WordPress Contact Form with Spam Protection

UPDATE: I would highly recommend Gravity Forms from RocketGenius for a very robust form integration with WordPress!

SpamAll of a sudden, I was getting a HUGE volume of Contact Form spam using Ryan Duff’s great WordPress Contact Form plugin.

I’ve left comments on Ryan’s site and IM and told him that I was able to fix the issue by adding a Challenge Question, but I can’t seem to get in contact with him. So… here’s Ryan’s plugin with the new and improved Spam Protection. I am using it on my site and it’s working great.

The Plugin can now be downloaded via the Project Page: WordPress Contact Form with Spam Protection Plugin Project Page

179 Comments

  1. 1

    I just wanted to say a HUGE thank you for this mod. I was using Dagon Design’s contact form plugin because it offered anti-spam verification but not being very skilled in matters of CSS, couldn’t make it look how I wanted. I had used Ryan’s plugin before but had been bombarded with spammers emailing me using it. My anti-spam – Bad Behaviour and Spam Karma – caught most of it but it was still a pain.

    Yours is an elegant, neat enhancement and I reckon Ryan should adopt your mod and give you co-credit for taking the plugin further in such a useful way.

    So yeah. Thank you! The contact form looks just how I want it to now. x

  2. 2

    Thanks, Andy! I was inspired by Seth Godin and the book Crypto. Seth pointed out a site (long ago) that had a 2 + 2 = 4 challenge question that never changed.

    When I read the book Crypto, one of the key pieces of it was how you could pass a piece of information between 2 people that solved a problem… without someone in the middle able to figure it out.

    The problem with most ‘spamware’ is that a computer calculates the challenge question. That’s an inherent flaw, because it will be a computer that tries to break it.

    By making the challenge question a visible aspect of my page in English, I’m avoiding the computer question and solution. And… just to make sure, I allow the person to change the question and answer any time they want.

    I think it’s a great model and I hope to put it on my comments next. I get a ton of spam on my comments but have not received a single piece of SPAM on my contact form.

    Appreciate your kind comments!
    Doug

  3. 3
  4. 4
  5. 5

    Doug, you are a gentleman and a scholar! We’ve just been bombarded in the last few days with Contact Form spam and a google of the WP support forum led me straight here. I’ve installed the new plugin and it works like a charm. I’ve also hit your PayPal button in appreciation for this lifesaving plugin/modification!

    This form may end up being the single driving force behind my FINALLY getting around to updating my personal blog at joniverse.com from WP 1.5.x to WP 2!

  6. 6
  7. 7

    Simple solutions for big problems. Everything should be coded this way, not a damn 50 KB plugin with things you won’t ever use or strange features (AJAX for a Contact Form? What?).

    Thanks.

  8. 8
  9. 9
  10. 10

    Hey. Thanks for the plugin. You rock!

    I have tried using Ryan Duff’s original WP Contact Form, but always experienced errors with my blog (granted, probably a theme conflict). And the Phrixus WP Plugin never worked either.

    What did you do? Why does it work? Why?

    Anyways, thanks man! A donation is on it’s way.

  11. 11
  12. 12
  13. 13
  14. 14
  15. 15

    Thanks for fixing it! I was looking for it all day, thinking that it may have something to do with my browser so I tried various browser with the same result.

    At one time I couldn’t get it to work, but it seems to work now! That’s great! At first, Bad Behavior blocked me from my site. I can’t believe it! It seems quite aggressive so I’ve added my own ip address to the whitelist since I couldn’t get a hold of the developer at all (all emails are bounced back).

    Hopefully I can lessen the amount of spam emails I get from the contact form. I will periodically change the challenge question to thwart those human spammers that read.

    Time will tell whether this is a good deterrant. I am keeping my fingers crossed. Thanks for the great plugin!

  16. 16
  17. 17

    Thank you thank you thank you. We had to change servers, and suddenly everything I had used for contact forms previously was shot to h. Your form works beautifully, except I needed to change the stylesheet so that the name/text area lined up in IE (it was fine in Firefox). I simply changed the .contactright to float left. I also had to change the textarea sizes to fit my blog, but that was simple. Works like a dream!

  18. 18

    You’re very welcome, Linda! I, too, have modified the actual HTML of the form for a better layout (you can see it on my contact page on this site). I actually had so many issues with cross-browser compatibility that I gave up and made a table! I know that’s supposed to be a no-no… but it looks much better.

