In the past week or so I’ve noticed serious levels of spam coming through my WordPress Contact Form plugin. Even though Ryan Duff’s description of the plugin says that it has anti-spam protection (“Improved Spam Handling– now rejects bot generated spam messages”), the spammers have exploited some sort of weakness in getting their messages through.
I could not understand why a spammer would want to send a spam message through a contact form. I asked Michael Hampton about this and he replied that the bots that spammers use are not smart enough to tell the difference between a contact and a comment form. Which is a reasonable explanation. But it doesn’t explain why for over a year I received no spam using Ryan’s plugin and just now started receiving a serious spam using it.
Anyway, searching the WordPress support forum, Sushubh recommended the Dagon Design Secure Form Mailer plugin since it includes an image verification feature which should foil most bots. I installed it yesterday and have had no spam since then.
There are a few suggestions I’d have for anyone installing. First, I wish the author would’ve packaged the installation files as a zip file to make downloading/uploading a little more convenient. This would’ve avoided having to rename files from .txt to .php plus having to save them individually to one’s hard drive before uploading them. But that’s a minor carp.
Second, after uploading files to their appropriate folders, the installation instructions tell you to “go to Options -> DDFM-Main” and set how many copies of the plugin you want (most users will leave the default setting at one). Here is where the instructions get a little hazy.
After saving the DDFM-Main setting determining the number of copies you want, you must go back up to the Admin control panel and note a new button titled “DDFM1.” This controls the settings for the plugin and it must be configured properly for the plugin to work. My reading of the instructions didn’t make clear that a new DDFM1 button would be created and I hunted high and low for this in a long search until I finally found it.
Also, do not forget to fill in the Recipient Data field which should read something like this: “onerecip|your-e-mail-address.”