Marketing & Sales Videos, Technology

WordPress Contact Form with Spam Protection

UPDATE: I would highly recommend Gravity Forms from RocketGenius for a very robust form integration with WordPress!

SpamAll of a sudden, I was getting a HUGE volume of Contact Form spam using Ryan Duff’s great WordPress Contact Form plugin.

I’ve left comments on Ryan’s site and IM and told him that I was able to fix the issue by adding a Challenge Question, but I can’t seem to get in contact with him. So… here’s Ryan’s plugin with the new and improved Spam Protection. I am using it on my site and it’s working great.

The Plugin can now be downloaded via the Project Page: WordPress Contact Form with Spam Protection Plugin Project Page


  1. 1

    I just wanted to say a HUGE thank you for this mod. I was using Dagon Design’s contact form plugin because it offered anti-spam verification but not being very skilled in matters of CSS, couldn’t make it look how I wanted. I had used Ryan’s plugin before but had been bombarded with spammers emailing me using it. My anti-spam – Bad Behaviour and Spam Karma – caught most of it but it was still a pain.

    Yours is an elegant, neat enhancement and I reckon Ryan should adopt your mod and give you co-credit for taking the plugin further in such a useful way.

    So yeah. Thank you! The contact form looks just how I want it to now. x

  2. 2

    Thanks, Andy! I was inspired by Seth Godin and the book Crypto. Seth pointed out a site (long ago) that had a 2 + 2 = 4 challenge question that never changed.

    When I read the book Crypto, one of the key pieces of it was how you could pass a piece of information between 2 people that solved a problem… without someone in the middle able to figure it out.

    The problem with most ‘spamware’ is that a computer calculates the challenge question. That’s an inherent flaw, because it will be a computer that tries to break it.

    By making the challenge question a visible aspect of my page in English, I’m avoiding the computer question and solution. And… just to make sure, I allow the person to change the question and answer any time they want.

    I think it’s a great model and I hope to put it on my comments next. I get a ton of spam on my comments but have not received a single piece of SPAM on my contact form.

    Appreciate your kind comments!

  3. 3
  4. 4
  5. 5

    Doug, you are a gentleman and a scholar! We’ve just been bombarded in the last few days with Contact Form spam and a google of the WP support forum led me straight here. I’ve installed the new plugin and it works like a charm. I’ve also hit your PayPal button in appreciation for this lifesaving plugin/modification!

    This form may end up being the single driving force behind my FINALLY getting around to updating my personal blog at from WP 1.5.x to WP 2!

  6. 6
  7. 7

    Simple solutions for big problems. Everything should be coded this way, not a damn 50 KB plugin with things you won’t ever use or strange features (AJAX for a Contact Form? What?).


  8. 8
  9. 9
  10. 10

    Hey. Thanks for the plugin. You rock!

    I have tried using Ryan Duff’s original WP Contact Form, but always experienced errors with my blog (granted, probably a theme conflict). And the Phrixus WP Plugin never worked either.

    What did you do? Why does it work? Why?

    Anyways, thanks man! A donation is on it’s way.

  11. 11
  12. 12
  13. 13
  14. 14

    Sorry about that May C!

    The file is there now. You happened upon the site as I was moving around some domains. I also sent you a note via email that the file is there now.


  15. 15

    Thanks for fixing it! I was looking for it all day, thinking that it may have something to do with my browser so I tried various browser with the same result.

    At one time I couldn’t get it to work, but it seems to work now! That’s great! At first, Bad Behavior blocked me from my site. I can’t believe it! It seems quite aggressive so I’ve added my own ip address to the whitelist since I couldn’t get a hold of the developer at all (all emails are bounced back).

    Hopefully I can lessen the amount of spam emails I get from the contact form. I will periodically change the challenge question to thwart those human spammers that read.

    Time will tell whether this is a good deterrant. I am keeping my fingers crossed. Thanks for the great plugin!

  16. 16
  17. 17

    Thank you thank you thank you. We had to change servers, and suddenly everything I had used for contact forms previously was shot to h. Your form works beautifully, except I needed to change the stylesheet so that the name/text area lined up in IE (it was fine in Firefox). I simply changed the .contactright to float left. I also had to change the textarea sizes to fit my blog, but that was simple. Works like a dream!

