If you have a new website that uses contact form 7 with WordPress then there’s a good chance you’ll get a lot of spam messages coming through. When you don’t have great spam filters or Recaptcha set-up you can easily get hundreds of weird and inappropriate messages. Your contact form should be there to get you new business and work from potential customers.
If you are looking for info on contact form 7 we have a number of useful blogs:
How to use Contact Form 7 to create a registration form
How to automatically generate a custom post with a contact form
How to stop spam on Contact Form 7
How to add conditional fields using contact form 7
How to make a multi step form on WordPress
How to create a ticket system in WordPress COMPLETELY FREE
Contact Form 7 Examples and Templates
How to show two columns on Contact Form 7
Contact Form 7 not working: How to fix
Why do I get so much spam on my Contact Form 7?
Contact Form 7 is one of the most widely used plugins for WordPress, so it’s heavily targeted by spammers. The more traffic you get to your website the more spam you’re going to get, so you could potentially get thousands of spam emails every single day. You might get so much spam that you could lose potentially real customers in all the messages. The best way to stop spam is to stop it from ever getting to you in the first place, it’s important to know how these spammers work in order to stop them. The two main ways that spammers use to send emails are:
Dictionary Harvest Attack: A dictionary harvest attack is when spammers attempt to find valid email addresses by randomly sending mail to common mailbox names for a domain, such as info@mydomain.com or admin@mydomain.com. You can minimize spam generated by ensuring that your email account names are unique and specific. Examples: mycompany.admin@mydomain.com, mydepartment.info@mydomain.com.
Email Harvesting: Email harvesting is when spammers use several techniques to find valid email addresses to send spam. Once an email has been harvested and identified as valid and responsive, the email address goes on a spam list. Spam lists may then be traded or sold in bulk, making the email address available to more and more spammers as time goes on.
Email harvesting is more widely used and the most inconvenient to be part of. Once your email has been added to an email list and you’ve been identified as active it’ll be sold around to lots of different places and you’ll get inundated with spam. The best way to avoid receiving large quantities of spam is never to be placed on these lists in the first place. To do that, it is helpful to know what ways a spammer can harvest your email address.
How do spammers get my email address in the first place?
Spammers use tonnes of different methods to get your email address. Once you have been added to that email address there’s you’ll be sent spam every day and your email address will be traded and sold.
Below is a list of the most common methods that spammers use to harvest your email address.
- You signed up to a mail list on a website and they then sold your email address.
- You signed up to a website to comment on a forum or get some content, your email might have sold on or their website was hacked and the emails gathered.
- You sent an email to someone, and they forwarded it to someone else who harvested your email.
- Someone could have simply found your email address anywhere online, or in-person and added your email to their list without your permission.
As soon as you put your email online, it could get harvested by anyone, unfortunately (like taxes) it’s inevitable. So it’s important to implement some anti-spam measures on your website.
What is the best way to prevent spam
The best way to prevent spam is to be very careful where you put your email. Don’t subscribe to tonnes of newsletters everywhere you go on the internet and don’t put your email in forums and other areas that arent well protected.
A good way to avoid spam on your main email address is to create a “spam” email address for things like discount codes etc.
If you receive an email with a subject line that looks a bit dodgy, don’t open it. Many of these spammers have software that tells them if you have opened their email, so they know you are an active account, and they then send you more emails!
Make sure your computer and website doesn’t have any malware or viruses. Sometimes spammers use another device so their ip address cannot be tracked.
Don’t put your main password on any website. There is software that can search through websites and find an email address.
Use secure passwords, I would highly recommend using password management software like Last Pass. This is a Google Chrome extension, so it attaches to your browser. It can automatically generate a super secure password for you and store all of your passwords in a “vault”. This makes it easier to keep track of all of your passwords, allows you to find them by searching the website, generates secure passwords, automatically fills them out then logs into a website and overall keeps you much more secure online.
How to stop spam from getting sent through by Contact Form 7?
There are tonnes of plugins and ways to stop spam getting sent through by Contact Form 7. We will go through a few plugins that helps massively in preventing spam via contact form 7.
Using ReCaptcha on Contact Form 7
By default, Contact Form 7 has recaptcha built in, so you don’t need to download another plugin to get this working. It’s very simple to use, you just need to create and set up your Google reCaptcha account and insert the site and secret key. To learn more about this and sign up go to the Google ReCaptcha website.
Google recaptcha is probably the most widely used and reliable anti-spam protection out there. When you fill in a form and it asks you “Are you a robot?”, or when it asks you to click on the images of a traffic light, this is recaptcha!
Akismet to stop spam on WordPress
Akismet is very widely used on WordPress, is often put on the default installation. It automatically checks your comments and contact form submissions against a global database of spam to prevent your site from publishing malicious content. The plug-in automatically checks all comments and filters out the ones that look like spam. Akismet is completely free. The only issue is that it doesn’t actually protect you from spam emails coming through, so this alone won’t prevent everything. However it should stop any spam comments popping up on your blog posts.
Contact form 7 Quiz
Another built in option on Contact Form 7 is the “quiz” functionality. This allows you to ask a the user a question that they must answer correctly in order to submit the form, this could be any from “What’s the capital of the United Kingdom”. This would be easy for any human to answer but to a computer, or spam bot, cannot do this. Even something like “what is 3 + 5”, would work to prevent bots from submitting a form.
Contact Form 7 Honeypot to prevent spam
As we have learning in this post, most spam you get from contact forms are done using bots. And bots are not very smart, bots are programmed to blindly fill in all the forms on a contact form whether it’s visible or not, this is how we know if they are spam. If a bot fills in an invisible form, that a human cannot see, we know it’s a bot. This Honeypot plugin adds an additional hidden field that bots automatically fill in. This plugin now also has a filter that identifies how long it takes to fill in a form. A human might take 20 seconds or so fill in a form (depending on the size of the form) but bots are a lot faster, so you can set the time. If it the form is filled in too quick, then we know it’s a bot. You can download the plugin for free here.