Fixing Jetpack Contact Form SPAM

Man sitting at laptop with security icons and code overlaying the view

We have so many contact form plugins within the WordPress community. We also have several CAPTCHA systems available for these plugins, usually via Google reCaptcha or Cloudflare Turnstile. It’s all a lot to take in, and these plugins and services can add a lot of weight to a small site.

Sometimes I prefer to use the simpler Jetpack Contact Forms as I typically use the Jetpack service for other useful features on sites. One glaring problem though is that Jetpack Contact Forms get tons of SPAM unless you engage the paid Akismet service.

Being the rebel that I am, sorry, not sorry; I came-up with a different (and cheaper) solution. Since I already use Cloudflare’s Free Edition on all of my sites, I simply added a WAF (firewall) rule to force a browser integrity check on all contact form submissions.

How to have Cloudflare stop SPAM contact form submissions:

  • Log into Cloudflare.
  • Click into your account from the list, then your website service listing.
  • Click the Security left navigation menu item, then the WAF sub menu item.
  • Click the blue Create Rule button.
  • Give the new rule a name, such as “Jetpack contact form captcha”.
  • Under If incoming requests match… set the following:
    • URI Path begins with /contact (or whichever page or pages you have forms on)
    • Request Method equals POST
    • URI Query String does not contain ajax
  • Under Then take action… select Managed Challenge.
  • Click the Deploy button to engage your new firewall rule.
  • Visit your website and test your contact form(s).

Jetpack Contact Form notification emails and iCloud

I was also having trouble with Jetpack Contact Form notification emails not coming through using my iCloud SMTP service. I was able to fix this using the following PHP filter:

add_action( 'phpmailer_init', function( &$phpmailer ) {

	$allowed_html = wp_kses_allowed_html( 'post' );
	$allowed_html['style'] = [ 'type' => 1 ];
	$phpmailer->Body = wp_kses( $phpmailer->Body, $allowed_html );

} );