Contact 7 WordPress spam prevention

It can be a big problem if your contact form has been hijacked, sending out masses of unsolicited emails

Your site and mail server could get blacklisted as a result. So it’s important to protect your contact form from abuse. 

Here’s a brief guide on how to do so

Keep your WordPress core and plugins up-to-date

The makers of WordPress and the owners and developers of the most common plugins currently installed across billions of websites, work constantly to keep their software to the most recent security standards. 

Like your computer or phone, having the latest software update ensures it keeps running smoothly and securely. Read more about What are website security updates?

You’ll need a few plugins to help keep Contact 7 Secure

Download the Contact Form 7 Captcha plugin by 247wd and Message Filter for Contact Form 7 plugin and activate them. We’ll go through the setup below

Contact Form 7 Captcha

This is the most simple one to set up. This plugin integrates with Google to enable a captcha, which you might have seen on some sites when filling in a form:

You’ll need a Gmail account to activate the ‘I’m not a robot’ feature.

But first, go to Settings / CF7 Simple Recaptcha


Make sure you’re signed into Google and click ‘You can generate Site key and Secret key here’ it will open a new tab in Google



Click the + button top right to add a new Captcha

Your settings should look something like this:

Replacing ‘Name of your site’ to your website, with the domain name of your site (no www) and click Submit



You should get sent to a page with the site and secret keys, copy these and paste them into your WordPress site, the page should still be open:



Paste the details below and click save.

I put a - in the Invalid captcha error messages, you can put anything you like, if it’s a spammer it doesn’t really matter what they see. 



This may not be enough to prevent all of the spam, some may still get through. So adding the below option can help too.

Message Filter for Contact Form 7 plugin

If you get a lot of spam in Russian (assuming you don’t have Russian customers) and you definitely don’t want people sending you links in messages, then this plugin is for you. We had a website that was constantly being targeted with spam, it’s reduced to a trickle now we’ve added this in.

Once activated, go to CF7 Form Filter / Settings



You can see a red dot here with a 1 in it, this is because the plugin has been active a while and there are spam messages it has stored.

Once in Settings, add the email addresses, words and if you want to block out messages in Russian add [russian] and any links  as [links] in the restricted words section 



Be sure to tick these boxes above too.

Did it help?

If you took the actions below and gave it a few days, did you see a big reduction in spam, or did you have problems? Let us know here - contact us