How To Reduce Contact Form 7 (CF7) Spam

By James LePage
 on November 27, 2020
Last modified on January 7th, 2022

How To Reduce Contact Form 7 (CF7) Spam

By James LePage
 on November 27, 2020
Last modified on January 7th, 2022

If you are looking for a quick and easy way to reduce Contact Form 7 spam, this article is for you. Spam is a fact of life, and Contact Form 7 in its bare form is very easy to abuse. That's because it is one of the most popular form plugins out there, meaning that automated programs find it very easy to detect, populate, and submit. Contact Form 7 spam is a big issue for many website owners. 

Luckily, with that popularity comes a ton of options if you're looking to reduce or eliminate your spam messages altogether. In this guide, we are going to discuss several easy to implement ways to reduce and eliminate Contact Form 7 spam. 

One of the most popular ways to reduce spam on any website is by using a honeypot. Surprisingly, many people don't know about this method, which is free and easy to implement. Honeypot antispam functionality can reduce spam and eliminates the need for an ugly captcha. Honeypots are effective on Contact Form 7 due to the very reason that they get so much spam, it's incredibly popular and automated bot programs find it very easy to populate and submit information.  

A honeypot is a hidden field that human beings can't access an fill out. However, to a bot, it looks just like any other field, and will get filled out just like any other field with a spam message. If the honeypot software sees that this field is filled, it won't allow the bot to submit the spam message on the form. Again, humans can't access this field because it is hidden with CSS. That means that whenever it is filled out, it's a bot. 

You would be super surprised at how effective a honeypot is, especially on Contact Form 7 spam. When we installed this on a client website, we noticed a decrease to virtually no spam at all. Unfortunately, human beings spamming the form can still get around this. 

This should be your first method of defense against spam on any WordPress form, not just Contact Form 7. However, if you're looking for an easy way to implement a honeypot, there is a free plugin on the WordPress repository. The installation is very simple, just install the plugin, edit the Contact Form 7 form that is getting spammed, choose honeypot from the CF 7 tag generator, change the default element ID, insert the tag anywhere in your form, and publish it. 

While you can see the form tag on the back end, the field is hidden on the front end, and only bots will fill it out. Your users won't even know that that field exists unless they look at the source code of the website. 

If you need to go a step further, there are additional ways to reduce Contact Form 7 spam. 

You can always add Google's recaptcha bot software, but this can be annoying to visitors and should only be attempted after implementing a honeypot. The standard Google recaptcha is used universally to block bots. Version 3.0 includes a checkbox that assigns a score to a user. If the user is not about, the form is able to be submitted. All you need to do is set up a free API key, and install it onto your Contact Form 7 using the following plugin: 

we also really like the new invisible recaptcha plugin. This goes a step further and only activates the re CAPTCHA in cases where Google suspects that the visitor is not a human. It is completely invisible to most users. 

In the past, we have also used the CleanTalk universal anti spam plugin. This is a whole site solution that stops spam comments, registrations, contact emails, bookings, and more. It integrates directly with Contact Form 7 and utilizes it's cloud based antispam service to keep the entire website bot free. This stops the bots before they can even populate your form. It comes in at $8.00 per year, but works very well and will protect your website from virtually everything. 

Another plug-in that we have heard great things about, but haven't tested ourselves, is WPBruiser. this is also a complete website solution, and requires a extension to integrate with Contact Form 7. From what we have heard, it works amazingly, and the 187 five star reviews prove that point. It's completely self contained, unlike CleanTalk, and doesn't connect to any outside service. It automatically blocks bot IP addresses, it has a whole host of additional features. 

If you are looking to stop Contact Form 7 spam, we recommend implementing a honeypot, seeing where that goes, then going ahead and implementing an invisible recaptcha, and if that doesn't work taking a look at CleanTalk or WP bruiser. 

We hope that this article was helpful in your quest to reduce your contact form spam. If you have any questions, comments, or concerns, feel free to reach out in the comments section below this article. 

Subscribe & Share
If you liked this content, subscribe for our monthly roundup of WordPress news, website inspiration, exclusive deals and interesting articles.
Unsubscribe at any time. We do not spam and will never sell or share your email.
Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
2 years ago

Hi, my name is Erik, i just released the "Antispam for contact form 7" plugin. It has various methods to block spam without tracking or boring methods like recaptcha, uses (also) a self-learning mechanism to distinguish spam mails. Is different from the ones you proposed in this article might be of interest.... and of course feel free to talk about it, you can find the plugin here:
thank you

Article By
James LePage
James LePage is the founder of Isotropic, a WordPress education company and digital agency. He is also the founder of, a venture backed startup bringing AI to WordPress creators.
We're looking for new authors. Explore Isotropic Jobs.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram