WordPress has no lack of contact form plugins. I know. I tried many of them. So why did I make one for my clients?

Secure Contact was born out of the lack of effectiveness of security features like Google reCaptchas to stop bots. Even with the latest security features, clients would still receive spam submissions from bots.

Major companies like Google are always developing and updating their security features to help businesses stop spam contact form submissions. The problem, as I understand it, is that bot developers invest a significant amount of time studying these spam prevention services and program their bots to crack the Captchas. After all, making a bot that can get through a Google reCaptcha gives the malicious developer access to hundreds of thousands of contact forms to spam.

Obscurity then is a key to success. If the bad actor doesn’t know about a security feature, he won’t make a bot for it. If a security feature is unique to just a handful of websites, is it even worth the development time necessary to send spam from a few more contact forms? Much larger numbers are on the table for the taking.

Therefore, creating a custom security feature and real person test is an effective way to stop spam submissions.

In other words, please don’t tell the bad guys about my plugin. It remains more effective that way!

Secure Contact is a really streamlined and simple plugin that is designed to get a contact form that blocks spam on your website as quickly as possible. It does not offer many of the features that other contact form plugins offer. It was designed specifically to block spam and it does that (so far) with 100% effectiveness across multiple sites.

How it Works

Users can put the shortcode Please fill out all of the required fields.

Name:*

Email:*

Subject Line:

Real Person Test:*

Leave this empty:

Leave this empty:

Message:*

Send Message

in a post or page and the contact form will work right away, even with nothing setup. If the “to” address is missing for example, it will default to the site’s admin address. But there are numerous options to customize the functionality of the form. On the front end, the site visitor fills out the required contact form inputs and then they’re presented with a random word presented in the form of 4 images called a “Real Person Test”. These images will look like “CON + TACT =” or “WORD PART 1 + WORD PART 2 =” and the site visitor is expected to combine the first and second half of the word in the Answer input, such as Contact. This input is case insensitive. All that matters is they put in the right word: contact, CONTACT, CoNTaCt, etc.

If they put in the right word and all of the required fields are filled in, the site visitor will either stay on the page with a submission notice or be redirected to an optional thank you page. The submission will be sent to the “to” email address and the “reply-to” header will be the site visitor’s email address if it was a valid address. If the required fields weren’t filled in, they will be highlighted red and the visitor will be prompted to input the fields. If the required fields are filled in and the real person test is wrong, the visitor will be told to try the field again an optional amount of times (could be set to 1 try or 1000). If the visitor fails to pass the real person test within the attempt limit set up in the admin page, then the suspected bot is either redirected to an optional page or kept on page with a submission notice. At no point is the bot told that it failed the test. It will look like the bot successfully submitted the form, so as not to attract the attention of the bot developer.

Options

Site administrators are able to set up the email headers to control who the submissions are sent to and who gets replied to. In this way, the customer or site visitor can be replied to directly from the submission email if desired.

The random words that appear in the real person test can be configured to follow certain themes that cover a range of industries like transportation, clothing, and travel. Alternatively, they can be gibberish every time, ensuring a compatible match with unsupported industries.

The color of the security image overlay and the color of the submit button can be styled from the admin page. The default styling for the inputs and the rest of the form should work for a majority of sites, but additional styling may be required by the developer for your specific site needs.

Inputs can be turned off or required. Each input can have the order of its appearance changed, and the labels and placeholders may also be changed.

Tracking

Basic tracking occurs every time a form is submitted. It keeps track of successful and blocked submissions. When a submission is blocked or the security feature answer is wrong, additional tracking distinguishes between likely human vs likely bot answer failures.