  18. 18

    You’re very welcome, Linda! I, too, have modified the actual HTML of the form for a better layout (you can see it on my contact page on this site). I actually had so many issues with cross-browser compatibility that I gave up and made a table! I know that’s supposed to be a no-no… but it looks much better.

  19. 19

    I’ve tried to use your edited version of the contactform, but I can’t make the layout work right. At least in IE, Firefox works perfectly of course. The fill in-blocks are floating around and I need them lined up. Can you give me a hint how to do it?

  20. 20


    I’ve modified the plugin and added a table layout version. I ran into the same issues that you did and I gave up on trying to make it using CSS/HTML. Sometimes tables are the best approach.


  21. 21

    Hi Teun – the following styles are from Doug’s “wp-contactform” within the wp-contact folder. I changed just two things, I think (I can’t remember what they were!) and I added a style for the submit button. Doug – I had to change the px to ems, sorry!

    The styles are applied at the beginning of this same wp-contactform page, where you’ll see a few lines that contain lengths for the textareas. This is where you can add the style to the submit button. (I hope all this makes sense). I haven’t tested the following style changes across all browsers and all resolutions, but it seems fine in both Firefox and in IE. If you test it and find a quirk, please let me know:

    /* Begin Contact Form CSS */
    .contactform {
    position: static;
    overflow: hidden;
    .contactleft {
    width: 25%;
    text-align: right;
    clear: both;
    float: left;
    display: inline;
    padding: .4em;
    margin: .5em 0;
    .contactright {
    width: 70%;
    text-align: left;
    float: left;
    display: inline;
    padding: .4em;
    margin: .5em 0;
    .contacterror {
    border: .1em solid #ff0000;
    .contactsubmit {
    /* End Contact Form CSS */

  22. 22
  23. 23
  24. 24
  25. 25

    I have attempted to implement several contact forms, including Ryan’s.

    When I use the contact form, I get overlapping text, the name, etc is higher than the box, and the user can’t enter any data in the text box.

    Is there any way anyone could help? Here is what it looks like:

    I did make sure to clean up anything that was listed per the “if you are using a previous version” information.

    Any help would be greatly appreciated.


    Michelle Dear

  26. 29
  27. 30

    Hi Doug
    I’ve just instaled and activated your great plugin, created a Contact page, but, what need i to make for the contact form appear on my contact page, need i to insert some piece of code? and if yes, where? and or how?
    I’ve read the readme file searching by instructions, but, it’s nothing useful there.
    Sorry but i am a newby, can you explain step by step, please.

    Thank you

    Dr PennyStock

    • 31

      Hello Dr.,

      No problem! Build yourself a new page and then add the following snippet where you would like the form to show up:

      <!–contact form–>

      Be sure to setup the options for the form!


  28. 32
    • 33

      You’re absolutely welcome! I’ve also added notes to the page so that if other folks need a hand, the instructions are there. I should have done that a long time ago, thanks!

  29. 34
  30. 36


    I’ve tried tons of contact forms but none of them worked on Godaddy except this one!!! It totally rocks. Also, the challenge question entry on the form can handle images! Check out my website where I basically put in a captcha image in an attempt to look more professional. Truly great, thanks very much!

    • 37

      Gerald, that sounds great; I have a client looking to further secure his contact form. Would you mind sharing how you did the captcha on your page while also implementing Douglas’s improved Contact plugin?

      • 38

        Howdy Joni,

        It was really easy. Create a small captcha-type picture with a few characters just to look legit. Feel free to copy mine and upload it. Then go into the wp-admin->options->contact form.

        In the “What is your challenge question?” text box here is what I put:

        Word verification: (img style=”float:right;” src=”” border=”0″ alt=””Word verification: Please enter these letters into the text box to the right of the picture.” )

        replace “)” with “>” of course!

        Whatever the text in the image is put that into the “correct response” text box. Save by hitting “Update options” and you are done.

        If there is somehow ever a spam problem then you just change the picture and the correct response. I hope that works out for you and good luck with your client.

  31. 39

    I think WordPress is re-writing your post a bit. The code to include the contact form is similar to an HTML comment, using two ‘dashes’. The code on this site that I copied & pasted was an emdash instead! People copying and pasting will find that the emdash won’t work…

  32. 42

    Sorry to bother you guys again. The plugin is great and I have not had any spam going through unlike previously when I was using the PXSMail plugin.

