14 Dec How to Prevent Spam from Your Contact Forms
Over the past few weeks, several of our San Antonio Online Marketing clients have seen an increase in the amount of email spam they’re getting from the contact forms on their WordPress websites. Perhaps most frustrating, most of these contact emails don’t even have any information in them. Essentially, they’re blank except for a random number entered into the “Name” field and a legitimate, recently-hacked email address. They look something like this…
You’ll notice the message isn’t phishing for information, or soliciting you for anything. It’s just a random, blank message. To try and help a few of our customers, we actually tried to email some of the “from” addresses, only to find out they’re all accounts that have been recently hacked. They are real, legitimate emails, but they’re also compromised.
Perhaps most annoying of all, these messages don’t come to you individually. Each of our clients who experienced this problem got dozens of messages back-to-back-to-back. It was irritating, but mostly benign.
Fortunately, there is a solution to this frustrating problem. All of the clients that received these messages were using Contact Form 7 on their WordPress website. Each of them only required that a website visitor provide their email address and name in order to submit the form. They did not require any additional fields. Also, none of these clients were using any sort of simple CAPTCHA fields on their forms.
The result of this set up is that it provides a flexible, unassuming experience to the client’s users, but also makes it extremely easy for spam bots to submit gobs of junk email, which is exactly what happened.
One solution to the problem that we discovered was to simply add an additional, required field in the form. Forcing the bots to enter a phone number, type of project they’re looking for our client to complete, or even a simple math problem (think something like a field that states “For verification purposes, what is 2+2?“) helped to immediately cut off the spam emails. It’s still not the world’s most secure contact form, but it’s a pretty decent work-around if you’re looking to keep things simple.
Alternatively, you can also add a Simple CAPTCHA to your forms to give you additional security. Nobody likes having to enter CAPTCHA results in order to submit a contact form, but it’s an unfortunate necessity for most people these days. Using this particular plugin worked well for us, and the CAPTCHA that customers were required to submit was less obnoxious than some of the others out on there on the market.
Whichever route you choose to take, putting a couple of easy screening methods into your contact forms on your website will go a long way toward avoiding annoying and potentially dangerous spam emails from bombarding you constantly. Should you need assistance with adding these security methods to your site, please contact our team at Odd Duck Media. We’re a Top San Antonio Online Marketing firm and would be thrilled to help improve your site’s security and help increase your overall visibility online through SEO, Social Media, PPC and more.