How to stop spam via contact forms
☞ Question
I keep getting messages via my WordPress contact form from someone claiming he hacked into my website and stole my database and is going to start ruining my reputation online unless I pay him $3500. I'm assuming its spam (I mean dude, if you hacked into my website, you should be able to find my admin email address and email me there, instead of submitting a message through my contact form that goes to my public-facing email 🙄), but there is a tiny part of me that worries it's real. So here are my questions: 1. Please assure me it's spam! 2. Which anti-spam and anti-hacker plugins do you recommend to help me sleep easier at night?
#WordPressQ&A
☞ Answer
Yes, it's absolutely spam! Well, I say that with 99% certainty. There are obviously hackers with the skill to do what they are threatening but, in my experience, their messages usually carry more weight than this. Like proof of what they've found.
Here's a blast from the past. I had a mum blog back in the day which I slowly stopped using so it'd been sat unloved for a while. After a few months, I tried to access one page and it couldn't be found. I logged back in to discover that all my content had gone!
I did some investigation and it turned out one of the plugins on my site had a vulnerability that was exploited. But as I hadn't updated anything in a while, they got to my site. These people didn't mess about emailing me first!
How to stop comment spam
You could be drastic and turn off all comment-related functionality. But, there are other ways.
- Use an anti-spam plugin. There's Askimet, Antispam Bee, CleanTalk and more. These work independently of your contact form plugin.
- Choose a contact form plugin that has built-in features to help combat spam
- WPForms comes with reCAPTCHA, spam traps and can link to anti-spam plugins like Askimet (reCAPTCHA is that annoying "I am not a robot" thing)
- Forminator has reCaptcha (I use Forminator)
- Formidable Forms is good too
- Add a control question to your form like a maths one. It may be a bit tedious to users so make it simple
Anti-hacking plugin to protect your site
My recommendation would WordFence as a good free one. Sucuri is also good.
You will need to take some time going through their settings but they will have an explanation for each one or a help doc with recommended values for them.
There are other things that can help. Like not using "admin" or your name as your username.
You can also change the default login url (ending in wp-admin or wp-login) to something else. But please remember what you change it to, otherwise, you won't be able to back in.
Want the video?
This was part of a live Q&A and my response starts around 26:40.
☟ Spam anecdotes to share?
If you've got funny/quirkly spam story to share, I'd love to hear them. Like the weirdest one you've ever got? Or just ask a question!
Comments
Must be Logged In to leave comments.
12 Lessons
WordPress Q&A - Feb 2023 Collection
Already have access to this resource? Sign In Here
Personal Information
Payment Options
£7.50 GBP
$9.00 USD
How do you want to pay?
By ticking this box, you agree to the Terms of Service and Privacy Policy.
Yes, I'd like to receive your emails. Please add me to your email list.
Other Available Resources
