Contact Form 7: Setup & Spam Protection

Plugins

November 5, 2025

Contact Form 7 is one of the most widely used WordPress plugins for creating simple, customizable contact forms. It’s lightweight, flexible, and integrates easily with spam protection tools like reCAPTCHA and Akismet. In this guide, you’ll learn how to install, configure, and secure your forms from spam submissions step by step.

Why Use Contact Form 7?

✅ Completely free and open-source
✅ Supports multiple forms and pages
✅ Easily customizable with HTML & CSS
✅ Integrates with Google reCAPTCHA and Akismet for spam protection
✅ Works well with caching and multilingual plugins

Step 1: Install and Activate Contact Form 7

Go to your WordPress dashboard.
Navigate to Plugins → Add New.
Search for Contact Form 7.
Click Install Now → Activate.

After activation, a new menu item Contact will appear in your dashboard.

Step 2: Create Your First Contact Form

Go to Contact → Contact Forms.
You’ll see a default form titled “Contact form 1.” Click Edit.
Review the default form structure:

<form>
  Your Name (required)
  [text* your-name]

  Your Email (required)
  [email* your-email]

  Subject
  [text your-subject]

  Your Message
  [textarea your-message]

  [submit "Send"]
</form>

This creates a basic contact form with name, email, subject, and message fields. You can modify field labels or add new ones using shortcodes like:

[tel your-phone]   → phone field  
[checkbox your-topics "General" "Support" "Sales"]  
[file your-file]   → file upload field

Step 3: Configure Email Settings

Scroll down to the Mail section to define how form submissions are delivered.

To: Your email address (where submissions are sent)
From: [your-name] <[your-email]>
Subject: [your-subject]
Message Body: Include all form fields (default is fine)

If emails are not being delivered, use an SMTP plugin such as WP Mail SMTP to ensure reliable delivery.

Step 4: Add the Contact Form to a Page

Once you’ve created your form:

Copy the shortcode displayed at the top (e.g. Error: Contact form not found.).
Paste it into any page, post, or widget area.
Publish or update your page — your form is now live.

You can also use the Block Editor (Gutenberg):
Add a “Contact Form 7” block and select your desired form from the dropdown.

Step 5: Add reCAPTCHA for Spam Protection

To stop bots from spamming your forms, integrate Google reCAPTCHA. Contact Form 7 supports reCAPTCHA v3 and v2 (Invisible).

1) Get reCAPTCHA API Keys

Go to the Google reCAPTCHA Admin Console.
Click + Create to register your website.
Choose reCAPTCHA v3 (recommended).
Add your domain (e.g. example.com).
Copy your Site Key and Secret Key.

2) Add Keys in WordPress

Go to Contact → Integration.
Click Setup Integration under “reCAPTCHA.”
Paste your Site Key and Secret Key.
Click Save Changes.

reCAPTCHA v3 will now automatically protect all your Contact Form 7 forms without visible checkboxes.

Step 6: Enable Akismet Spam Filtering (Optional)

If you use the Akismet Anti-Spam plugin, it can automatically check Contact Form 7 submissions for spam.

Install and activate the Akismet Anti-Spam plugin.
Connect it with your WordPress.com API key.
In your Contact Form 7 template, ensure form fields are correctly named:
- your-name
- your-email
- your-message

Akismet automatically filters out suspicious submissions and flags them as spam.

Step 7: Use the Honeypot Method (Extra Protection)

For an additional layer of protection, use a hidden honeypot field — bots will fill it, humans won’t.

Install and activate the Contact Form 7 Honeypot plugin.
Edit your contact form and add this shortcode:

[honeypot honeypot-1]

This hidden field silently blocks automated bots without affecting legitimate users.

Step 8: Customize the Form Design

You can style your form to match your theme using CSS. Add custom rules in your theme’s stylesheet or Additional CSS in the Customizer:

.wpcf7-form input,
.wpcf7-form textarea {
  width: 100%;
  border: 1px solid #ccc;
  padding: 10px;
  border-radius: 4px;
}

.wpcf7-form input[type="submit"] {
  background: #0073aa;
  color: #fff;
  border: none;
  padding: 10px 20px;
  border-radius: 4px;
  cursor: pointer;
}

.wpcf7-form input[type="submit"]:hover {
  background: #005177;
}

Step 9: Test Your Form

Visit your live page containing the form.
Submit a test message.
Check your inbox to confirm delivery.

If you don’t receive an email, install an SMTP plugin like WP Mail SMTP and configure it with your email provider (e.g., Gmail, SendGrid, or your host).

Step 10: Troubleshooting Common Issues

1) “There was an error trying to send your message”

Use SMTP for outgoing mail.
Verify the “To” email address is correct and uses your domain.
Temporarily disable caching/minification plugins to test.

2) Form Submissions Marked as Spam

Check reCAPTCHA and Akismet configuration.
Reduce reCAPTCHA sensitivity in Google console (score threshold 0.4–0.5).
Add honeypot protection.

3) Emails Going to Spam Folder

Set a proper “From” address using your domain (e.g., info@example.com).
Configure SPF/DKIM records in your hosting provider’s DNS.

Bonus: Add Redirect After Form Submission

If you want to redirect users to a “Thank You” page after submitting the form, add this JavaScript snippet:

document.addEventListener( 'wpcf7mailsent', function( event ) {
  location = '/thank-you/';
}, false );

Add it to your site footer or a small inline script block on the page containing your form.

Conclusion

Contact Form 7 remains a top choice for WordPress users who want flexibility, reliability, and strong spam protection. By integrating reCAPTCHA, Akismet, and honeypot techniques, you can ensure your forms remain secure and spam-free while maintaining a smooth user experience.

Summary: Install → Create form → Add reCAPTCHA → Configure email → Test → Protect with Akismet & honeypot → Style your form.
Simple, effective, and secure.

🔌 Looking for more? Check out our WordPress Plugins Hub to discover recommended tools and how to use them.