    Regarding the lining up of fields for IE, I can see that someone has provided the code for the plugin but I’m not sure exactly where I should insert them in. Could anyone help? Or, what about the tables one? How different does it look like? Will the tables format eliminate the viewability problem entirely? Thanks for any input!

    • 43

      Hi May C,

      You can try either of them – it really depends on your theme on how they will look. You won’t hurt anything by copying one file with the other. If you set yourself up a new page (example: Contact), you can write your page introduction and then follow it with the form code…. Example:

      Feel free to drop me a line through this form:
      <!-- contactform -->

      That’s really all there is to it! That code will be replaced with the form when you view it.


  33. 44

    I recently upgraded 4 blogs to WP2.1, and now my contact forms are misbehaving.
    2 display ok. 1 doesn’t display at all and one displays a repeating error about an empty haystack in formatting.php.

    The contact form quick tag is not being displayed in the edit screen on any of the blogs. (And the box is ticked on all of them).

    Any ideas anyone?

  34. 45

    I have determined the haystack error is an intermittant PHP problem, so no fault of the plug-in.
    The one that is not displaying at all has a similar setup to one that IS working, so maybe one of the files is corrupt. (Will completely wipe out and re-install).
    Still don’t know why the quick tag is not displaying. (I think 2.1 might have an updated version of TinyMCE, could that be it?)

  35. 46
  36. 48
  37. 50
  38. 51
  39. 54

    Just a feature request to either change handling of or add an option for the challenge response to be case insensitive. If you use a logic question and the answer is “foo” and someone inputs “Foo”, it fails 🙁

    Other than that minor quibble, great plugin 🙂 Appreciate it!

  40. 55

    Very nice – I’d also like to see the option to rotate between a few questions at random.

    Showing a slightly randomized question will go even further to hinder spammers, I expect.

    And for bitbybit, just change the line in wp-contactform.php that reads if($input == $answer) {

    to if(strtolower($input) == strtolower($answer)) {

    • 56

      Thanks, Geoff. I think I’ll build an option for case sensitivity in the app. I also like the idea of random questions/answers; but I’ve honestly never had contact form spam since simply applying this solution. We’ll see how long that lasts!

  41. 57

    Mr. Karr
    Very thanks for this solution. I thought use a CAPTCHA image plugin, but this yours is very better for simplicity.

    I really apreciate it and I´m using on my website.

    best regards

    • 58
      • 59

        Hello again!!
        I was reading the plugin presentation text on my wordpress plugin management. On there was wrote it is possible use it on comments post, is it right ?
        Do you have a example , how can I integrate the plugin on comments too ?

        I´m writing a post for a wordpress about portal here in Brazil and it would very usefull to many people be able to put the form on comments.


  42. 61
  43. 62
  44. 64
    • 65


      I tested this out and really like the solution! Unfortunately, it doesn’t mix well with the Threaded Comments plugin that I’m running. I’m going to see if I can possibly put a solution together between the two. Thanks for this!


  45. 67

    Hi Doug,

    when using your modified no spam comment form it works great although when it is activated my admin posts and page views do not work, only the code views.


  46. 69
  47. 70

    Thanks for the plugin, pretty clean and effective.
    One suggestion though, since it’s incompatible with the wpPHPMailer plugin, I’d change the mail() function with something like that:

    if ( function_exists('wp_mail') ) {
    wp_mail($recipient, $subject, $fullmsg, $headers);
    } else {
    mail($recipient, $subject, $fullmsg, $headers);

    In architectures where the outgoing SMTP host is located on a different machine than the web server, you must provide a hook to an external SMTP delivery function, which is what the wpPHPMailer plugin does.


  48. 71
  49. 72
  50. 73
  51. 74

    I just wanna say “Thanks” to Douglas and Ryan for this plug-in. I now have a contact form in my blog and it works well. Very easy to install. 🙂

  52. 75

    If you go to my site, the challenge question doesn’t show and if I answer it correctly it states:
    You answered the challenge question incorrectly.

    Any thoughts?

    Tim Gorman

  53. 76
  54. 77
  55. 79
  56. 81
  57. 83
  58. 84

    Just a note to anyone watching this topic. I have rewritten the plugin and added much more functionality. Version 2.0.0 of the WordPress Contact Form with Spam Protection is now available.!