  19. 19
  20. 20
  21. 21

    Hi Teun – the following styles are from Doug’s “wp-contactform” within the wp-contact folder. I changed just two things, I think (I can’t remember what they were!) and I added a style for the submit button. Doug – I had to change the px to ems, sorry!

    The styles are applied at the beginning of this same wp-contactform page, where you’ll see a few lines that contain lengths for the textareas. This is where you can add the style to the submit button. (I hope all this makes sense). I haven’t tested the following style changes across all browsers and all resolutions, but it seems fine in both Firefox and in IE. If you test it and find a quirk, please let me know:

    /* Begin Contact Form CSS */
    .contactform {
    position: static;
    overflow: hidden;
    }
    .contactleft {
    width: 25%;
    text-align: right;
    clear: both;
    float: left;
    display: inline;
    padding: .4em;
    margin: .5em 0;
    }
    .contactright {
    width: 70%;
    text-align: left;
    float: left;
    display: inline;
    padding: .4em;
    margin: .5em 0;
    }
    .contacterror {
    border: .1em solid #ff0000;
    }
    .contactsubmit {
    text-align:center;
    }
    /* End Contact Form CSS */

  22. 22
  23. 23
  24. 24
  25. 25

    I have attempted to implement several contact forms, including Ryan’s.

    When I use the contact form, I get overlapping text, the name, etc is higher than the box, and the user can’t enter any data in the text box.

    Is there any way anyone could help? Here is what it looks like:

    http://www.michelledear.com/?page_id=48

    I did make sure to clean up anything that was listed per the “if you are using a previous version” information.

    Any help would be greatly appreciated.

    Thanks!

    Michelle Dear

  26. 29
  27. 30

    Hi Doug
    I’ve just instaled and activated your great plugin, created a Contact page, but, what need i to make for the contact form appear on my contact page, need i to insert some piece of code? and if yes, where? and or how?
    I’ve read the readme file searching by instructions, but, it’s nothing useful there.
    Sorry but i am a newby, can you explain step by step, please.

    Thank you

    Dr PennyStock

  28. 32
  29. 34
  30. 36

    Howdy,

    I’ve tried tons of contact forms but none of them worked on Godaddy except this one!!! It totally rocks. Also, the challenge question entry on the form can handle images! Check out my website where I basically put in a captcha image in an attempt to look more professional. Truly great, thanks very much!

    • 37

      Gerald, that sounds great; I have a client looking to further secure his contact form. Would you mind sharing how you did the captcha on your page while also implementing Douglas’s improved Contact plugin?

      • 38

        Howdy Joni,

        It was really easy. Create a small captcha-type picture with a few characters just to look legit. Feel free to copy mine and upload it. Then go into the wp-admin->options->contact form.

        In the “What is your challenge question?” text box here is what I put:

        Word verification: (img style=”float:right;” src=”http://www.yoursite.com/images/captcha.jpg” border=”0″ alt=””Word verification: Please enter these letters into the text box to the right of the picture.” )

        replace “)” with “>” of course!

        Whatever the text in the image is put that into the “correct response” text box. Save by hitting “Update options” and you are done.

        If there is somehow ever a spam problem then you just change the picture and the correct response. I hope that works out for you and good luck with your client.

  31. 39

    Doug,
    I think WordPress is re-writing your post a bit. The code to include the contact form is similar to an HTML comment, using two ‘dashes’. The code on this site that I copied & pasted was an emdash instead! People copying and pasting will find that the emdash won’t work…

  32. 42

    Sorry to bother you guys again. The plugin is great and I have not had any spam going through unlike previously when I was using the PXSMail plugin.

    Regarding the lining up of fields for IE, I can see that someone has provided the code for the plugin but I’m not sure exactly where I should insert them in. Could anyone help? Or, what about the tables one? How different does it look like? Will the tables format eliminate the viewability problem entirely? Thanks for any input!

    • 43

      Hi May C,

      You can try either of them – it really depends on your theme on how they will look. You won’t hurt anything by copying one file with the other. If you set yourself up a new page (example: Contact), you can write your page introduction and then follow it with the form code…. Example:

      Feel free to drop me a line through this form:
      <!-- contactform -->

      That’s really all there is to it! That code will be replaced with the form when you view it.

