How to block spam from your website contact form

By March 20, 2017December 28th, 2019Website Tips, WordPress Tips

how to block spamWebsite contact forms are a great convenience for any website. Website forms save visitors from having to copy/paste or navigate to their email just to contact you (they might lose interest before they end up emailing you). A website’s forms also allow the site owner to determine what information they want from the visitor. But any website owner with a website form quickly learn that spammers love website forms, too. As soon as they find your site, you may find your inbox flooded with spam, and your brain spinning for solutions on how to block spam from being a problem.

The Problem(s):

  1. Obviously, it’s a pain in the ass to delete and filter through what can be literally hundreds of emails in one spam-attack.
  2. You may be tempted to just mark these emails as spam, but you run the risk of your email client getting TOO smart and filtering out legitimate emails. Missing legitimate emails is bad for business.
  3. Since blocking spam in your email isn’t the best choice, you want to know how to block spam at the source — your website. So many of the solutions like CAPTCHA come with their own problems (see below)

What to do???

The Solution(s)

Unfortunately, no single solution is foolproof. Spammers have made sure of that. Below are recommended solutions with the pros and cons of each.

Use Akismet

Akismet is a time tested and trusted solution for filtering spam comments from your website. If you use a contact form plugin like Contact Form 7, the two can be integrated. See this documentation on Contact Form 7’s site for connecting your Akismet account to your contact form.


This is no one’s favorite solution. Despite it being about the best way to block spam, CAPTCHA/reCAPTCHA solutions can make it difficult to impossible to use a website contact form at all.

  • Some of them are downright impossible to read (I mean, who invented the unreadable CAPTCHA???)
  • Some of them just don’t work. I admit, more than once, just from sheer OCD and stubborness I’ve attacked a CAPTCHA form 20 times knowing full well I was entering the right info. But nooooooo, it just returned nasty error messages.

Again, bad for business if people can’t contact you. Google has made significant strides on the issue. You may have seen these around the web:

google recaptcha

(Don’t check the checkbox, it’s just an image.) While it couldn’t get simpler than checking a box, this solution has been far from perfect in our experience. We STILL get the occasional spam message. No perfect solutions, right?

One more trick for how to block spam from your website forms…

Okay, so using Akismet isn’t foolproof but it WILL reduce spam messages. Same for Google reCAPTCHA. Since this means some spam is still going to slip through the cracks, there’s one more trick up our sleeves that isn’t TOO painful to employ. Here is a step-by-step for how to block spam from your website forms. Turns out this solution is already built into WordPress and may have been sitting right under your nose just waiting to be used!

Set up your notifications

Again, we are using Contact Form 7, but we’ve successfully added this feature to many different website form plugins (some of the others have it built in!). You want to add some code to your notification email (the email you receive when someone has successfully filled out the form) that calls the IP address of the sender.

how to add spam ip

Copy the IP Address

When you get an email from a spammer it will contain the IP address or in other words, their “web server’s address”. It will look something like 212.343.56.7 — some combination of 4 sets of 1 to 3 numbers. Highlight the number and copy it.

Paste the IP in WordPress

Log in to your WordPress Dashboard. Navigate to ‘Settings > Discussion’ and scroll to the box labeled “Comment Blacklist”. Now, paste the IP address you just copied. You can also post the URL of a spammer and we STRONGLY recommend doing this as a single URL can operate off multiple IP addresses. Save, and voila!

In conclusion…

No system is perfect, but dealing with technology is an ongoing process. We need technology to thrive, so we gotta be smart about how we use it — including knowing how to block spam. We hope the above help you find a fantastic solution to any spam email problems you may be experiencing, and if you use these pointers now you’ll avoid some spam problems from the outset.

We’d love to hear your experiences, both problems and solutions. Share your story in the comments below!

PJ Ferguson

About PJ Ferguson