Security in web design
6. April 2022In Security3 Minutes

Secure contact form

Today I want to talk about on how to make your contact form (with contact form 7) more secure and avoid a high number of spam mails.

So let’s talk about another issue regarding the safety of a website, the secure contact form. Most websites do have a contact page and a contact form. Many of them are using the well known contact form 7 for WordPress.

To make the contact form more secure and to avoid endless spam mails I would really suggest at least two meassures. First of all the installation of the plugin Honeypot for WordPress is a good start. The plugin simply creates an additonal field invisible for real visitors of the website and users of the contact form. What does that mean? Well, the real user of course does not see this additional field and can not fill this field with any data. The spam bots on the other hand understand this field as a normal contact form field and add some content. And here we go, you are a spam bot! That’s great, isn’t it?

Now the second important action. Google provides the reCaptcha for many years. Maybe you know those things where you have to put a letter in a box or you have to identify certain things from an image before you can send a contact form. With reCaptcha v3 it is even getting better. There are no such annoying things for the user of the website and the contact form anymore. Google just identifies the bots and gives you all the information on a daily basis, i.e. how many “dangerous” inquiries the website had, from where they are coming and more. The setup of Google reCaptcha with contact form 7 is quite easy. The only thing necessary is a general account at Google. Then we can start adding a website on Google reCaptcha and we will get some keys to implement the reCaptcha on a website. Also the implementation is really simple. In contact form 7 menu there is an integration where the version of reCaptcha can be chosen and the keys from google can be added. That is all, great again!

Of course there is always the possibilty to use a Captcha plugin for contact form 7 and WordPress, with the features I mentioned before i.e. a photo box where users have to choose certain things like ships, cars, trucks and so on. Still I really recommend Google reCaptcha v3.