How To Make Secure Contact Form for WordPress

Home » Blog » Tutorials » How To Make Secure Contact Form for WordPress

A contact page that has a convenient, easy to use form allows your visitors to more easily contact you, but more importantly it also allows business to reach out to you to get in touch for joint venture promotions.

When creating your website, make sure to add a contact page with a form. The ideal URL structure for this page is Put a link to this page in the main menu, footer menu or both (depending on how easily you want to be contacted).

Last, you must secure your WordPress contact form, otherwise you’ll be bombarded with irrelevant spam messages on a daily basis.

How to make a good contact page

A good contact page should welcome visitors to the website, tell them what to expect when contacting you as well as providing alternative ways to get in touch via a phone number or social media.

In general, a contact page should have an easy to use form as well as the following:

  1. Provide either an email address or a contact form on your contact page.
  2. Contact forms can be created by many WordPress plug-ins.
  3. Be friendly and welcoming and don’t pretend to be busy and overwhelmed with email if you are not.
  4. Filter who can contact you by answering commonly asked questions or providing answers to common questions or link to an FAQ page
  5. Set expectations of conversation. If you’re not going to reply, let the person know that you get a lot of email.

To create a contact page simply make a new page in WordPress and design it to be your dedicated contact page

Why do you need a contact form then?

A contact form is an HTML form that allows a user to input their name, email, subject and message in any easy to use form on your website without having to log into their email client like Gmail. It allows people to send emails to you quickly and easily via a contact form.

What do contact forms look like?

Contact forms can vary in appearance and function but most forms generally look like:

How to create a contact form with WordPress

To create a contact form with WordPress is easily done so by use of a plugin. With WordPress, you have a lot of great contact form plugins to choose from. Everything from Contact form 7, to Ninja Forms and Forminator.

We use WP Forms Lite as our go-to contact form option. It’s a feature rich plugin that has a lot of advanced features, but easy enough to use for a simple contact form.

Step 1: Install WP Forms Lite

Your first step will be to install WP Forms Lite on your WordPress installation:

Once installed you’ll be directed to a welcome message, here you can click on the large orange button that says “create your first form.” You’ll now be in the WP Forms dashboard where you can setup a simple contact form:

Once you click this button, you’ll then be able to edit your simple contact form. In the left hand sidebar you’ll notice a “field” tab. Here is where at the click of a button you can add in additional fields. However, as this is a contact form, we suggest keeping things simple.

Step 2: Setup Your Form To Receive Emails

One quick setting you’ll want to know about is where exactly the email messages get sent to when people fill out the form. For that, you’ll want to “settings” and there you can update the email address that receives the messages:

By default, it is set to the admin email which is the email you used when installing your WordPress installation. If you want to change it to something else you can do so here.

Step 3: Add the form to your contact page

Last, it’s time to add in your contact form on your contact page. This can be done in a variety of ways but we suggest using the shortcode option as it gives you the most control over where exactly your form appears.

Once you’re done editing your form make sure to first click on the save button and then click on the embed button in the top menu in WP Forms:

Copy the shortcode and then paste it where ever you like on your contact page and the form will automatically appear. Congrats! You’ve successfully added a professional looking contact form to your contact page. Now it’s time to secure it to prevent spam.

Step 4: Setup hCaptcha

This set is technically optional as you now have a functioning contact form on your contact page, but you will start getting daily emails from most spam bots. To prevent this is easy, all you need to do is setup HCaptcha to prevent most bots.

First, you’ll need an HCaptcha account, second you’ll need to input specific keys within WP Forms to make it secure:

Add your site keys here from

To find your CAPTCHA settings for WP Forms you’ll need to click on “settings” the left hand menu where there is a CAPTCHA setting. Here you need to input a site key and a secret key.

To get these keys you’ll need to create an hCaptcha account at Go to log in and then click on “add hCaptcha to your service (free).”:

Once you log in you’ll need to add your website in order to get your keys. Click on the “add site” button and follow the on screen instructions:

When adding your website the only aspect you need to fill out is the “general information” where you can add your website. Everything else is optional.

Getting your site keys and private key

You’ll next need to get your site keys and copy and paste them into the CAPTCHA settings in WPForms. To get your site key click on settings for the domain you just added:

On the next page you’ll be presented with your site key. Next, you need to get your secret key. To find that, you’ll need to click on settings for your account:

Once you add both keys in your WP Forms CAPTCHA settings make sure to click save.

Enable hCaptcha on your WP Form contact form

Last, enable hCaptcha on your form itself. Navigate back to the form and edit it. Under the fields tab click on hCaptcha to enable it on your form:

You’ve now secured your contact form with hCaptcha! Visitors will now have to fill out a simple challenge in order to email you. While it’s not perfect, it makes a massive difference in preventing the amount of spam messages you will receive.

Benefits of Adding a Contact Form To Your Contact Page

There are numerous benefits to having a properly configured contact form. Let’s review some of the positives right now.

1 – Improved Spam Protection

Spam comes in the form of bot programs than can sort through thousands of websites in a few minutes and then find the various contact forms or email address with ease. Building a list of forms for spammers to send messages to.

Spam is not something you’re ever going to get rid of and it does become more of a problem the larger your website grows. But you can minimize it using a properly configured form with reCAPTCHA.

2 – Get Better Emails

As I mentioned in the beginning, I’ve made thousands of dollars through my contact form. It’s an odd thing to say, but if I did not have a contact page with a contact form I’m simply making it more difficult for business to reach out to me.

As your online presence grows, companies will start to want to work with you because of the reach you’re able to have.

Create a contact form conclusion

You have numerous options for creating a contact form for your contact page. All the contact form plugins work much the same way in general. You install them, set up the form and then copy and paste the shortcode into your contact page and the short code will display the form.

Make sure that whatever contact form plugin you decide to go with that you setup some sort of spam protection with it. We prefer hCaptcha because it can be added to singular form instead of reCAPTCHA which is applied site wide.