Support » Plugin: Fast Secure Contact Form » Weak CAPTCHA – Big Spam Problem

  • Resolved seovrjoyd


    I have 3 sites going through a Askimet, a Sucuri Cloud Proxy, Firewall, Spam Assassin and Word Fence. I still have a massive spam problem despite blocking countries and Ip’s.
    It has been suggested that I use Google Re-Captcha but it doesn’t work with FS Contact form. After using your plugin for many years I hate to change, but I may have to because the CAPTCHA isn’t strong enough. Is there any way you could integrate the Google Re-Captcha?

Viewing 15 replies - 1 through 15 (of 37 total)
  • It’s getting so bad that I might stop using this plugin. I get dozens of spam submission each day. CAPTCHA, honeypot and Akismet are all enabled, but nothing is stopping it.

    Hi, please check the following troubleshooting tips if you have not done so yet.

    Thank you

    We’re having similar issues, all beginning only a couple days ago. I assume it’s secondary to an update.

    Like the other commentators, we have all of the security features enabled with the exception of askimet. I’d be tempted to purchase a contract there, but since it isn’t helping the other posters, I assume it won’t help us either. Went through the steps you provided in the above post.

    Been using FSCF for quite a while without issue. If a patch is in the works, we’ll just stick it out and deal with 12-20 spams a day till it’s released. If not, we’ll download another plug-in (though I really like this one.) If it’s on your radar, just give us a word and we’ll continue to wait.

    I know you’ve got other jobs too, for my part, I’m grateful for the work you’ve provided the WP community. 🙂

    (@newhopeyouth), have you also spoken to your host about this issue? Maybe it’s something they change in their end?

    Let me know how you go.


    Hi, thanks for a quick reply!

    My host advises that there have been no server changes to account for the issue. (No changes at all actually in several weeks). I did upgrade to WP 4.7.1 about a week ago.

    Issues just began yesterday evening, though we’ve been found by MANY spammers since. Some content includes test text or actual ads that I could imagine an individual could have added and solved the captcha. But over half of the emails appear to just be bot junk.

    Since several commenters above reported issues in the last 24 hours, I was assuming there’s been some exploit found recently, perhaps related to 4.7.1? Not a coder personally though, so that was just my guesswork.

    Thanks again for a quick reply.

    Hi (@newhopeyouth), when it comes to spam there could be many reasons why all of a sudden you are receiving a lot of spam. Now I am not saying that it could be related to this plugin or not. But I will say that I have this plugin installed on many sites including mine and I am not receiving any extra spam other than the regular which no one can block unless your site is totally private.

    One plugin that I have been using for the last few months to help me combat spam is Antispam Bee. So far I am blocking a huge amount of spam which I don’t even see as the tools aforementioned keep blocking a lot of spam.

    I personally don’t use Askimet and never have so far. I have always managed with my own tools and plugins.

    Thread Starter seovrjoyd


    I am using Askimet, Spam Assassin (server side), Word Fence and Sucuri cloud proxy/firewall and blocked countries. I read other comments and one posted the email that looks exactly like the ones I am receiving from, mail.ea, and

    I use this contact form on 3 sites of which 2 are getting hit with 16 spam emails daily. My employer is getting very aggravated because despite all the security I have on the sites the sudden and persistent spam seems unstoppable.

    I changed to contact form 7 on the sidebar and the spam stopped. I am not a fan of that contact form 7 and would like to go back to using this contact form. The issue started happening after a recent update. Any hope of having it patched and perhaps using Google Re-Captha?

    Hi, I have sent a message to the developer to investigate further your issue. I hope to hear from the developer soon.


    I have this exact same problem. I just redid my site after not touching it for a long time. I updated to WP 4.7.1 and the latest Fast Secure Contact Form from older versions and all of a sudden, after never getting spam, I’m getting over a dozen a day from addresses.

    I didn’t promote my site, link it up anywhere new, or anything to invite this. It literally started within a few hours of upgrading. If there isn’t a solution I’m afraid I’m going to have to go with a new contact form. I really wish the captcha strength was adjustable.

    Antispam bee seems to be not keeping up with WP in terms of updates. They indicate compatibility through WP 4.6.2 only.

    MBRsolution, are you the author or a contributor? It would appear that I’m not the only one who has experienced a recent spike, judging from the other posters.

    Edit… I failed to refresh replies before posting again. Thank you for reaching out to the author.

    • This reply was modified 4 years, 10 months ago by newhopeyouth.

    (@newhopeyouth), in answer to your question. I am a contributor 🙂

    I hope that helps you.


    Yes indeed, I can tell you watch the forum closely. thanks for providing such responsive support.

    You probably have human spammers or a bot that uses human captcha solvers.
    see my explanation here.

    If you are getting a lot of it that could be a bot, try changing your form url, or use security plugins that stop bots.

    Everyone should make sure to follow these instructions for mail settings on the Basic settings tab of your form setup.

    Set the “Return-path address” setting to a real email address on the
    SAME domain as your web site. This step really is ALWAYS necessary so
    mail is properly identified as originating from your server

    Also be sure to check this setting box:
    Enable when web host requires “Mail From” strictly tied to site (don’t
    skip this important step!). Click “Save Changes”

    Akismet is incredibly good at detecting spam so it may be as simple as Akismet not being properly configured with FS Contact Form. Within your WordPress dashboard, hover over Plugins and click on FS Contact Form. Then, click on the Security tab and find the checkbox labeled Check this and click “Save Changes” to determine if your Akismet key is active, then click Save Changes. You should then see at the top of this page whether or not your Akismet license is active. Akismet should able to block over most of of all spam that comes in.

    • This reply was modified 4 years, 10 months ago by Mike Challis.

    Thanks Mike, your guidelines are a very welcomed!!!

    I’m also having spam issues, please, have you any instruction advice about how to add Google Captcha to your plugin?

    Regards, Pescadito
    (long time and happy fast secure contact user)

    Hey Mike,

    However, with all of the settings in place, spam coming through the FSC forms with siC has happened across all the sites where I am using the forms with captcha. Surely there can’t be that many people in India looking for JUST your forms. Don’t have the issue with CF7 or Gravity forms.

    I did go back and change the page urls. Hopefully that helps for a while.

Viewing 15 replies - 1 through 15 (of 37 total)
  • The topic ‘Weak CAPTCHA – Big Spam Problem’ is closed to new replies.