Back

Using WordPress contact forms responsibly

9 March 2020

kayleigh

Contact form plugins are amongst the most downloaded kind of plugins for WordPress, and quite rightly so! Everyone wants to be easy to reach when creating a new website, especially if you’re trying to sell a service or create a community.

Because contact form plugins are so popular, we naturally spend a good amount of time on the support team helping troubleshoot issues that sometimes come along with them. Most notably spam issue: Because a lot of the popular contact form plugins for WordPress have millions of users, it means they’re a popular target for receiving spam.

What does a spam issue look like?

The issue manifests itself in a variety of ways. When you log in to the WordPress admin do you see a pending comment count of 10,000? That might be a sign you have a spam problem, or possibly a sign that you’re incredibly popular; so it’s worth checking the kind of comments you are receiving.

You might be getting a lot of emails directly from your WordPress site – these could be random contact form submissions, notifications of newly registered users, or even tonnes of comment and pingback alerts. 

Spam comments are usually nothing too dangerous to your site and more of a simple annoyance, but because it’s not usually a huge threat to your website they can be easy to ignore.

Sometimes you might not have noticed there is an issue with spam comments, but there are times when your hosting provider’s tech support will get in touch to tell you they’ve noticed a lot of mail stuck in the mail queue on the server. This is less obvious, because you can’t typically see this without command line access, but it means that the emails from your form have got stuck on the server and will not send, which leads to disk space being used up.

Keeping spam at bay – add a captcha

You’ll have seen a captcha image many times before; it’s the little verification box at the end of an online form which asks you ‘Are you a robot?’, ‘Do this easy maths question’ or ‘Click the pictures of bridges’. These little boxes are possibly the easiest way to secure your contact forms and prevent automated spam.

Popular plugins like Contact Form 7 have their own captcha integration you can enable within the plugin.

Enabling captcha on Contact Form 7

To enable captcha on the most popular WordPress contact form plugin, first you will need:

  • A WordPress website with the plugin ‘Contact Form 7’ enabled.
  • A Google account.

To enable a captcha on Contact Form 7, you first need to login to your WordPress admin area, and go to ‘Contact’ from the side menu, then select ‘Integration’ from the list of options.

You will see a page like this:

From this page you will see the ‘reCaptcha’ heading. To begin, select ‘Setup Integration’.

You will be taken to a page which asks for two bits of information; a ‘Site Key’ and a ‘Secret Key’. You will need to generate these at the following link: google.com/recaptcha.

You will be able to sign in to your Google account on this page, and it will take you to Google’s Admin console.

When you are signed in, click the ‘+’ icon to add a new captcha.

You will be taken to a page to setup your captcha. Fill in the name of your website, and then select ‘reCAPTCHA v3’, accept the terms of service and click ‘Submit’.

You will then be taken to a page which gives you the site key and secret key. Copy both of them and return to Contact Form 7 to enable them on your site. Once enabled, your Contact Form 7 templates will have a captcha option.

To access this go to ‘Contact’ from the WordPress admin area sidebar, then click ‘Contact Forms’ and select the form you wish to add a captcha to.

You should now see ‘reCAPTCHA’ in the list of available form additions. Simply click the button to add it to your form template, and hit save.

You now have a contact form with a captcha enabled: That should keep those pesky spam comments to a minimum!

Captcha plugins for other contact forms

If you are not using Contact Form 7, there are other captcha plugins available, some will add captchas to your built-in WordPress comment system, or even add them to existing contact form plugins such as Jetpack.

Here are a couple of the plugins that are compatible with the latest version of WordPress:

  • Advanced noCaptcha & invisible Captcha (v2 & v3)
  • Really Simple CAPTCHA

There are plenty of other captcha plugins available so you should be able to find one to suit your needs.

If you are ever unsure or need assistance adding a captcha to your WordPress site, please get in touch with our support team, we’re always happy to help make your site more secure!

kayleigh

Kayleigh is a member of our Customer Experience team here at 34SP.com. You’ll often find Kayleigh socialising at tech meetups throughout the UK. When she’s not learning about WordPress, Kayleigh loves to travel and is passionate about the WordPress community.