      Doug

  33. 44

    I recently upgraded 4 blogs to WP2.1, and now my contact forms are misbehaving.
    2 display ok. 1 doesn’t display at all and one displays a repeating error about an empty haystack in formatting.php.

    The contact form quick tag is not being displayed in the edit screen on any of the blogs. (And the box is ticked on all of them).

    Any ideas anyone?

  34. 45

    OK.
    I have determined the haystack error is an intermittant PHP problem, so no fault of the plug-in.
    The one that is not displaying at all has a similar setup to one that IS working, so maybe one of the files is corrupt. (Will completely wipe out and re-install).
    Still don’t know why the quick tag is not displaying. (I think 2.1 might have an updated version of TinyMCE, could that be it?)

  35. 46
  36. 48
  37. 50
  38. 51
  39. 54

    Just a feature request to either change handling of or add an option for the challenge response to be case insensitive. If you use a logic question and the answer is “foo” and someone inputs “Foo”, it fails πŸ™

    Other than that minor quibble, great plugin πŸ™‚ Appreciate it!

  40. 55

    Very nice – I’d also like to see the option to rotate between a few questions at random.

    Showing a slightly randomized question will go even further to hinder spammers, I expect.

    And for bitbybit, just change the line in wp-contactform.php that reads if($input == $answer) {

    to if(strtolower($input) == strtolower($answer)) {

    • 56

      Thanks, Geoff. I think I’ll build an option for case sensitivity in the app. I also like the idea of random questions/answers; but I’ve honestly never had contact form spam since simply applying this solution. We’ll see how long that lasts!

  41. 57

    Mr. Karr
    Very thanks for this solution. I thought use a CAPTCHA image plugin, but this yours is very better for simplicity.

    I really apreciate it and IΒ΄m using on my website.

    best regards

    • 58
      • 59

        Hello again!!
        I was reading the plugin presentation text on my wordpress plugin management. On there was wrote it is possible use it on comments post, is it right ?
        Do you have a example , how can I integrate the plugin on comments too ?

        IΒ΄m writing a post for a wordpress about portal here in Brazil and it would very usefull to many people be able to put the form on comments.

        regards

  42. 61
  43. 62
  44. 64
  45. 67

    Hi Doug,

    when using your modified no spam comment form it works great although when it is activated my admin posts and page views do not work, only the code views.

    Suggestions.

  46. 69
  47. 70

    Thanks for the plugin, pretty clean and effective.
    One suggestion though, since it’s incompatible with the wpPHPMailer plugin, I’d change the mail() function with something like that:


    if ( function_exists('wp_mail') ) {
    wp_mail($recipient, $subject, $fullmsg, $headers);
    } else {
    mail($recipient, $subject, $fullmsg, $headers);
    }

    In architectures where the outgoing SMTP host is located on a different machine than the web server, you must provide a hook to an external SMTP delivery function, which is what the wpPHPMailer plugin does.

    pfm

  48. 71
  49. 72
  50. 73
  51. 74
  52. 75
  53. 76
  54. 77
  55. 79
  56. 81
  57. 83
  58. 84
  59. 85
    • 86

      Hi Paul,

      Like a bad programmer, those are currently hardcoded in there. Look for a future version with more options in a few weeks. I just wanted to get this one out the door quickly.

      You could change the fonts through CSS, but the background color is currently coded. You can edit the plugin and find them if you’re familiar with PHP and HTML.

      Thanks!
      Doug

  60. 87

    Thank you for this, but after I activated it and went to Options to change the information (e-mail etc.) the “Update Options” button don’t seem to work. I click, but nothing happen. No page refresh to indicate that the change is completed or anything. Do you happen to know what I can do to fix it?

    • 88

      Hi Mikki,

      Let me review the code. I’m not having that issue and there have been a ton of downloads. Can you let me know what Operating System and Browser you’re using? That would allow me to try to duplicate the issue.

      Thanks!
      Doug

  61. 89
  62. 90
  63. 96
    • 97

      Doug you are an asset to the WP community and a model for plugin developers all over. With few exceptions (and he knows who he is), few plugin developers do so much follow up and troubleshooting of their plugin as you. This is a great little program and I insist that all my clients who run WP install it; makes everyone’s life easier (except the spammer’s of course)!

