Fully automated spam prevention for Contact Form 7 and WordPress Comments
Contact Form 7 is a great WordPress plugin that allows you to manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. However, on the other hand, it is also a potential place to send spam. Similarly, you can send spam using the comment form. To help with blocking, we have created WordPress plugin called Spam Prevention for Contact Form 7 and Comments that do not require any maintenance. Find out more in the next part of the post.
How do I stop spam emails from my WordPress Contact Form 7?
Once the user opens the page with Contact Form 7 form then by default it’s being rendered as originally defined, but without a special hidden input with a token. This input is generated when the user uses the scroll function. So each swipe up or down will generate an additional hidden element with a unique token that will be part of the form. This is to make sure that the form is not filled in by machines.
When the form is submitted then the token is sent as well. Missing token leads to rejection.
How do I stop spam emails from my WordPress Comment form?
The spam protection for the WordPress comments form is similar. The initial form is rendered with an empty value for the
action attribute. This will ensure that the form won’t be submitted at the initial load. That is what most automated tools do – load the page, fill in all the comment fields, and submit the form.
As with Contact Form 7, here the
action attribute gets the correct URL with the token as soon as the user moves the page up or down. The movement must be detected to determine human action.
Additionally the WordPress Comment API is being protected by submitting comment content directly by skipping the page where the comment form is available.
Protecting from spam sent through WordPress Contact Form 7 or WordPress Comment Form has always been a challenge. Our solution should enhance it and help with reducing getting spam.