  59. 85
    • 86

      Hi Paul,

      Like a bad programmer, those are currently hardcoded in there. Look for a future version with more options in a few weeks. I just wanted to get this one out the door quickly.

      You could change the fonts through CSS, but the background color is currently coded. You can edit the plugin and find them if you’re familiar with PHP and HTML.


  60. 87

    Thank you for this, but after I activated it and went to Options to change the information (e-mail etc.) the “Update Options” button don’t seem to work. I click, but nothing happen. No page refresh to indicate that the change is completed or anything. Do you happen to know what I can do to fix it?

    • 88

      Hi Mikki,

      Let me review the code. I’m not having that issue and there have been a ton of downloads. Can you let me know what Operating System and Browser you’re using? That would allow me to try to duplicate the issue.


  61. 89
  62. 90
  63. 96

    I just corrected my bug where the options form was not properly submitting in Internet Explorer! The latest and greatest can be downloaded from the project page. Thanks for letting me know!


    • 97

      Doug you are an asset to the WP community and a model for plugin developers all over. With few exceptions (and he knows who he is), few plugin developers do so much follow up and troubleshooting of their plugin as you. This is a great little program and I insist that all my clients who run WP install it; makes everyone’s life easier (except the spammer’s of course)!


  64. 99

    Great plugin, however is it possible and easy enough to add an extra input field?

    I would like to add one more input field to the form for my purposes so if it’s possible that would be great.

  65. 101
  66. 103

    Thanks Douglas for this plugin. I already read above, that you don’t mind if I change the colors.
    So I will do, I am not so happy with the yellow.

    But the rest is excellent! Thanks again!

  67. 104
  68. 105
  69. 106

    Hey Doug. Great mod! A couple of questions if I may:

    – Are the answers case insensitive?
    – Any plans to allow for multiple question/answer to be created and randomly loaded each time the page loads?
    – How Can I create extra form fields if I want users to provide addition information (text entry, radio button, drop down menu, check box)? Any plans to support this type of functionality in the near future? Keep up the great work!

    • 107

      Hi steve,

      1. There’s a checkbox to select case sensitivity on the question so you can have it either way.

      2. I hadn’t thought about random questions… do you mean for the Spam challenge? Honestly, I’ve never had a spam contact form submission so I don’t think it’s necessary.

      3. Not there yet, but yes, I would definitely like to add that type of functionality.


      • 108

        1. Good stuff…glad to see that!

        2. Yes, I am referring to the spam challenge. As it is now there is one static question/answer but it would great if the site admin could create a list of questions and answers that would be randomly selected when the page loads.
        There is such a plugin for Vbulletin (NoSpam – a capcha replacement) that does just that.

        3. I have seen several wordpress site around that have custom fields which is great when you want users to provide a set of response to particular questions. I’ve been trolling around but have yet to find a plugin that does this. I assume the ones I have see were custom jobbies. Hope to see it in a future release of your’s! =)

  70. 109

    Thanks for the great plugin!

    I have a quick query, is it possible to set the plugin to mail to multiple people? I want my contact form to send the message two two or more people when submitted, can that be done?

  71. 112
  72. 113

    Hi Douglas,

    How difficult would it be to have the following:

    Plugin Default:

    Your Name: (required)
    Your Email: (required)
    Last word in my blog title? (required)
    Your Website:
    Your Message: (required)


    Your Name: (required)
    Your Email: (required)
    Last word in my blog title: (required)
    Your Website:
    Product Name:
    text field:
    text field:
    option selectable form:
    option selectable form:
    text field:
    text field:
    text field:
    text field:
    Your Message: (required)

    All the addition custom field variables entered by the user would appear in the body of the mail as inputted.

    • 114

      Hi Steve,

      I’ll be releasing a new release soon that will allow multiple, customer-defined fields. This is a little beyond the scope of the original plugin, though! It wasn’t suppose to be a form-building application – just a contact form.


  73. 115
  74. 116

    Hi Douglas, I already use this great plugin on one website of mine and I’d now like to use it on another!

    However, on this site I need the option for a user to submit the form to different people. For example, on the contact form there’d be a drop down menu of people the form could be sent to, e.g. Paul, John, Michael. The user could choose the name they wanted, then submit their message to that person.