      Joni

  64. 99

    Great plugin, however is it possible and easy enough to add an extra input field?

    I would like to add one more input field to the form for my purposes so if it’s possible that would be great.

  65. 101
  66. 103
  67. 104
  68. 105
  69. 106

    Hey Doug. Great mod! A couple of questions if I may:

    – Are the answers case insensitive?
    – Any plans to allow for multiple question/answer to be created and randomly loaded each time the page loads?
    – How Can I create extra form fields if I want users to provide addition information (text entry, radio button, drop down menu, check box)? Any plans to support this type of functionality in the near future? Keep up the great work!

    • 107

      Hi steve,

      1. There’s a checkbox to select case sensitivity on the question so you can have it either way.

      2. I hadn’t thought about random questions… do you mean for the Spam challenge? Honestly, I’ve never had a spam contact form submission so I don’t think it’s necessary.

      3. Not there yet, but yes, I would definitely like to add that type of functionality.

      Thanks!
      Doug

      • 108

        1. Good stuff…glad to see that!

        2. Yes, I am referring to the spam challenge. As it is now there is one static question/answer but it would great if the site admin could create a list of questions and answers that would be randomly selected when the page loads.
        There is such a plugin for Vbulletin (NoSpam – a capcha replacement) that does just that.

        3. I have seen several wordpress site around that have custom fields which is great when you want users to provide a set of response to particular questions. I’ve been trolling around but have yet to find a plugin that does this. I assume the ones I have see were custom jobbies. Hope to see it in a future release of your’s! =)

  70. 109

    Thanks for the great plugin!

    I have a quick query, is it possible to set the plugin to mail to multiple people? I want my contact form to send the message two two or more people when submitted, can that be done?

  71. 112
  72. 113

    Hi Douglas,

    How difficult would it be to have the following:

    Plugin Default:

    Your Name: (required)
    Your Email: (required)
    Last word in my blog title? (required)
    Your Website:
    Subject
    Your Message: (required)

    Custom:

    Your Name: (required)
    Your Email: (required)
    Last word in my blog title: (required)
    Your Website:
    Subject:
    Product Name:
    text field:
    text field:
    option selectable form:
    option selectable form:
    text field:
    text field:
    text field:
    text field:
    Your Message: (required)

    All the addition custom field variables entered by the user would appear in the body of the mail as inputted.

    • 114

      Hi Steve,

      I’ll be releasing a new release soon that will allow multiple, customer-defined fields. This is a little beyond the scope of the original plugin, though! It wasn’t suppose to be a form-building application – just a contact form.

      πŸ™‚
      Doug

  73. 115
  74. 116

    Hi Douglas, I already use this great plugin on one website of mine and I’d now like to use it on another!

    However, on this site I need the option for a user to submit the form to different people. For example, on the contact form there’d be a drop down menu of people the form could be sent to, e.g. Paul, John, Michael. The user could choose the name they wanted, then submit their message to that person.

    Would something like that be possible?

    Thanks,
    Parm

  75. 117
  76. 118

    Yeah, I have to agree with Steve above… I can’t seem to find any contact forms for WordPress that allow for custom fields! I mean, at least one additional customizable field would be better than nothing. It would be fantastic if you could add this feature to your next update.

    Thanks for this great plugin.

  77. 119

    @Jeff KOpp:
    You can check out Delicious Days. I’ve been using it as part of an internal beta test we are doing on a few sites. It’s a very nice tool, allows for multiple custom fields, challenge fields, and the ability to create a variety of forms that you can add by a quick snippet of code added to any page or post. Part of that beta test is finding the proper plugins for the organization to use when the new site is launched. The contact form, obviously, is an area of great concern.

    One that I found months ago, which works nicely, is very easy to customize, and offers a lot of extra features, including the ability to create (and duplicate) forms, having multiple contact forms — or variations of one, but used for specific things. Say you have a gig coming up on August 8 and you want a contact form just for that event. Well, use a custom contact form you already have, duplicate it using the built-in DUPLICATE function, give it a name, save it, then add the custom field(s) that you want, such as a tag for August 8 Event. Voila. You’re done.

    Adding the forms is simple. Just like any other tag in WP, you specify which form you want to appear — and where. You can make the contact forms appear on pages or posts using the simple –contact1– or similar command. Everything is well-documented in the software.

