Marketing & Sales Videos, Technology

WordPress Contact Form with Spam Protection

UPDATE: I would highly recommend Gravity Forms from RocketGenius for a very robust form integration with WordPress!

SpamAll of a sudden, I was getting a HUGE volume of Contact Form spam using Ryan Duff’s great WordPress Contact Form plugin.

I’ve left comments on Ryan’s site and IM and told him that I was able to fix the issue by adding a Challenge Question, but I can’t seem to get in contact with him. So… here’s Ryan’s plugin with the new and improved Spam Protection. I am using it on my site and it’s working great.

The Plugin can now be downloaded via the Project Page: WordPress Contact Form with Spam Protection Plugin Project Page

Download a Sponsored Marketing Whitepaper:
Video: Why the Right Finance Technology Matters

Video: Why the Right Finance Technology Matters

Just like a house needs a good foundation, a finance system needs the right technology. Download Now


  1. 1

    I just wanted to say a HUGE thank you for this mod. I was using Dagon Design’s contact form plugin because it offered anti-spam verification but not being very skilled in matters of CSS, couldn’t make it look how I wanted. I had used Ryan’s plugin before but had been bombarded with spammers emailing me using it. My anti-spam – Bad Behaviour and Spam Karma – caught most of it but it was still a pain.

    Yours is an elegant, neat enhancement and I reckon Ryan should adopt your mod and give you co-credit for taking the plugin further in such a useful way.

    So yeah. Thank you! The contact form looks just how I want it to now. x

  2. 2

    Thanks, Andy! I was inspired by Seth Godin and the book Crypto. Seth pointed out a site (long ago) that had a 2 + 2 = 4 challenge question that never changed.

    When I read the book Crypto, one of the key pieces of it was how you could pass a piece of information between 2 people that solved a problem… without someone in the middle able to figure it out.

    The problem with most ‘spamware’ is that a computer calculates the challenge question. That’s an inherent flaw, because it will be a computer that tries to break it.

    By making the challenge question a visible aspect of my page in English, I’m avoiding the computer question and solution. And… just to make sure, I allow the person to change the question and answer any time they want.

    I think it’s a great model and I hope to put it on my comments next. I get a ton of spam on my comments but have not received a single piece of SPAM on my contact form.

    Appreciate your kind comments!

  3. 3
  4. 4
  5. 5

    Doug, you are a gentleman and a scholar! We’ve just been bombarded in the last few days with Contact Form spam and a google of the WP support forum led me straight here. I’ve installed the new plugin and it works like a charm. I’ve also hit your PayPal button in appreciation for this lifesaving plugin/modification!

    This form may end up being the single driving force behind my FINALLY getting around to updating my personal blog at from WP 1.5.x to WP 2!

  6. 6
  7. 7

    Simple solutions for big problems. Everything should be coded this way, not a damn 50 KB plugin with things you won’t ever use or strange features (AJAX for a Contact Form? What?).


  8. 8
  9. 9
  10. 10

    Hey. Thanks for the plugin. You rock!

    I have tried using Ryan Duff’s original WP Contact Form, but always experienced errors with my blog (granted, probably a theme conflict). And the Phrixus WP Plugin never worked either.

    What did you do? Why does it work? Why?

    Anyways, thanks man! A donation is on it’s way.

  11. 11
  12. 12
  13. 13
  14. 14
  15. 15

    Thanks for fixing it! I was looking for it all day, thinking that it may have something to do with my browser so I tried various browser with the same result.

    At one time I couldn’t get it to work, but it seems to work now! That’s great! At first, Bad Behavior blocked me from my site. I can’t believe it! It seems quite aggressive so I’ve added my own ip address to the whitelist since I couldn’t get a hold of the developer at all (all emails are bounced back).

    Hopefully I can lessen the amount of spam emails I get from the contact form. I will periodically change the challenge question to thwart those human spammers that read.

    Time will tell whether this is a good deterrant. I am keeping my fingers crossed. Thanks for the great plugin!

  16. 16
  17. 17

    Thank you thank you thank you. We had to change servers, and suddenly everything I had used for contact forms previously was shot to h. Your form works beautifully, except I needed to change the stylesheet so that the name/text area lined up in IE (it was fine in Firefox). I simply changed the .contactright to float left. I also had to change the textarea sizes to fit my blog, but that was simple. Works like a dream!

  18. 18

    You’re very welcome, Linda! I, too, have modified the actual HTML of the form for a better layout (you can see it on my contact page on this site). I actually had so many issues with cross-browser compatibility that I gave up and made a table! I know that’s supposed to be a no-no… but it looks much better.

  19. 19
  20. 20
  21. 21

    Hi Teun – the following styles are from Doug’s “wp-contactform” within the wp-contact folder. I changed just two things, I think (I can’t remember what they were!) and I added a style for the submit button. Doug – I had to change the px to ems, sorry!