    Would something like that be possible?


  75. 117

    I still have a long list of improvements for this plugin to get through – including internationalization – but I did make some minor edits today and posted version 2.0.6.

  76. 118

    Yeah, I have to agree with Steve above… I can’t seem to find any contact forms for WordPress that allow for custom fields! I mean, at least one additional customizable field would be better than nothing. It would be fantastic if you could add this feature to your next update.

    Thanks for this great plugin.

  77. 119

    @Jeff KOpp:
    You can check out Delicious Days. I’ve been using it as part of an internal beta test we are doing on a few sites. It’s a very nice tool, allows for multiple custom fields, challenge fields, and the ability to create a variety of forms that you can add by a quick snippet of code added to any page or post. Part of that beta test is finding the proper plugins for the organization to use when the new site is launched. The contact form, obviously, is an area of great concern.

    One that I found months ago, which works nicely, is very easy to customize, and offers a lot of extra features, including the ability to create (and duplicate) forms, having multiple contact forms — or variations of one, but used for specific things. Say you have a gig coming up on August 8 and you want a contact form just for that event. Well, use a custom contact form you already have, duplicate it using the built-in DUPLICATE function, give it a name, save it, then add the custom field(s) that you want, such as a tag for August 8 Event. Voila. You’re done.

    Adding the forms is simple. Just like any other tag in WP, you specify which form you want to appear — and where. You can make the contact forms appear on pages or posts using the simple –contact1– or similar command. Everything is well-documented in the software.

    The plugin is called cforms II, and is put out for free by, and is well maintained. Check out the info at

    I have NO affiliation or connection to the DeliciousDays site, nor do I get money or anything else from them. It is simply a product I found — after a lot of fretting — that I use, and am adding to other blogs I maintain solely because it works well.

  78. 120
  79. 121

    Great plugin but I am unable to use it in Yahoo hosting. Tried manipulating the codes as said in wordpress discussion form but of no use!

  80. 122

    This is really great Doug! I’ve been getting spam through my contact form on my blog recently.

    Quick search on Google led me to this page. 10 minutes later I had the form updated. In the past 24 hours or so – no more spam (hopefully it’ll stay that way!).

    Many thanks for a great plugin! I like the way you can change the challenge question to anything which a human would be able to answer but not a robot!



  81. 123
  82. 124


    great idea, perfect for its intended use.

    Sadly I need more bells and whistles, i.e. an interface that allows me to customize input fields. So I’m going to cforms II.

    anyway thanks for doing this, I’m sure I’ll use it for most of my other clients’ blogs.

  83. 125
  84. 126
  85. 127

    Douglas I can’t seem to make your wp contact form work. I uploaded the plugin. Activated it. But when I go to options>contact form I get an HTTP 404 page. Do you know why I’m receiving this error.

    Thanks in advanced

  86. 128
  87. 129
  88. 131

    It does. And it was easy to get to work.

    How can I change the wording of this text that appears above the contact form: “Highlighted fields are required”?


  89. 132
  90. 133

    I’m sorry to tell you:

    1) This page crashed my browser (froze for 15+sec)
    2) Can hardly scroll through this page cuz so much junk on it — PLEASE SAVE ME!!!!!!! GIVE ME MY BROWSER CONTROL BACK!!!! PLEASE!!!!! … oh well -> force quit!

    Came back to let ya know… nuthin personal dude!

  91. 135

    I’ve added the %%wpcontactform%% to my contactme page…but nothing shows up. What am I doing wrong? Instructions aren’t clear about that. Hope you can help me out.

  92. 136

    Hello there!
    I see all of You guys find a happy ending with this plugin!
    I have a problem!
    Fatal error: Cannot redeclare wpcf_is_malicious() (previously declared in /home/.beachwood/f4rrm800n/ in /home/.beachwood/f4rrm800n/ on line 32
    Any suggestions?
    Tnx in Advance!
    Cool Crazy Stuff

  93. 137
  94. 138
  95. 139

    That is a great thing if they added spam protection to the contact form. That will save a lot of people much trouble. If it correctly prevents against spam it should save people a lot of hardship fighting spam.

    I just made my contact form more secure to protect myself for my blog

    With new plu