Prevent contact form spam in WordPress with Contact Form 7 and Akismet

Stacked crates of SPAM containers.
You knew I was going to take it there, didn't you?

If you’re running WordPress and have a contact form on your website, there’s a good chance you’re using Contact Form 7. You can get away with using it as-is for a while, but as time goes on, spambots begin to find their way into your inbox.

At that point you have two options. You can deal with the spam via your:

  1. Website– prevent messages from ever being submitted.
  2. Inbox– tune your spam filter to delete those messages.

It seems logical to try and stop the messages as early as possible.

Most people would resort to something like CAPTCHA now, but I’m personally not a fan of it. I believe in keeping the user experience in tact for as long as I possibly can.

Enter Akismet, a service that can pretty reliably identify post comments containing spam. Luckily, what’s good for comments is also good for emails. It makes sense, too, because from a spambot’s perspective, both are submittable forms.

1. Enable Akismet

If you haven’t done so already, enable Akismet from the plugins page. It comes installed by default, but if you removed it, you can download it again from WordPress. Also be sure to obtain an API key, which is free for personal sites, and then enter it under Plugins > Akismet.

Screenshot of Akismet configuration page.
Akismet Configuration

2. Add Akismet to Contact Form 7

The best part is that Akismet is super easy to integrate with Contact Form 7. Simply add two new attributes, akismet:author and akismet:author_email, to the end of the name and email field respectively:

<p>Your Name <em>(required)</em><br />
  [text* your-name akismet:author] </p>

<p>Your Email <em>(required)</em><br />
  [email* your-email akismet:author_email] </p>

<p>Subject <em>(required)</em><br />
  [text* your-subject] </p>

<p>Your Message <em>(required)</em><br />
  [textarea* your-message] </p>

<p>[submit "Send"]</p>

That’s it. Now if you try to send a spam message, you’ll get the designated error message (number four)  as defined on the contact form configuration page:

Screenshot of Contact Form 7 message configuration.
Contact Form 7 Messages

3. Test Akismet spam filter

With Akismet now enabled on your contact form, you can test it out:

Screenshot of contact form filled out with spam.
Contact Form Test Submission

Featured image by Hannes Johnson.

Comments (2)

Previously posted in WordPress and transferred to Ghost.

Storm Dragon
January 31, 2016 at 10:52 am

Thanks for this. I found like 3 other guides that didn’t have the example as clearly written as yours. I tried putting the stuff in the mail tab lol.

April 29, 2022 at 7:53 am

Yes, the same content is everywhere. No one knows how to protect textarea.