Spam is a challenge every website owner faces. The moment you add a form that collects information from users, you’re almost guaranteed to receive spam, sometimes a little, sometimes a lot.
Even simple forms with no real value to spammers can be targeted. Automated bots submit links, promotions, or even malicious content just to exploit any available form. Blocking spam is essential, it saves time, protects your site, and keeps your inbox clean.
To protect your forms, you need to make automated submissions difficult without harming the user experience. Visitors should be able to submit forms easily, while bots are stopped in their tracks. Achieving this balance is the key to effective form security.
Fortunately, WordPress makes this process much easier. With the right plugins and services, you can significantly reduce or even eliminate spam in both forms and comments.
In this guide, I’ll show you how to prevent spam in Contact Form 7 using the Akismet Anti-Spam plugin. Akismet is free for non-commercial sites, and for commercial sites it costs about $10 per month, a small and worthwhile investment for clean, spam-free forms.
Preventing Spam in Contact Form 7 using Akismet
So, as mentioned, spammers target anything they can, including Contact Form 7. The Contact Form 7 plugin provides several ways to prevent spam, and its integration with the Akismet Anti-Spam plugin is an important step in the prevention strategy.
The first thing to do is to enable Akismet. The Akismet plugin comes pre-installed with WordPress, so you just need to activate it and set up your API key from WordPress.com, which is managed by Automattic, the same company that manages Akismet.
To get your API key, you need to be registered on WordPress.com. It’s a straightforward process: sign up through Akismet and grant it access to your WordPress.com account when prompted. After that, the following window will appear:
Click on Add Personal Subscription. In the next screen, slide the slider to the left if you don’t want to donate money to Akismet and click on Create Subscription. Add your site using the Add Site button without the site prefix, meaning without https or www.
Once you’ve done this, simply copy the API key and go to WordPress Dashboard > Settings > Akismet Anti-Spam, enter the key in the requested field, and save it.
If you have the Jetpack plugin installed, which is also developed by Automattic, you can access Akismet through Jetpack > Akismet Anti-Spam.
Adding Akismet to Contact Form 7 Fields
The next step is to configure the Contact Form 7 fields to work with the Akismet service. Go to the edit screen of the Contact Form 7 form and add the Akismet options to the relevant fields in the form:
1. akismet:author – Add this option to the field that collects the sender’s name.
[text* your-name akismet:author]2. akismet:author_email – Add this option to the field that collects the sender’s email.
[email* your-email akismet:author_email]3. akismet:author_url – Add this option to the field that collects the sender’s URL, if such a field exists.
[text your-url akismet:author_url]Note: Add these options directly after the relevant parameter, immediately after the your-name parameter for example. For illustration purposes, the following code will show an error (configuration error) in the form:
[text* your-name placeholder "Name" akismet:author]
[email* your-email placeholder "Email" akismet:author_email]In any case, when any of these options are embedded (it’s recommended to add all of them for more accurate results), the Contact Form 7 plugin will send all the information of the form sender to Akismet.
Akismet will check this information against its database and decide whether this submission is classified as spam or not.
If it’s decided that the email is spam, Contact Form 7 will cancel its submission and display an error message on the screen in the style of “Message sending failed” with an orange border (default).
If you’ve followed all the steps in the guide, you can check if Akismet is working properly by sending viagra-test-123 as the sender’s name.
Does it work or not? Share in the comments… In any case, if you can access Akismet in the WordPress control panel, you can view statistics regarding the number of comments or form submissions that were blocked by the plugin.
Summary
I must say that the Akismet plugin works excellently and rarely misses. Simply install it, add your API key, and forget about spam on your WordPress site.
When you work with a client, change the form’s email to your own and perform the “Viagra test”. If everything works fine, change the email back, and you have another satisfied client.
One thing that might not be obvious and I mentioned it is that once you’ve added the Akismet API, it will also filter comments on your WordPress site, without any additional intervention from you.
By the way, you can prevent spam in another way. Take a look at the article How to Prevent Spam and Junk Mail in Contact Form 7 using reCaptcha.
