Reduce spam in Contact Form 7 without ReCaptcha

Contact Form 7 is one of the best form plugins. It’s versatile, developer friendly, extensible and completely free. Yes there are more “easy” solutions but I found them more complicated in the long run. If you are comfortable with reading some docs, working with shortcodes and customizing the styles via CSS CF7 can handle most usecases and look good doing it.

Unfortunately by default spam is a real problem and the easiest way to handle it is Google’s ReCaptcha. But what if you don’t want to have that annoying badge floating on every page of your website or simple don’t want to feed google’s data centers for enhanced privacy and user data protection?

There are multiple ways to handle spam protection for CF7 in an (mostly) unobtrusive way for your users. With a combination of these there should be close to zero spam coming through. All methods work on their own or all-together for maximum effect.

Spam Honeypot

Very simple plugin that has been around for a while. It includes a field into the form that’s invisible for normal users but really stupid spambots will use it and so it’s detected as spam. For best effect name the field something that spambots might want to fill out like state or address. By also moving the inline css you might also fool some of the smarter bots.

[honeypot state move-inline-css:true]


Quiz with individual answers

This one will work best if you put some effort into it and don’t use examples you can find all around the web – because guess what: Spambots know those too 😉

The idea is to use the built-in quiz function of Contact Form 7 with some natural language questions and not math like “5+8=?” Because those can be solved by most bots nowadays. So better try stuff like “What’s bigger, 5 or 8?” or “What’s smaller, mouse or elephant”. The latter is a little less convenient for users as they have to type in the word so better choose short words 😉

[quiz capital-quiz "What's bigger, 5 or 8?|8" "What's smaller, mouse or elephant?|mouse"]

Set limits for texareas

This one is really simple as well, yet very effective: Just set a character limit for your textareas. Spam messages tend to be pretty long and most real users aren’t exactly going to write you an essay via contact form.

[textarea your-message x4 maxlength:300]

Don’t use textareas if you don’t need them

This is more a general advice than actually active countermeasure against spam. If you don’t necessarily need a textarea because you your aim is to only get an email address or phone number to get in touch with a customer: don’t add a textarea for good measure. This should also improve your conversion rate because less fields to fill out and spambots usually only fill out forms with a textarea field because no point as they can’t include spammy links or messages selling you viagra.

And I think that’s it. Every measure for itself might seem underwhelming but for me they work very efficiently – especially when combined. And best of all no annoying Captchas and no data transferred to external websites.