    The styles are applied at the beginning of this same wp-contactform page, where you’ll see a few lines that contain lengths for the textareas. This is where you can add the style to the submit button. (I hope all this makes sense). I haven’t tested the following style changes across all browsers and all resolutions, but it seems fine in both Firefox and in IE. If you test it and find a quirk, please let me know:

    /* Begin Contact Form CSS */
    .contactform {
    position: static;
    overflow: hidden;
    .contactleft {
    width: 25%;
    text-align: right;
    clear: both;
    float: left;
    display: inline;
    padding: .4em;
    margin: .5em 0;
    .contactright {
    width: 70%;
    text-align: left;
    float: left;
    display: inline;
    padding: .4em;
    margin: .5em 0;
    .contacterror {
    border: .1em solid #ff0000;
    .contactsubmit {
    /* End Contact Form CSS */

  22. 22
  23. 23
  24. 24
  25. 25

    I have attempted to implement several contact forms, including Ryan’s.

    When I use the contact form, I get overlapping text, the name, etc is higher than the box, and the user can’t enter any data in the text box.

    Is there any way anyone could help? Here is what it looks like:

    I did make sure to clean up anything that was listed per the “if you are using a previous version” information.

    Any help would be greatly appreciated.


    Michelle Dear

  26. 29
  27. 30

    Hi Doug
    I’ve just instaled and activated your great plugin, created a Contact page, but, what need i to make for the contact form appear on my contact page, need i to insert some piece of code? and if yes, where? and or how?
    I’ve read the readme file searching by instructions, but, it’s nothing useful there.
    Sorry but i am a newby, can you explain step by step, please.

    Thank you

    Dr PennyStock

  28. 32
  29. 34
  30. 36


    I’ve tried tons of contact forms but none of them worked on Godaddy except this one!!! It totally rocks. Also, the challenge question entry on the form can handle images! Check out my website where I basically put in a captcha image in an attempt to look more professional. Truly great, thanks very much!

    • 37

      Gerald, that sounds great; I have a client looking to further secure his contact form. Would you mind sharing how you did the captcha on your page while also implementing Douglas’s improved Contact plugin?

      • 38

        Howdy Joni,

        It was really easy. Create a small captcha-type picture with a few characters just to look legit. Feel free to copy mine and upload it. Then go into the wp-admin->options->contact form.

        In the “What is your challenge question?” text box here is what I put:

        Word verification: (img style=”float:right;” src=”” border=”0″ alt=””Word verification: Please enter these letters into the text box to the right of the picture.” )

        replace “)” with “>” of course!

        Whatever the text in the image is put that into the “correct response” text box. Save by hitting “Update options” and you are done.

        If there is somehow ever a spam problem then you just change the picture and the correct response. I hope that works out for you and good luck with your client.

  31. 39

    I think WordPress is re-writing your post a bit. The code to include the contact form is similar to an HTML comment, using two ‘dashes’. The code on this site that I copied & pasted was an emdash instead! People copying and pasting will find that the emdash won’t work…

  32. 42

    Sorry to bother you guys again. The plugin is great and I have not had any spam going through unlike previously when I was using the PXSMail plugin.

    Regarding the lining up of fields for IE, I can see that someone has provided the code for the plugin but I’m not sure exactly where I should insert them in. Could anyone help? Or, what about the tables one? How different does it look like? Will the tables format eliminate the viewability problem entirely? Thanks for any input!

    • 43

      Hi May C,

      You can try either of them – it really depends on your theme on how they will look. You won’t hurt anything by copying one file with the other. If you set yourself up a new page (example: Contact), you can write your page introduction and then follow it with the form code…. Example:

      Feel free to drop me a line through this form:
      <!-- contactform -->

      That’s really all there is to it! That code will be replaced with the form when you view it.


  33. 44

    I recently upgraded 4 blogs to WP2.1, and now my contact forms are misbehaving.
    2 display ok. 1 doesn’t display at all and one displays a repeating error about an empty haystack in formatting.php.

    The contact form quick tag is not being displayed in the edit screen on any of the blogs. (And the box is ticked on all of them).

    Any ideas anyone?

  34. 45

    I have determined the haystack error is an intermittant PHP problem, so no fault of the plug-in.
    The one that is not displaying at all has a similar setup to one that IS working, so maybe one of the files is corrupt. (Will completely wipe out and re-install).
    Still don’t know why the quick tag is not displaying. (I think 2.1 might have an updated version of TinyMCE, could that be it?)

  35. 46
  36. 48
  37. 50
  38. 51
  39. 54

    Just a feature request to either change handling of or add an option for the challenge response to be case insensitive. If you use a logic question and the answer is “foo” and someone inputs “Foo”, it fails 🙁

    Other than that minor quibble, great plugin 🙂 Appreciate it!

  40. 55

    Very nice – I’d also like to see the option to rotate between a few questions at random.

    Showing a slightly randomized question will go even further to hinder spammers, I expect.

    And for bitbybit, just change the line in wp-contactform.php that reads if($input == $answer) {

    to if(strtolower($input) == strtolower($answer)) {

    • 56

      Thanks, Geoff. I think I’ll build an option for case sensitivity in the app. I also like the idea of random questions/answers; but I’ve honestly never had contact form spam since simply applying this solution. We’ll see how long that lasts!

