If you’re running a WordPress blog I’m sure you’ve seen a recent uptick in the number of spam submissions that have been coming through. Most of it seems to be Russian spam and the classic variants of “Hot singles in your area”.
The easiest way to take care of this is with a combination of two plugins. This is going to be specific to Contact Form 7 (CF7) but works with many of the different WordPress form builders.
Akismet Anti-Spam is a great tool that you should already be using. After you install the plugin, go to their website and sign up for a free account then you’ll be ready to activate Akismet on your blog.
The issue with Akismet is it only protects two fields that are used on most forms. The name field (where the user puts their name) this is done with the akismet:author attribute [text* your-name akismet:author] and the email address field with the akismet:author_email attribute [email* your-email akismet:author_email]. The downside of this is it doesn’t protect the comment field, which is where most of the spam is going to come through. Most bots are going to enter some kind of randomly generated and email address which will get by.
WordPress Zero Spam
WordPress Zero Spam has been the silver bullet for me. This is a zero-config way to stop spam, I’ve seen blogs go from 20+ spam submissions a day to only legitimate submissions.
After installing the plugin, make sure that the checkbox for “Contact Form 7 Support” is checked, which it is by default, and you’re good to go!
Methods I don’t like
Any solution that’s going to negatively impact the form’s conversion rate. This includes but isn’t limited to…
Contact Form 7 Quiz
Most of the time adding fields to your form that the user isn’t expecting is going to turn users away. I especially despise the example quizzes that contact form 7 uses. “What is the capital of Japan?” – Really? Come on, I can guarantee you there is a good percentage of the population that doesn’t know the answer to that or will at least misspell it.
Contact Form 7 has built-in integration for reCAPTCHA v3. Although Google has been steadily been improving this service and there’s no longer the “I’m not a robot” checkbox with a possible series of images – I think it requires too much configuration to get it working properly. Also, it’s configured on a per-site basis so if you’re running multiple sites it’s going to take longer to get it up and running as opposed to something like WordPress Zero Spam.
Contact Form 7 Honeypot
The Contact Form 7 Honeypot plugin was one of the primary bot defence tools, but over time it seems like the technique it’s using to catch bots has stopped working.
Hopefully, this was helpful for you, I’ve seen sites go from getting dozes of spam submissions a day to getting zero. I’m sure at some time in the future these methods will stop working and we’ll have to find a new way to combat this crap if so, I’ll make sure to update this post to reflect the new tools/methods to use.
If you have a question or comment drop it below.