Prevent contact form spam in WordPress with Contact Form 7 and Akismet

Preface

If you’re running WordPress and have a contact form on your website, there’s a good chance you’re using Contact Form 7. You can get away with using it as-is for a while, but as time goes on, spambots begin to find their way into your inbox.

At that point you have two options. You can deal with the spam via your:

  1. Website– prevent messages from ever being submitted.
  2. Inbox– tune your spam filter to delete those messages.

It seems logical to try and stop the messages as early as possible.

Most people would resort to something like CAPTCHA now, but I’m personally not a fan of it. I believe in keeping the user experience in tact for as long as I possibly can.

Enter Akismet, a service that can pretty reliably identify post comments containing spam. Luckily, what’s good for comments is also good for emails. It makes sense, too, because from a spambot’s perspective, both are submittable forms.

1. Enable Akismet

If you haven’t done so already, enable Akismet from the plugins page. It comes installed by default, but if you removed it, you can download it again from WordPress. Also be sure to obtain an API key, which is free for personal sites, and then enter it under Plugins > Akismet.

Screenshot of Akismet settings in WordPress

Image 1

2. Add Akismet to Contact Form 7

The best part is that Akismet is super easy to integrate with Contact Form 7. Simply add two new attributes, akismet:author and akismet:author_email, to the end of the name and email field respectively:

1
2
3
4
5
6
7
8
9
10
11
12
13
<p>Your Name <em>(required)</em><br />
    [text* your-name akismet:author] </p>
 
<p>Your Email <em>(required)</em><br />
    [email* your-email akismet:author_email] </p>
 
<p>Subject <em>(required)</em><br />
    [text* your-subject] </p>
 
<p>Your Message <em>(required)</em><br />
    [textarea* your-message] </p>
 
<p>[submit "Send"]</p>
<p>Your Name <em>(required)</em><br />
    [text* your-name akismet:author] </p>

<p>Your Email <em>(required)</em><br />
    [email* your-email akismet:author_email] </p>

<p>Subject <em>(required)</em><br />
    [text* your-subject] </p>

<p>Your Message <em>(required)</em><br />
    [textarea* your-message] </p>

<p>[submit "Send"]</p>

That’s it. Now if you try to send a spam message, you’ll get the designated error message (number four)  as defined on the contact form configuration page:

Screenshot of message responses for Contact Form 7 configuration page

Image 2

3. Test Akismet spam filter

With Akismet now enabled on your contact form, you can test it out:

Screenshot of Akismet demo with Contact Form 7

Image 3

One thought on “Prevent contact form spam in WordPress with Contact Form 7 and Akismet

Leave a Reply

Your email address will not be published. Required fields are marked *