  41. 57

    Mr. Karr
    Very thanks for this solution. I thought use a CAPTCHA image plugin, but this yours is very better for simplicity.

    I really apreciate it and I´m using on my website.

    best regards

    • 58
      • 59

        Hello again!!
        I was reading the plugin presentation text on my wordpress plugin management. On there was wrote it is possible use it on comments post, is it right ?
        Do you have a example , how can I integrate the plugin on comments too ?

        I´m writing a post for a wordpress about portal here in Brazil and it would very usefull to many people be able to put the form on comments.


  42. 61
  43. 62
  44. 64
  45. 67

    Hi Doug,

    when using your modified no spam comment form it works great although when it is activated my admin posts and page views do not work, only the code views.


  46. 69
  47. 70

    Thanks for the plugin, pretty clean and effective.
    One suggestion though, since it’s incompatible with the wpPHPMailer plugin, I’d change the mail() function with something like that:

    if ( function_exists('wp_mail') ) {
    wp_mail($recipient, $subject, $fullmsg, $headers);
    } else {
    mail($recipient, $subject, $fullmsg, $headers);

    In architectures where the outgoing SMTP host is located on a different machine than the web server, you must provide a hook to an external SMTP delivery function, which is what the wpPHPMailer plugin does.


  48. 71
  49. 72
  50. 73
  51. 74
  52. 75
  53. 76
  54. 77
  55. 79
  56. 81
  57. 83
  58. 84
  59. 85
    • 86

      Hi Paul,

      Like a bad programmer, those are currently hardcoded in there. Look for a future version with more options in a few weeks. I just wanted to get this one out the door quickly.

      You could change the fonts through CSS, but the background color is currently coded. You can edit the plugin and find them if you’re familiar with PHP and HTML.


  60. 87

    Thank you for this, but after I activated it and went to Options to change the information (e-mail etc.) the “Update Options” button don’t seem to work. I click, but nothing happen. No page refresh to indicate that the change is completed or anything. Do you happen to know what I can do to fix it?

    • 88

      Hi Mikki,

      Let me review the code. I’m not having that issue and there have been a ton of downloads. Can you let me know what Operating System and Browser you’re using? That would allow me to try to duplicate the issue.


  61. 89
  62. 90
  63. 96
    • 97

      Doug you are an asset to the WP community and a model for plugin developers all over. With few exceptions (and he knows who he is), few plugin developers do so much follow up and troubleshooting of their plugin as you. This is a great little program and I insist that all my clients who run WP install it; makes everyone’s life easier (except the spammer’s of course)!


  64. 99

    Great plugin, however is it possible and easy enough to add an extra input field?

    I would like to add one more input field to the form for my purposes so if it’s possible that would be great.

  65. 101
  66. 103
  67. 104
  68. 105
  69. 106

    Hey Doug. Great mod! A couple of questions if I may:

    – Are the answers case insensitive?
    – Any plans to allow for multiple question/answer to be created and randomly loaded each time the page loads?
    – How Can I create extra form fields if I want users to provide addition information (text entry, radio button, drop down menu, check box)? Any plans to support this type of functionality in the near future? Keep up the great work!

    • 107

      Hi steve,

      1. There’s a checkbox to select case sensitivity on the question so you can have it either way.

      2. I hadn’t thought about random questions… do you mean for the Spam challenge? Honestly, I’ve never had a spam contact form submission so I don’t think it’s necessary.

      3. Not there yet, but yes, I would definitely like to add that type of functionality.


      • 108

        1. Good stuff…glad to see that!

        2. Yes, I am referring to the spam challenge. As it is now there is one static question/answer but it would great if the site admin could create a list of questions and answers that would be randomly selected when the page loads.
        There is such a plugin for Vbulletin (NoSpam – a capcha replacement) that does just that.

        3. I have seen several wordpress site around that have custom fields which is great when you want users to provide a set of response to particular questions. I’ve been trolling around but have yet to find a plugin that does this. I assume the ones I have see were custom jobbies. Hope to see it in a future release of your’s! =)

  70. 109

    Thanks for the great plugin!

    I have a quick query, is it possible to set the plugin to mail to multiple people? I want my contact form to send the message two two or more people when submitted, can that be done?

  71. 112
  72. 113

    Hi Douglas,

    How difficult would it be to have the following:

    Plugin Default:

    Your Name: (required)
    Your Email: (required)
    Last word in my blog title? (required)
    Your Website:
    Your Message: (required)


    Your Name: (required)
    Your Email: (required)
    Last word in my blog title: (required)
    Your Website:
    Product Name:
    text field:
    text field:
    option selectable form:
    option selectable form:
    text field:
    text field:
    text field:
    text field:
    Your Message: (required)

    All the addition custom field variables entered by the user would appear in the body of the mail as inputted.

    • 114

      Hi Steve,

      I’ll be releasing a new release soon that will allow multiple, customer-defined fields. This is a little beyond the scope of the original plugin, though! It wasn’t suppose to be a form-building application – just a contact form.


  73. 115
  74. 116