6 ways to stop WordPress spam with Contact Form 7

A web marketing activity always requires respect for the customer
A web marketing activity always requires respect for the customer

5 ways to stop WordPress spam with Contact Form 7

The popular contact form Contact Form 7 for wordpress is often targeted by spam. Here are 6 simple but effective ways to fix the problem

Spam is a huge problem with contact forms on WordPress websites – both the websites we design ourselves and on a global scale. Customers often contact us to report spam problems generated by the contact forms of their sites. It is never possible to use methodologies and techniques that are valid for everyone, unfortunately it is always necessary to analyze each case on a case-by-case basis. The Contact Form 7 plugin is the most popular and free WordPress contact form builder and is therefore heavily targeted by spammers. Spam contact form submissions can be a huge problem for high traffic WordPress websites, receiving hundreds of spam emails every day. These are inconvenient and make it difficult to locate authentic messages among spam and generate customer discontent.

One of our customers recently complained that he received hundreds of spam emails a day despite some precautions we had taken. This led us to stop and think for a moment. And so we tested a number of methods to find the best solution, which I will now share with you. And the best part is that you don't need to be a WordPress expert to use them. You can also check out classified WordPress themes, which would be a great option for building your WordPress website. We have solved the problem at the root.

  1. Quizz
  2. Minimum number of characters
  3. Akismet
  4. Honeypot contact form
  5. Really Simple CAPTCHA
  6. Integration with Google reCAPTCHA

Should I use all the anti-spam methods you recommend?

In a word, no. I do NOT advise you to apply all the methods suggested in this article. A WordPress website should be kept as clean and as little behind the scenes as possible, and no unnecessary plugins should be installed. Instead, I recommend that you experiment with these solutions by trial and error, whether you are a WordPress expert or a beginner. Track how much contact form spam you get after implementing one or two methods, and make changes until you're satisfied. Install Akismet as a starting point, and take it from there.

1. Quizzes

Simple quizzes are becoming a popular way to fight contact form spam. They work by asking the user a simple question such as “The Capital of Italy? Rome". Bots cannot answer this question. As a result, only people who enter the correct answer can submit the contact form.

To add a quiz, edit the contact form and click the Generate Tag drop-down menu. Paste the shortcut code that appears below into your contact form. It will look something like this:

[quiz capital-quiz "Which is bigger, 2 or 8?|8"]

2. Minimum number of characters

Often, many websites designed with WordPress receive a lot of spam messages from the contact form with short, two-digit messages, usually a number. It is not very clear to me what the spammer's intent was other than to clog the site owner's mailbox with fake messages but it is a type of spam currently quite widespread.

If all of your spam messages follow an obvious pattern, you can block them by setting up your contact form to block messages that match this pattern. In this case, I've used the Maximum and Minimum Length options in Contact Form 7 to require messages to be longer than 20 characters. Genuine requests usually provide more than 20 characters, so this blocks bots without frustrating real users.

The Message/Comments field will look something like this:

[textarea* your-message minlength:20 maxlength:500]

3. Akismet

Akismet has a reputation for being the best anti-spam plugin for WordPress. Not everyone knows that it works with contact form 7 and blog comments.

Once you activate the Akismet WordPress plugin and follow the on-screen instructions to add your API key (free for non-profit websites, small monthly fee for business sites), you need to do some extra configuration for get him talking with Contact Form 7 – see https://contactform7.com/spam-filtering-with-akismet/.

In my tests, Akismet stopped about 70% of Contact Form 7 spam, but not all. It worked well together with some of the other solutions mentioned in this article.

Download the plugin from here: https://akismet.com/

4. Contact Form 7 Honeypots

Contact Form 7 Honeypot is a WordPress plugin that adds a hidden field to your contact form. Real users won't complete it because the field is invisible. However the bots won't know this and will compile it. This allows the plugin to recognize them as bots and block their sending.

After installing and activating the Contact Form 7 Honeypot WordPress plugin, use the Generate Tag option to create a Honeypot Shortcut Code to insert into your contact form. It will look something like this (contact form 7 recommends changing the ID to something unique, then replace 827 with something else):

[honeypot honeypot-837]

Download the plugin here: https://wordpress.org/plugins/contact-form-7-honeypot/

5. Really Simple CAPTCHA

The Really Simple CAPTCHA plugin for WordPress was created by the developer of Contact Form 7 to work seamlessly together. The plugin allows you to add a CAPTCHA to your contact form. It was designed to prevent bots from submitting forms on your WordPress website.

Once Really Simple CAPTCHA is installed and activated, insert a CAPTCHA tag into your contact form 7. (Click on the Generate Tag drop-down menu to see the available options and create a custom tag to paste into your form). It will look something like this:

[captchac captcha-14]

Further instructions on https://contactform7.com/captcha/.

Please note that CAPTCHAs are getting a bit old-fashioned and not ideal for the user experience. They also require certain features to be enabled on your server, which may not be present on your WordPress website.

I would recommend adding a quiz first (see above), and only trying CAPTCHA if that doesn't work. The two methods basically do the same thing. They prevent automated bots from submitting your website's contact form – so you shouldn't need both.

Download the plugin here: https://wordpress.org/plugins/really-simple-captcha/

6. Google reCAPTCHA integration

Google reCAPTCHA, along the lines of Really Simple CAPTCHA, is a more advanced system and uses a risk analysis engine designed to block abusive activity on your website. Check and prevent unsolicited operations while logging in, making unauthorized purchases on your ecommerce site, creating fake accounts and the improper use of your contact form by blocking bots in back, without you realizing it. You need to have a Google account in order to install the module. Once the account has been created, you will be directed to the console to request the code to insert in the CONTACT FORM 7 supplementary module.

Here you will find the instructions for the correct configuration: https://contactform7.com/recaptcha/

The setup is quite simple and requires only a minimum of attention. But the result will amaze you. An important note: by installing Google reCAPTCHA it will be necessary to modify and integrate the conditions of the privacy policy and cookie policy on the site.

I personally prefer the Google reCAPTCHA over the Really Simple CAPTCHA

What worked for me

All WordPress websites get spam in slightly different ways. What works for one website may not work for another. When I had to stop 7 contact form spam on a WordPress website, I instantly got a huge reduction in spam just by installing Akismet. Spam messages have decreased from dozens a day to 5-10.

I completely solved the problem by combining Akismet with the Contact Form 7 Honeypot plugin, a quiz and a minimum number of characters. If you want to add just one method to reduce Contact Form 7 spam, then I recommend Akismet. This is the best standalone solution as it is so powerful and complete. You can use it whether you are a WordPress expert or a beginner. It can make all the difference to WordPress contact form spam.

5 WordPress plugins recommended by Innovando
5 WordPress plugins recommended by Innovando