Spam - use Salesforce web-to-lead form on WordPress site

What is the name of the domain?

gpex.com.au/contact

What is the issue you’re encountering

Spam Leads in Salesforce

What steps have you taken to resolve the issue?

Hi
We have recently switched reCAPTCHA to Cloudflare on Website for compliance reason. Since then we have received lots of spam, spam leads in Salesforce.

Followed instruction and setup client-side rendering. Submit button is disable until Cloudflare tick box is ticked.

First Name * Last Name * Email Address *

In terms of Server-side validation, does this have to be done in WordPress or Salesforce?

Thanks