Custom spam filter with Contact Form 7, no extra plugins needed

I have been receiving more and more spam through the contact form of one of my sites, which uses Contact Form 7. To help stop this, I created a simple custom function that blocks contact form messages that contain specific words, without any additional plugins or services.

There are several ways to deal with spam sent through Contact Form 7, but many involve yet another plugin, paid services, annoying captchas, math quizzes, etc. If you just want to stop contact form messages that contain specific words, you can add a filter in your site’s functions.php file.

For example, the latest spam rage seems to be all about “dating” sites (really?). Almost all of the spam has the same key words, which luckily are ones that nobody would actually use in a contact form for a software consulting business (and I’m not particularly looking for any dating sites as clients). The spam words that come up most for me are “dating”, “datings”, “personals”, and “singles”.

The filter code I use checks the subject line for these words, and throws a validation error and message if any of these words appear in the subject line. It’s not sophisticated, and can be easily defeated by a human, but it will stop most run of the mill spam bots.

Here’s the function:

// Contact form 7 custom validation for spam in subject lines
add_filter( 'wpcf7_validate_text', 'custom_text_confirmation_validation_filter', 20, 2 );

function custom_text_confirmation_validation_filter( $result, $tag ) {

    // Add your spam words below, separated by '|'
    $spam_words = "dating|datings|personals|singles";

    // Specify the name of the Contact Form 7 field that you want to check for spam
    $filter_field = "your-subject";

    if ( $filter_field == $tag->name ) {
        $your_subject = isset( $_POST[$filter_field] ) ? trim( $_POST[$filter_field] ) : '';

        if ( preg_match("/(" . $spam_words . ")/i", $your_subject) === 1 ) {
            $result->invalidate( $tag, "Please don't spam this contact form." );
        }
    }

    return $result;
}

Change the $spam_words to match whatever words you want to use.

You will also need to replace and/or match $filter_field (which is ‘your-subject’ in the code above) to the name of the Contact Form 7 field name that you use for your subject line. You can check this in your contact form editor, like this:

Once the function has been added to functions.php and customized, you will have some basic anti-bot spam filtering on your Contact Form 7 form:

You can also use the same function to check the message body if your spam situation is getting out of hand, but it may be worth checking other options.

4 thoughts on “Custom spam filter with Contact Form 7, no extra plugins needed”

  1. Hello there, My name is Aly and I would like to know if you would have any interest to have your website here at heald.ca promoted as a resource on our blog alychidesign.com ?

    We are updating our do-follow broken link resources to include current and up to date resources for our readers. If you may be interested in being included as a resource on our blog, please let me know.

    Thanks, Aly

  2. For some reason I get an error when trying to update the function file via the Theme Editor option.

    Did you do update the file then upload it via FTP?

    Also can I paste the code directly anywhere in the functions.php file?

    I’m no PHP expert by they way lol.

    1. Hi Gerard. This is unusual. It could be related to file and folder permissions issues. It’s also possible that your WordPress installation prevents you from making changes to your current theme. This could depend on your hosting environment.

      You can place the function anywhere in functions.php, as long as it’s not inside another function.

      I should also have mentioned that once you start customizing functions.php, you should probably consider creating a child theme, otherwise your changes are likely to be overwritten by theme updates.

Leave a Reply

Your email address will not be published. Required fields are marked *