Spam Protection in Contact Form 7

Protecting our WordPress site from spam is not the most straightforward task. If we have an active form or turned on comments by default, we will get unwanted messages and advertisement.

In this article, I show you some method which can help you prevent spam when you are using Contact Form 7. There is a lot of available solution, and I don’t cover all of them just the ones I use and the ones I tried.

The spam protection techniques are the same no matter which type of form we want to protect, and it is also a multi-level task. We must defend our forms from invalid submit, but on our server, we also must have excellent protection to filter out the falsely approved messages. For us, this is mostly means to use Gmail (in case of emails) or any more significant email provider.

The spam is harmful because it can slow down our site and takes too much time to handle or delete it. Using WordPress and CF7, unfortunately, we will get a lot because both of them are way popular. So let’s see what we can do to prevent it!

What Is Contact Form 7

Contact Form 7 is one of the most popular contact form plugins for WordPress. Using it, we can achieve so much with so little effort when it comes to building forms of any kind. (https://hu.wordpress.org/plugins/contact-form-7/)

It is free and well supported with a lot of extension and information.

How To Protect Our Forms

The next solutions are the trusted ones by me. There are much more techniques so feel free to do more research.

Note that these solutions work by they own, we don’t have to set up all of them at one time.

Honeypot

When it comes to spam protection the most basic techniques is to prevent the bots from submitting the form; this can be achieved in a lot of ways, but all of it is based on some captcha which means to give information – read from a picture mostly – and submit it somehow. It is a highly effective method but not the user-friendliest, although the new reCaptcha can be hidden.

Unlike captcha, the honeypot works invisibly. The method is simple; it adds a plus hidden field to our contact form. The user doesn’t see this field so she/he won’t fill it, but most of the bots are primitive, so they set some data for the honeypot fields too. When it happens, the submit is aborted.

I like this method because it is easier for the user (and the developer if we use CF7), elegant and most of the cases it is working. You must know that this isn’t the ultimate – if there is any – solution but usually this is my first step. If I set up public form with Custom Form 7, I download the Honeypot plugin and set a simple field. Mostly this is works like a charm!

Add a honeypot:

  1. Download the plugin.
  2. Navigate to your form’s edit screen.
  3. Add a new Honeypot field.

Google reCaptcha

The reCaptcha is the foundation of the captchas. Now it runs on version three which is a little bit user-friendlier and mostly authenticates a valid user just by checking a checkbox. Although sometimes we also have to identify pictures for Google which is – I think – not a big prize for this protection. Google hate any form of spam so we can be sure this method is work with high efficiency.

The Google reCaptcha is integrated into CF7. You need to generate your API credentials and set it in the plugin, for more info check out the reCaptcha’s site.

If you have your API key navigate to Contact -> Integration and add it to your site.

Akismet

Akismet is a high-level spam filtering API developed by Automattic. It comes with all WordPress install. It filters millions of comments each week, so if we choose this, we will be quite protected.

After we activate the Akismet plugin, it will guide you through the setup steps. It has paid plan with support, but you can get a free account too (or name your price). It is integrated with well with the Contact Form 7; for more information check out the official description!

Always Protect Your Contact Form 7 from Spam

Spam is the wrong side of the internet. No matter what we do, we will get it. We are fortunate enough that today there is a lot of solution which can protect us, but in development, we have to implement them. In your next project try to install one of the solutions mentioned above!