    The plugin is called cforms II, and is put out for free by DeliciousDays.com, and is well maintained. Check out the info at http://www.deliciousdays.com/cforms-plugin.

    I have NO affiliation or connection to the DeliciousDays site, nor do I get money or anything else from them. It is simply a product I found — after a lot of fretting — that I use, and am adding to other blogs I maintain solely because it works well.

  78. 120
  79. 121
  80. 122

    This is really great Doug! I’ve been getting spam through my contact form on my blog recently.

    Quick search on Google led me to this page. 10 minutes later I had the form updated. In the past 24 hours or so – no more spam (hopefully it’ll stay that way!).

    Many thanks for a great plugin! I like the way you can change the challenge question to anything which a human would be able to answer but not a robot!

    Cheers

    Imran

  81. 123
  82. 124

    hey,

    great idea, perfect for its intended use.

    Sadly I need more bells and whistles, i.e. an interface that allows me to customize input fields. So I’m going to cforms II.

    anyway thanks for doing this, I’m sure I’ll use it for most of my other clients’ blogs.

  83. 125
  84. 126
  85. 127

    Douglas I can’t seem to make your wp contact form work. I uploaded the plugin. Activated it. But when I go to options>contact form I get an HTTP 404 page. Do you know why I’m receiving this error.

    Thanks in advanced

  86. 128
  87. 129
  88. 131

    It does. And it was easy to get to work.

    How can I change the wording of this text that appears above the contact form: “Highlighted fields are required”?

    Howard

  89. 132
  90. 133

    I’m sorry to tell you:

    1) This page crashed my browser (froze for 15+sec)
    2) Can hardly scroll through this page cuz so much junk on it — PLEASE SAVE ME!!!!!!! GIVE ME MY BROWSER CONTROL BACK!!!! PLEASE!!!!! … oh well -> force quit!

    Came back to let ya know… nuthin personal dude!

  91. 135

    I’ve added the %%wpcontactform%% to my contactme page…but nothing shows up. What am I doing wrong? Instructions aren’t clear about that. Hope you can help me out.

  92. 136

    Hello there!
    I see all of You guys find a happy ending with this plugin!
    I have a problem!
    Fatal error: Cannot redeclare wpcf_is_malicious() (previously declared in /home/.beachwood/f4rrm800n/coolcrazystuff.com/wp-content/plugins/wp-contactform-akismet/wp-contactform.php:60) in /home/.beachwood/f4rrm800n/coolcrazystuff.com/wp-content/plugins/wp-contact-form/wp-contactform.php on line 32
    Any suggestions?
    Tnx in Advance!
    Cool Crazy Stuff

  93. 137
  94. 138
  95. 139

    That is a great thing if they added spam protection to the contact form. That will save a lot of people much trouble. If it correctly prevents against spam it should save people a lot of hardship fighting spam.

    I just made my contact form more secure to protect myself for my blog

    With new plugin updates the problem should become less troublesome. Thanks for post.

    Matthew Corgan

  96. 140
  97. 141

    very nice plugin. i’m trying to put a link on my 404 page to the contact form telling the form to already have the url of the page that could not be found in the textarea and the subject error 404 selected as an option but i just can’t work out how to do it.
    is it somehow possible with something like Report this page?

    oscwood

  98. 142
  99. 143
  100. 144

    I have used this form and it works great. I have put this into the body of the paged edited under the manage pages. I have a static page which i would like to have the form display but for the life of me i cannot figuer out how. Any ideas?

  101. 145

    @Wayne, If you just want to put the form on a static page all you have to do is right click on the blog page with the form, select “view source” and copy and paste the code into your static page.

  102. 146
  103. 147

    [?] WP-Contact Form – Creates a contact form for members to reach you at. Use this to sell advertising, report issues, or just for general contact. [?]

  104. 148
  105. 149
  106. 150
  107. 151
  108. 152
  109. 153

    Hi Doug,
    thanks for making such an easy to use contact form. I only used wordpress for the very first time this week and i love it.

    I am having a formatting problem that i just cant get the the bottom of. Somehow the code is adding a which shouldnt be there after each input feild. Please see http://www.mariahbuzz.com.au/contact

    I cant work out how its getting there as your form does not look like this and I have not edited your code.

