There are many ways to prevent SPAM from bots.
However, these techniques only start when the form can already be used - that is: is available for the bot.
Years ago, to reduce SPAM on contact forms, I suggested an extension to a Wordpress plugin, which I now use everywhere: For contact forms, but also for login pages or even for the whole forum.
What is the trick?
Easy: The shortcode for the forum is embedded in the encode shortcode. And then only "real users" can access the content via the browser (or really good scripts that simulate a browser session).
This plugin is to be used:
There are no settings to adjust in the plugin to make it work. However, it is helpful to activate the "lock icon" (temporary). Because then you can see that the encoding works.
It is important to use the code snippet above 1:1, otherwise the shortcode will not be interpreted!
Maybe this hint can be included in the FAQ section... I'm happy to provide more details or help here.