InMotion Hosting Support Center

As mentioned in our PHP contact form article, contact forms with a plugin are usually more secure than basic PHP code. To improve on that security in WordPress, we cover how to better secure emails sent using Contact Form 7.

Set Character Limits

Input fields should have character limits to fight cross-site scripting and other hack attempts.

  • Text sections use maxlength:## -
    e.g. [text* your-message maxlength:50].
  • Number sections use max:## -
    e.g. [number* your-number max:99].
  • File upload sections use limit:##mb, limit:##kb, or limit:## (bytes) and restrict file types with filetypes:##|## -
    e.g. [file your-file filetypes:pdf|txt limit:5mb].
  • Set anti-spam plugin Akismet to scan fields for spam by checking the box in a form-tag generator.
    Enable Akismet in input field

Use CAPTCHA

Contact Form 7 forms can use Really Simple CAPTCHA for validation.

  1. Install the Really Simple CAPTCHA plugin.
  2. In the Mail tab of your contact form, add the following to include the CAPTCHA-Challenge and CAPTCHA-Response respectively:
    Input this code: [captchac captcha-1] [captchar captcha-1 4/4]
    In this case, "4/4" restricts the text field size and max length respectively.

Use the Same Domain in From Field

If the email account in the From field doesn't match the website domain, email providers will see this and may mark it as spam. You can check this on the Mail tab.

Reply-To Address

You may want email conversations continued through an email account other than what's specified in the From field. If so, change the Reply-To email in the Additional Headers section to the other email account. Alternatively, you can add a CC line - i.e. "CC: user2@domain.com". This may be preferable over creating an email filter or forwarder in cPanel.

Edit Comment Blacklist

Along with using a anti-spam plugin such as Akismet, you can edit the comment blacklist section in the WordPress dashboard that Contact Form 7 will use to moderate sent email.

  1. On the left, select Discussion under Settings.
  2. Specify comments and IP addresses to blacklist in the Comment Blacklist text box.
    Edit comment blacklist

Improve Email authentication

Enabling DKIM, DMARC, SPF, and PTR records help ensure your emails aren't marked as spam. For more info on how to do this in cPanel, please see our email authentication guide.

For more information on securing your WordPress website, check out our recommended security plugins and backup solutions. You can also consider creating an account with Sucuri for enhanced security for your account.

Was this article helpful?
Continued Education in Course WordPress
You are viewing Section 7: Secure Your Contact Form 7 Form
Section 6: How to Set Expiration Dates for Posts in WordPress
Section 8: How to Fix "Too many Redirects" Error in WordPress

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Support Center Login

Our Login page has moved. Please click the button below to be redirected to the login page.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

0 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!