In addition to receiving spam emails from your own website, spam can ruin the reputation of the IP address your mail server uses and make emails sent from it flagged as spam.
This means that your emails to all recipients could end up in the spam folder, which is definitely not good!
Contact Form 7
When setting up a contact form on your website, it’s very important to protect it from spam bots.
In this article, we’ll teach you how to protect your website from spam bots using one of the most popular contact form WordPress plugins out there: Contact Form 7.
If you don’t have it installed yet, you can install Contact Form 7 plugin via your WordPress dashboard > Plugins section > Add New.
Search for the word “contact” in the search bar at the top-right corner and then click the Install Now button under the Contact Form 7 plugin:
Once the plugin is installed, go ahead and activate it from the same screen.
If you want to set up a new contact form on your website, you can do that via the Contact > Add New feature:
Now that we have a contact form added and configured, we need to set up spam protection (reCAPTCHA) for it. This keeps those spam bots away and your emails away from spam boxes!
In this example, we’ll use reCAPTCHA v3, which is the latest version of reCAPTCHA API, and it works completely in the background of your website.
This means that your users don’t need to perform any actions to verify that they’re humans like reading blurred text, selecting items on multiple images, or even ticking the “I’m not a robot” checkbox.
Note: If you were using reCAPTCHA v2 previously, you would need to generate a new set of API keys, as they’re different for v3.
The first step is to register your WordPress website with Google as reCAPTCHA is a Google service.
Head to the My reCAPTCHA page, and sign in to Google with your Google account. Upon login, you will see a simple form to register your new website:
Next, perform the following steps:
- Put in the label (name) of your website to be able to identify it easily
- Select the reCAPTCHA v3 type
- Input the domain name of your website (without the https:// or www parts). If you plan to use reCAPTCHA on any subdomains on your domain name – add those as well
- Put in additional owner email addresses, if required
- Select the “Send alerts to owners” checkbox to receive alerts in case something is wrong with the configuration
Once completed, click the Submit button.
Once your website is registered, you will receive Site and Secret keys:
Go back to your WordPress dashboard > Contact > Setup Integration under reCAPTCHA:
Click the Setup Integration button under reCAPTCHA section, and fill in your Site and Secret keys (that you received from Google in the step above):
Click the Save Changes button to finish the configuration, and you’ll see a confirmation message:
That’s it! Any contact form you’ve set up on your website via Contact Form 7 plugin will use the reCAPTCHA v3 score to detect if the form submission is from a spambot or a human.