January 17, 2011 - 5 comments

Protecting Contact Form 7 from Spam

Contact Form 7 is my favorite free WordPress plugin for making (you guessed it...) Contact Forms.  It's a very popular plugin, and that means that spammers have decided it's worth their hassle to write some scripts to spam you through Contact Form 7.

Assuming your viagra need are sufficiently filled, you won't be needing to see these emails.  So let's figure out how to stop those spam messages from getting to you without making life more difficult for the real people who might want to use your form.

Based on my experience, these three changes should help really cut down on spam in Contact Form 7.

  1. Spam filtering with Akismet: Follow these instructions to make Contact Form 7 use akismet to test and see if the submission is spam.
  2. Install Bad Behavior Plugin: Install Bad Behavior.  You can read more about BB, but it works in a unique way to test for spam.
  3. Install Cookies for Comments: Because most spam bots' browsers can't accept cookies, this plugin will try to set a cookie on a user and if the cookie isn't there then it considers it spam.  The plugin also tests to see how long it took the user to leave the comment.  If the commenter took a very short time (think a second or two) to leave a comment, chances are it's spam.

Once these three changes have been made, your contact form should let much less spam through.  Of course, if you want to try a paid plugin for contact forms, I personally really love Gravity Forms.


August 15, 2011 at 9:48 pm

hi Brad…
I just wanna ask if how to add bad word filter in contact form 7? I really need your help


March 28, 2012 at 1:01 am

This just saved me trawling through dozens of annoying (albeit hilarious) spam emails every morning.


cutter kom
November 7, 2012 at 10:11 am

Hey Brad!

I want to use the “cookies for comments” in combination with “contact form 7″ in the following way: A user should only be allowed to use the contact form once. Is this possible? and how?


    November 7, 2012 at 11:27 am

    You could write a custom cookie, or you could try Gravity Forms which I believe has that as a built-in option.


Leave a Reply