Spam has become so rampant and part of life that we feel something is wrong with our website or email address if we do not get spam on a given day, it’s a fact! Spam comes in through various channels, be it your email address, website or phone number. This blog is focused more around the spam that comes in through contact forms on WordPress sites,

Spam coming in through Contact Form 7 specifically.

As you can see the coverage of WordPress is huge on the web, and this popularity makes it an obvious target for spammers. Also, Contact Form 7 or CF7 is the most popular free form plugin for WordPress commanding a huge market share, which again is the reason it is exploited by spammers. As much as it seems that spam is inevitable and there isn’t a way of getting rid of spam completely, there are options to cut down on spam through contact form 7 by over 90%

We tested out multiple options on three of the WordPress sites we own to understand what is the best want to prevent spam through CF7. And we came to the conclusion that a single method by itself wasn’t enough, and using a combination of methods listed below was most effective to prevent spam

Methods for preventing CF7 spam

Obviously, the methods we listed here are the ones we tested and recommend ourselves, ensuring it is free (most of them) and usable by everyone. Deploying all the methods together wouldn’t do any harm but it would be best to test out the methods one by one. What worked for us may not necessarily work for you, and hence it is best to test and figure out what combination works for you with the least amount of friction for the users. As a thumb rule from a user experience perspective, it is always best to do the validation behind the scenes as much as possible, without adding any hurdles for the customer.

1. Contact Form 7 Quizzes

Contact Form 7 has a few tricks up its sleeve when it comes to spam prevention. And Quizzes are both popular and effective when it comes to spam prevention, however you do need to understand that this adds in that extra field for the user to enter which might cause a few drop offs. The functionality however is straight forward asking the user simple arithmetic problems like, what is 2 plus 4? Primitive bots won’t answer this and you can easily stop bots from submitting your form.

With the advancement of Machine Learning and Natural Language processing, bots are becoming smarter with the capabilities of processing information like a human would do. So, though quizzes are efficient now, it may not be the case in the future.

2. Character Count Requirement

This again is an inbuilt functionality within Contact Form 7 and is primarily useful for combating spam comments. A number of times, bots put in automated comments through forms while the comment itself might be a few characters. For us, a meaningful comment would mostly be more than 20 characters in length. You will probably have to test out the minimum admissible character limit a few times to find the ideal range for your website.

3. Email Validation Plugin

Antideo email validation is one of the most efficient ways of prevent both bots created spam and human visitors intentionally submitting spam via CF7 forms. The WordPress email validation plugin works in the background without creating any visible additional steps for the visitor, unless their entry doesn’t comply to the rules set. The Antideo Email Validator plugin does a number of email validation checks like syntax, disposable emails, free emails, generic emails, valid DNS records, valid MX records. In addition to the these features, the plugin allows you to maintain your own private whitelists and blacklists for domains and email addresses to block repeat offenders who get through all other validation checks.

4. Akismet Anti-spam Plugin

Akismet is by far the most popular WordPress plugin to prevent all kinds of spam and is invisible to the person entering your forms. The plugin is free for a personal blog or a not for profit website, and there is a fee if your website is commercial in nature. Once activated you would be presented with a number of options that you can pick and choose from, to equip your CF7 with different levels of anti-spam security.

5. CF7 Honeypot

Bots are designed to fill all fields in a contact form and that’s where the built-in Honeypot feature of Contact Form 7 becomes very effective. The Honeypot is invisible to human users and only visible to bots. It is essentially a field when filled, confirms that it is a bot trying to submit the form and then block it. Obviously this feature is solely aimed at automated submissions by bots and cannot prevent real humans from spamming the form.

6. Really Simple CAPTCHA

The Really Simple CAPTCHA is a WordPress plugin that was developed by the same coder who put together the Contact Form 7 plugin, so it goes hand in hand with CF7. It functions just like Google’s CAPTCHA to ensure bots are not able to submit spam through the form. CAPTCHA’s are slowly growing outdated as image recognition and processing are becoming insanely accurate. And CAPTCHA’s are real user experience killers on many occasions and might result in genuine people shying away from submitting an inquiry or a comment. But nevertheless, CAPTCHAs provide another layer of protection against spam bots.

Conclusion

As mentioned earlier, it is best to try out the methods as listed above one by one and find the combination that really works for you. For us a combination of AKISMET and our own email validator plugin has helped cut down spam by over 95%. It is always advised to adopt validation methods that do-not create additional steps for the genuine user and works in the background to prevent spam, keeping the user experience intact.

Feel free to comment any additional tools that you think we should add in the list or something in our list that has not worked for you.