WordPress makes it easy to create contact forms. However, if it is operated without sufficient security measures, it will become a hub for sending spam without knowing it, and it will be one of the reasons why the credibility of domains and websites declines.
If the inquiry form is abused and becomes a spam mailing point, you may be held responsible for operating the inquiry form. In order not to become a victim and not a perpetrator, it is essential to take measures to prevent abuse when creating an inquiry form.
How to contact form abuse works
First of all, let me explain what is the abuse of the contact form.
The flow of common inquiries
When I made an inquiry, I was told, "Thank you for your inquiry. We often send an auto-reply email to confirm receipt of your inquiry with a title such as ".
However, it is not possible to determine whether the e-mail address of the automatic reply destination is the e-mail address of the person who made the inquiry or the e-mail address of an unrelated third party.
An automatic reply email will be sent based on the belief that the entered email address is the email address of the person making the inquiry.
The flow of abuse (spam attack)
What if someone with bad intentions enters a third-party email address that is not yours for the purpose of spamming you?
If no measures are taken, an automatic reply email will be sent to a third party.
If the content of the inquiry is included in the auto-reply e-mail, the attacker can get their hands dirty if they include arbitrary content in the content of the inquiry (advertisement, malicious URL that downloads malware, etc.). No, you can shoot with spam emails.
One of the methods used to prevent abuse is "reCAPTCHA".
reCAPTCHA is a technology that prevents abuse by bots (robots) by displaying a message such as "I am not a robot".
reCAPTCHA can be used without specialized knowledge.
How to set up in Contact Form 7
"Contact Form 7", which is one of the plugins that are often used when operating forms in WordPress, supports reCAPTCHA.
Please refer to the following page for how to set reCAPTCHA in Contact Form 7.
reCAPTCHA (v3) | Contact Form 7 [Japanese]
About spam attacks against forms created with Contact Form 7 | mixhost news