Contact Form 7 is one of the oldest and remains one of the most popular WordPress contact forms plugins for WordPress.
Millions of websites around the world love Contact Form 7 because of its simplicity and ease of use, but its popularity has also attracted spammers.
WordPress forms, comments forms and registration forms can become breeding grounds for spam and webmasters should do the best they can to protect their forms to prevent spam attacks that can quickly get out of control.
In this article, we are going to look at how to add Google reCAPTCHA to Contact Form 7 with the aim of helping website owners to prevent and or reduce spam.
What is reCaptcha?
In Google’s own words, “reCAPTCHA is a free service from Google that helps protect websites from spam and abuse. A “CAPTCHA” is a turing test to tell human and bots apart. It is easy for humans to solve, but hard for “bots” and other malicious software to figure out”.
How to add reCaptcha to Contact Form 7?
Contact Form 7 is reCAPTCHA ready so all you will have to do is create a Google account if you haven’t already got one. If you have a Google account login to the reCAPTCHA website to generate keys for your website.
To add reCAPTCHA to Contact Form 7, follow these simple steps.
- Go to https://www.google.com/recaptcha/ and login
- From the reCAPTCHA dashboard click on the + icon found on the top right
- Fill in the label field with your website name
- Select the V3 reCAPTCHA type
- Add your website’s domain name
- Accept the reCAPTCHA terms of service
- Click on the submit button
On the next page, Google will present you with two encrypted keys, a Site Key and a Secret Key.
Next, log in to your WordPress website and under the Contact left menu item click on integration and select the reCAPTCHA integration.
On the reCAPTCHA settings screen add the keys that Google reCAPTCHA generated for you.
Click the save changes and Contact Form 7 should now confirm that reCAPTCHA is active on your website.
Google reCAPTCHA is now protecting your Contact Form 7 forms.
My website now displays a Google reCAPTCHA badge, how do I remove it?
To hide the badge add this CSS style rule to your website.
.grecaptcha-badge { visibility: hidden; }Google permits you to hide the reCAPTCHA badge but you have to add text links to Google’s Privacy Policy and Terms of Service pages on pages that display forms as per their Terms & Conditions. More information on this can be found here.
Also Read: How to stop Contact Form 7 scripts from loading on all pages
Additional Protection
You can add further protection by adding Honeypot anti-spam to your forms.
Honeypot anti-spam is an invisible way to protect your contact form from spam.
Honeypot hides form fields from the human eye and are only visible to spambots. These bots are tricked into filling out hidden fields and when they do Honeypot kicks in and rejects the submission automatically, preventing your website from receiving unwanted messages.
To add Honeypot to Contact Form 7 you can install the Honeypot for Contact Form 7 plugin. Once the plugin is installed, go to any of your Contact Form 7 forms and click on the Honeypot tab and insert the generated shortcode into your form. Ideally, you will want to insert it at the very bottom before the submit button.
Third party protection
If things get out of control (which can happen) and the above recommendations have not worked as well as you would have hoped, you could try third-party services such as CleanTalk to help.
For $12 a year Cleantalk’s cloud-based service fights all types of spam (comment, contact forms, login account registration, newsletter, WooCommerce) webmasters are exposed to on a daily basis. The service has been tried and tested and has great customer reviews on Trustpilot.
Another highly recommended plugin is WPArmour which uses a reverse honeypot anti-spam technique which takes advantage of a spam bot’s inability to handle JavaScript. It’s free to use and has an extended paid version which offers additional anti-spam protection and features.