
if ($contains_url($v)) return true;
}
return false;
}
return is_string($val) && preg_match($nourl_pattern, $val);
};
if ( $contains_url($value) ) {
$result['is_valid'] = false;
$result['message'] = 'Message cannot contain website addresses.';
}
return $result;
}How This Code Works
Let’s break it down:
add_filter( ‘gform_field_validation_9’, … )
This tells Gravity Forms to run our custom validation function on form ID 9.
if ( $field->id == 2 )
This ensures the Email field (ID 2) is excluded, so users can still submit email addresses.
$nourl_pattern
This regular expression (regex) checks for any pattern that looks like a URL (http, https, www, or domain extensions like .com, .org, etc.).
$contains_url
A recursive function that checks arrays or strings to detect any URLs.
$result[‘is_valid’] = false;
If a link is detected, the field will fail validation, and the user will see the error message.
$result[‘message’] = ‘Message cannot contain website addresses.’;
This is the error message displayed when someone tries to submit a link.
Step-by-Step: Adding the Snippet
- Go to Snippets → Add New in your WordPress dashboard.
- Give your snippet a descriptive name, like: “Block URLs in Gravity Form 9”.
- Paste the code into the editor.
- Choose Only run on site front-end (important for form submissions).
- Save and activate the snippet.
That’s it! 🎉 Your form is now protected.
Testing Your Gravity Form
- Try submitting your form with a normal text response → ✅ It should work.
- Try adding a URL like
http://example.com→ ❌ It should trigger the validation error. - Try entering an email address in the email field → ✅ It should still allow it.
This ensures your form only accepts clean, useful input.
Final Thoughts
Blocking links in Gravity Forms fields is a smart way to protect your website from spam, keep your entries clean, and improve security.
Using the Code Snippets plugin makes it easy to manage this code without editing your theme files. And the snippet provided here is flexible—you can modify the Form ID or excluded field IDs to fit your needs.
👉 Now your Gravity Forms are safer, smarter, and more professional.
If you found this guide helpful, don’t forget to Like, Share, and Subscribe to our content for more WordPress tutorials, tips, and snippets. 🚀
