The best way to stop spam in Contact Form 7

Spammers target everything especially your website forms

What is form spam?

Form spam is when unsolicited messages make their way through your website’s forms. Most messages are commercial, but some can be very dangerous, they may contain links that lead to phishing web sites or sites that are hosting malware. Spammers spam your website forms and everybody because it pays good money at least for someone. Think about spam on a global scale.

In this article, we are going to explore different methods that will finally allow you to prevent those annoying spam messages from reaching your inbox through your Contact Form 7 forms.


Akismet: Spam Protection for WordPress

Akismet is a powerful anti-spam service provided by Automattic used by millions of websites.

The first step is to activate the Akismet plugin. Akismet is bundled with WordPress so there is no need to manually install it.

To enable Akismet we first need to get an API key. If your site is a personal blog you can get a free API key. If you are planning to use it on a commercial site, I recommend you to get Jetpack.

Jetpack is provided by Automattic, the same company as Akismet, and the “Personal” and upper plans include an Akismet subscription that is equivalent to the Akismet “Plus” plan, also you will get a wide variety of features such as security, performance, and site management tools.

Using Akismet with Contact Form 7

When a user submits a contact form Akismet will automatically check and filter out the ones that look like spam. If a “spam” answer is the response, Contact Form 7 will reject the form submit and will show a message saying, “There was an error trying to send your message”.

To use Contact Form 7 with Akismet we first need to add additional form options. We can use one or more of these options, the more options we use better the results we will get.

akismet:author
We add this tag to the field where submitters input their names.

1
2
//Example:
[text* your-name akismet:author]

akismet:author_email
We add this tag to the field where submitters input their email addresses.

1
2
//Example:
[email* your-email akismet:author_email]

akismet:author_url
We add this tag to the field where submitters input the URL of their websites

1
2
//Example:
[text your-url akismet:author_url]

If you want to test if the spam filtering is working correctly, try entering viagra-test-123 into the name field or akismet-guaranteed-spam@example.com into the emai field, Akismet must return error response.


reCAPTCHA: Easy on Humans, Hard on Bots

reCAPTCHA is a free service from Google that protects websites from spam and abuse. A “CAPTCHA” is a turning test to tell humans and bots apart. Contact Form 7 is using reCAPTCHA v3 since v5.1. reCAPTCHA v3 returns a score for each request without user friction. The score is based on interactions with your site and enables you to take appropriate action for your site. It works in the background so users won’t even notice.

Activating reCAPTCHA in our Wordpress site.

The first step is to register our WordPress site. reCAPTCHA is a Google service so you need a Google account to use it.

Select reCAPTCHA v3 from the type options, and enter the domain of the website in the Domains field.

After you register a website, you will get a reCAPTCHA site key and secret key for the site. You need to Copy-paste in your Wordpress Contact Form 7 “reCAPTCHA” Integration menu page.

Now your contact forms use reCAPTCHA’s score to verify whether the form submission is from a human or a spam bot.


Thanks for reading, if you like the article be sure to subscribe down below to be the first to know when new articles are published. Also, we are always looking to improve if you got any constructive criticism let me know.

If you liked this article, consider becoming a patreon for $1, $5, $10 per month. Your support means so much!