[WordPress] Contact Form 7 spam protection.

WordPress Contact Form 7 is a very useful plugin for sending emails.
Because it is used on many sites, it can be the target of spam and many emails can reach you.

In this article, I will introduce anti-spam measures and write about what I have actually done to prevent spam.

List of anti-spam measures

There are several anti-spam measures that can be introduced.
Of course, there are a variety of other options, so we hope you will find this information useful.

[Plugin] Introduction of reCAPTCHAv3.

‘An authentication system for form abuse and spam’, which determines whether the data sender is ‘a human or a robot’, so that spam is almost never delivered.

Requires an account tied to Google and is a little complicated to set up.
The fee is basically free. However, from accesses of more than 1 million/month, you need to pay. If it is a corporate site, it may be worth introducing.

WordPress.org 日本語

reCaptcha by BestWebSoft Google reCaptcha を使用して、WordPress Web サイトのフォームをスパムエントリから保護します。

[Plugin] Introduction of Akismet Anti-Spam

It has a blacklist of spam from all over the world and filters it.
Paid for use on commercial sites ( $10 / month ).

WordPress.org 日本語

Akismet Anti-spam: Spam Protection スパムのコメントやスパムをコンタクトフォームでブロックするための最善のスパム対策保護。WordPress と WooCommerce のための最も信頼されたスパム対策ソリューション。

Add validation filter for Contact Form 7

The system will be modified so that it only sends out messages when Japanese is included in the field.

Most spam is sent from overseas, where the website is crawled, automatically entered into the enquiry screen and sent. Therefore, just by adding a Japanese language filter, spam will be reduced considerably.

WordPress.org 日本語

Contact Form 7 お問い合わせフォームプラグイン。シンプル、でも柔軟。

Adding Japanese filters in Contact Form 7

Choosing a quick and easy-to-manage method, we decided to “modify Contact Form 7 and add a Japanese filter”.

Implementing custom validation in Contact Form 7

Contact Form 7 implements user input validation as a filter function.
The filter hook used for validation can be set with wpcf7_validate_ + {form tag type}.

For example, the wpcf7_validate_text filter hook is used for text form tags. Similarly, wpcf7_validate_email* is used for an email* form tag. (* is a required input option)

This time, a Japanese filter is created for the textarea.
Because it is WordPress, add it to functions.php.

	add_filter('wpcf7_validate_textarea',  'wpcf7_validate_lang_jpn', 11, 2); 
	add_filter('wpcf7_validate_textarea*', 'wpcf7_validate_lang_jpn', 11, 2);

	function wpcf7_validate_lang_jpn($result,$tag){    
		$tag = new WPCF7_Shortcode($tag);
		$name = $tag->name;
		$value = isset($_POST[$name]) ? trim(wp_unslash(strtr((string) $_POST[$name], "\n", " "))) : "";

		if (!preg_match("/[\p{Hiragana}\p{Katakana}\p{Han}]/u", $value)) {
			$result->invalidate($tag, "日本語でご記入ください");
		}

		return $result;
	}

What it does is simple: it calls the wpcf7_validate_lang_jpn function in the wpcf7_validate_textarea filter hook, and if there is not a single Japanese character (hiragana, katakana or kanji), it calls invalidate and displays an alert. The important thing is the regular expression part.

The important part is the regular expression part, where the Unicode standard-setting body UTC https://home.unicode.org/ defines the block range of Unicode characters.
Here, Hiragana (Hiragana), Katakana (Katakana) and Han (Kanji) are defined and used.

Summary

Although reCAPTCHAv3 seems to be the most effective anti-spam measure, considering the set-up period, long term cost control and the degree of spam, it seems better to use Custom validation with Contact Form 7 to give it to them.