    Can you please help as my form looks messy at the moment.

    thanks very much

    nicole

  110. 155
  111. 156
  112. 157

    Great plugin!

    I am having some difficulties getting it to work though. Everything seems to work fine but I am not receiving the notification that the email was sent, nor am I receiving the email. HOWEVER, if I refresh the page, I receive the notification and the email is sent.

    Any idea how to fix my problem?

    Just for kicks, I’ve activated a number of other contact forms to verify that they work on my site and they are working ? but I like yours better! I am using WP 2.5.1

  113. 158
  114. 159

    I also have a wordpress page but I can’t seem to upload any plugins!

    When I read their FAQ, this is what I get:

    Where is my plugins tab?
    Unfortunately, there isn?t one to be found!

    For various reasons we do not permit the uploading and use of plugins here at wordpress.com.

    How do you guys do it?

    Thanks in advance

  115. 160
  116. 161
  117. 162

    Thanks for the great plugin!

    Just want to let you know, I worked around the known issue:
    “When utilizing the substitution string method to insert the form into the page content, WordPress filters add a linebreak between the label and form elements.”

    by adding “inline” style to the page, e.g.

    label { position:relative; right:3em; }
    span.challenge { position:relative; left:-2.5em; }
    input.field { position:relative; top:-1.5em; left:9em; }
    textarea { position:relative; left:-3em; }
    input#copy { position:relative; top:-1.5em; left:8.5em; }
    input#contactsubmit { position:relative; top:-1.5em; left:-2.5em; }

    %%wpcontactform%%

    Note: not sure if the positioning values need to be adjusted depending on the theme used.

  118. 163
  119. 164
  120. 165

    Dear Sir,
    How can I change the language of wordpress themes to my local language and create a web site where many people can create their own WordPress blogs in their own Language?
    Please advice me

  121. 166

    I would like to modify the form width so that it can be put in the sidebar but my programming skills are a bit low level. Would be willing to pay for the mod. Can you help me out please? Thanks.

  122. 167
  123. 168

    Fantastic contact form mod. Just installed it now and works perfect. Thanks a mil!!!

    1 question though.
    Is there a way to have the “send to” email addresses as bcc?
    so that if I specify more than 1 address each person receiving the email wont see the other addresses it was also sent to?

    Thanks.

  124. 169
  125. 170

    Douglas Karr has been kind enough to provide a modified version of the WP-ContactForm plugin that I’ve been using to manage my contact form. It’s a simple change to implement, and if you get any spam through your WP-ContactForm, this will save you a lot of headache. It’s a much simpler concept than a CAPTCHA image — it verifies humanitity through a simple challenge question. By default, this is “2 + 2 =” (4). Easy enough for anyone to answer — except for bots! Recommended.

  126. 171

    While working on a WordPress site, your plugin was provided as part of a template.

    But, I have another site that is not a WP site. It is my high school class site. Recently, the SPAMMERS found it and i'm getting the same fill-in 2-3 times an hour. It is driving me crazy. I was thinking I would put something simple on the site (such as your 2+2) but couldn't figure out how to do it after much web searching. Then I tripped across yours while working on a new site on WP.

    I don't know much about forms but somehow got this one up years ago. I might have started with Matt's or some other site's.

    The form is at http://www.pacificgrovehighschoolclassof1966.com/
    Is there a relatively simple way for me to incorporate your 2+2 code?

  127. 172

    Hi, if i want to set up this form in my wordpress – i use latest version of it – it tells me that i dont have enough of rights to do it. How is this possible? It does not give me any setting page for it. Only empty page and in the table these words of course in my language. I am disappointed by that. Is any help?

  128. 173
  129. 174
  130. 175
  131. 176

    Since the old is no longer up, Were you using a Captcha before like you currently are? I’ve had no spam issues with contact 7 forms while using a Captcha.

    I just saw your comment and see now that this post is almost a year old (well no year but guessing.) πŸ™‚

  132. 177

    Hi Richard! I’m really anti-Captcha so the answer is no, I wasn’t. I’d love to have the option of a challenge question on this one.

  133. 178

    I’m pretty sure if you had used the contact form 7 captcha it would have probably been just as effective as this one with Captcha. I prefer other methods whenever possible as I hate captchas as well.

This site uses Akismet to reduce spam. Learn how your comment data is processed.