How to stop spam emails coming from WordPress’ Contact Form 7

Receiving lots of spam emails from contact forms on WordPress websites is always a big issue. The most commonly used plugin for WordPress is Contact Form 7, and this is highly targetted by spammers. Spam from contact forms can be a big issue for sites that get a lot of traffic and so, it results in receiving hundreds of spam emails every day. These are inconvenient and it makes it very difficult to spot the genuine messages in between all the spam.

Not only can you receive spam emails, if you have a WordPress Blog, but it will also be quite often the comments within your posts get bombarded with junk as well. Today, we will show you six different methods to reduce/remove spam coming from your WordPress website.

Note; – We don’t recommend using ALL of the methods we are going to list as WordPress websites should be kept clean and shouldn’t be overloaded with several unnecessary plugins. We recommend trialling one or two of the below methods and monitor how much spam you receive after they have been implemented. If one method doesn’t work for you, try another method until you are happy. We would recommend installing Akismet from being with.

1. Using Contact Form 7’s in-built anti-spam measures

You’ll find a lot of articles recommending CAPTCHA and quiz plugins that work with Contact Form 7. Most of these are unnecessary as it’s better to use the features already built into the Contact Form 7 WordPress plugin.

Quiz

Simple quizzes are becoming a popular way to combat contact form spam. They work by asking the user a simple question such as “Which is bigger, 2 or 8?”. Fortunately, bots can’t answer this question and as a result, only people who enter the correct response can submit the contact form.

To add a quiz, edit your contact form and click the Generate Tag dropdown. Paste the shortcode that appears below into your contact form. It will look something like this:


[quiz capital-quiz "Which is bigger, 2 or 8?|8"]

2. Minimum character count

Sometimes a lot of spam can come from bots that enter text with just 2 digits in a field, usually a number. If all of your spam messages follow an obvious pattern, you can block them by setting up your contact form to block messages that meets the pattern. In this case, we used Maximum and Minimum options in Contact Form 7 to require messages to be more than 20 characters long. Genuine enquires will usually provide more than 20 characters, so this blocks bots without frustrating real users.

The WordPress website featured in this article received a lot of spam contact forms with 2-digit messages – usually a number. I have no idea what they were trying to achieve, but it’s obviously a popular type of spam at the moment.

The Message/Comments field will look something like this:


[textarea* your-message minlength:20 maxlength:500]

Akismet

Akismet has a great reputation as being one of the best WordPress anti-spam plugins. Not everyone knows that it works with Contact Form 7 as well as blog comments.

Once you have activated the plugin and followed the on-screen instructions to add your API key (free for a non-profit-making website or a small monthly fee for business sites), you need to do a bit of extra config to make it talk to Contact Form 7 which you can read more about here.

In my tests, Akismet stopped about 70% of the Contact Form 7 spam but not all of it. It worked well in conjunction with some of the other solutions mentioned in this article. We no longer received any spam comments within the blog once this was activated as well.

4. Contact Form 7 Honeypot

Contact Form 7 Honeypot is a WordPress plugin that adds a hidden field to your contact form. Real users won’t complete it because the field is invisible. However, bots won’t know this and will fill it in. This allows the plugin to recognise them as bots and block their submission, clever right?

After you have installed and activated the plugin, use the Generate Tag option to create a honeypot shortcode to insert into your contact form. Note; this can be inserted anywhere within the contact form. It will look something like this:-


[honeypot honeypot-401]

5. reCAPTCHA v3

reCAPTCHA v3 returns a score for each request without user friction. The score is based on interactions with your site and enables you to take appropriate action for your site.

To set this up, you will first have to register your site on your Google Developers account. For full instructions, you can follow the guide here.

Then on your WordPress site you can go to Contact –> Integrations, all you need to do from here is enter your Site Key and Secret Key provided from your developer account.

6. Really Simple CAPTCHA

The Really Simple CAPTCHA WordPress plugin was created by the developer of Contact Form 7 so they work together seamlessly. The plugin allows you to add a CAPTCHA to your contact form. It’s designed to prevent bots from submitting forms on your WordPress website.

Once you have installed and activated Really Simple CAPTCHA, insert a CAPTCHA tag into your Contact Form 7 form. (Click the Generate Tag dropdown to see the available options and create a customised tag to paste into your form.) It will look something like this:


[captchac captcha-14]

You can find further instructions about this here.

Do note though that CAPTCHAs are becoming slightly old fashioned and are not great for user experience. They also require particular features to be enabled on your server, which may not be in place for your WordPress website.

We would recommend adding a quiz first (see point 1.), and only trying CAPTCHA if this doesn’t work. The two methods basically do the same thing. They prevent automated bots from submitting your website contact form – so you shouldn’t need both.

Conclusion

All WordPress websites receive spam in slightly different ways. What works for one website may not work for another.

When I had to stop Contact Form 7 spam on a WordPress website, we immediately achieved a huge reduction in spam simply by installing Akismet.

We fixed the problem completely by combining Akismet with the Contact Form 7 Honeypot plugin, a quiz and a minimum character count.

If you just want to add one method to reduce Contact Form 7 spam, then we recommend Akismet. This is the best standalone solution as it’s so powerful and comprehensive. You can use it whether you’re a WordPress expert or a beginner. It can make a real difference to your WordPress contact form spam.

If you still receive spam, try the Contact Form 7 Honeypot in conjunction with this, trust us, it will definitely help!

 

Nathan da Silva - Profile

Posted by: Nathan da Silva

Nathan is the Founder of Silva Web Designs. He is passionate about web development and web site design. His expertise is WordPress & Magento as well as many other frameworks. Would you like to work with Nathan? Send him an email on [email protected]

It’s good to share