Spam on Contact Pages

Running a website brings joys and woes, as do most things in life. There’s all the fun stuff – setting the website up, creating a blog, communicating with clients, turning a profit – and then there’s the stuff we could really do without, but is there nonetheless. Things that all website owners have to deal with, sooner or later. Things like spam on contact pages. Spam on contact pages is bad for you, bad for your clients, and then bad for you some more. To begin with, when spam piles up on your WordPress (or any other) contact form, it gets difficult to handle pretty soon. Instead of following leads and communicating with actual clients looking for help and guidance, you’re left sifting through spam that will only waste your time and resources. What’s more, your hosting plan may offer a limited number of form submissions, which means that you’d be losing a good deal of them to spam. Then, it’s bad for your customers, because (as we’ll cover more in a bit) spambots use the vulnerabilities of your contact form to steal information about your clients – such as their emails – and then send them spam which seems to originate from your brand’s email. What you end up with are customers that are (unfairly, it seems) annoyed at you. And then annoyed customers turn into ex-customers, which is how spam is twice as bad for your business. They’ll begin to associate your brand with spam, and you’ll quickly vanish from their memory. Luckily, there’s a way to prevent spam from your contact page from reaching you, your customers, or even the contact page itself. The method is simple and you’re probably familiar with it. It’s called implementing hCaptcha. Let’s take a look at how to reduce spam on your WordPress contact form by using this human verification method.

What Is Contact Form Spam?

Contact form spam is when malicious hackers or bots submit spam messages through your contact form, and sometimes use your contact form to infiltrate data about your users. So, contact form spam is how:
  1. You get unwanted spam messages.
  2. Your clients’ email addresses fall into the wrong hands.
Sometimes, the latter may happen without you even realizing, which is why it’s a good idea to set up hCaptcha even if your inbox isn’t flooded with obviously-spambot messages. So rather than just cleaning them up, you need to prevent them from getting through in the first place.

What’s the Point of Contact Form Spam?

You may be wondering, why would anyone bother to spam your contact form in the first place? What’s the point? There are two main reasons:
  • Gaining access to your mailing list. As we’ve mentioned, hackers and bots can end up accessing your client mailing list through security vulnerabilities in your website once they’ve accessed your contact form. Then, they send spam emails to your clients that look as if they’ve been sent from your website. They may contain your brand’s name, logo, and even products – but the links shared are links to an entirely different website. The links lead to the hackers’ websites, who end up enjoying the benefits of increased traffic to the website, and possibly even the patronage of your customers. Or, you may just be left with the customers’ wrath. Of course, there’s also more vicious reasons for stealing your mailing list – such as spreading malware.
  • Using your website to build backlinks and boost their SEO. Especially if it’s a form that directly publishes a customer-written text (like a comments section), bots will flood it with backlinks to their website, which as we all know, is quite important in boosting SEO and increasing domain authority. Even when you don’t see the damage, spambots may leave invisible links which again will get them better SEO at your expense.

Who Is Doing the Spamming?

While you’re stuck with too much spam on your business website and are trying to figure out how to handle it, this question may pop into your mind: who’s doing the spamming? There are two possible culprits:
  • People. Some companies hire people to fill out forms so that they can plant backlinks to their own website for that boost in SEO we talked about. The downside of this breed of spammer is that they can get past most security methods – such as using hCaptcha – and keep spamming. The upside is that this type of spamming takes a lot more time and effort on their part, so firstly, you’re less likely to fall prey to it, and secondly, it’s easier to filter out.
  • Spambots. The likelier culprit behind your form spam are spambots. As we’ve already mentioned, spambots are more dangerous as they can do more damage more quickly, including injecting scripts into your website. On the upside, they’re much easier to block with a hCaptcha.

How to Stop Spam on Contact Form

The principal and easiest solution to stopping spam from getting through your website’s contact form is to implement hCaptcha. Let’s take a look at what it is and how you can use it.

What Is hCaptcha?

hCaptcha is a type of human verification method that can help you reduce spam and abuse on your contact page or any other page on your website. It’s a sort of a Turing test (not as elaborate as the one in Philip K. Dick’s Do Androids Dream of Electric Sheep?) that aims to tell apart humans from bots. It’s easy enough for a human to get past, but difficult for spambots and other types of malware. So by implementing a hCaptcha on your contact forms, you would make it easy for human users to enter, while blocking bots. hCaptcha offers this service for free, and you can try it out to see how it works. You get to choose how elaborate or simple you want your hCaptcha to be. In its simplest form, it’s only a button that looks like this:

Your human user will click the button next to “I am human” to verify their humanity. You can test it out above. You can also choose to make your hCaptcha more detailed to contain simple questions or images that users can answer or click through, taking only a few seconds of their time. So, hCaptcha uses an advanced risk analysis algorithm that allows it to separate malicious software from legitimate human users. This system is actually the new generation CAPTCHA. You may remember the silly-looking, crossed out, squiggly letters that comprised CAPTCHAs. Well, they were a nightmare for most users, resulting in a loss of conversions of up to 3.2%. What’s more, spambots eventually caught up to them and found a way to bypass them. Luckily, the new hCaptcha is free of these problems and is a reliable way to stop spambots from wreaking havoc on your website. Let’s take a look at how you can implement hCaptcha on your WordPress contact form, on Contact Form 7, the most popular form plugins on WordPress.

Before You Add a hCaptcha in WordPress

Before adding a hCaptcha through your WordPress dashboard, you’ll need to first register your website with hCaptcha. If you already have a hCaptcha account, you can just add the new website, otherwise, you’ll need to fill out the form from scratch – which is short and easy enough. hCaptcha will provide you with a site key and a secret key for the website which you’ll use later. Now, head over to your WordPress dashboard for one of the following methods.

How to Stop Spam on Contact Form 7

Implementing hCaptcha on Contact Form 7 is super easy.
  • Go to the WordPress dashboard.
  • Go to Plugins > Add New.
  • Search for the hCaptcha plugin, then Install and Activate it
  • Navigate to Settings > hCaptcha
  • Add your Site Key, Secret Key and tick the box to Enable Contact Form 7 Addon. You should also Enable hCaptcha on Comment Form and Enable hCaptcha on Login Form to protect your WordPress site
  • Click on Save hCaptcha Settings

A Few Words Before You Go…

Spam on your contact page is more than annoying: it can also be harmful. However, hCaptcha is a tried-and-trusted method to keep your website and your customers safe from abuse, spam, and worst of all – malware. Hopefully, our guide has helped you figure out exactly how to prevent your contact form from being a vulnerability that allows spambots to get through.

View Related Articles

How to Redirect a Domain

Maybe you upped your game and switched to a more SEO-friendly domain to draw more customers to your business. Or you created a new online store or launched a new product, and you want to redirect your clients directly to the products page. Or maybe you’ve…

How To Sell A Domain Name

If you’re thinking about using the .fun gTLD for your website, we’ll help you brush up on everything you need to know about it – its history, who runs it, what it’s used for, and where you can get your very own .fun domain extension.

Is Domain Privacy Worth It?

Normally, once a domain is registered, the information of the owner – your information – is listed in the WHOIS database. However, not everyone likes to have their information available to the public, as this can have some downsides – like receiving spam.

Leave a Comment

Your email address will not be published. Required fields are marked *