A contact form is a convenient tool to communicate with users. Moreover, it provides an opportunity to collect contact data. But this element of a website has the problem of security. The main cause of a contact form vulnerability is the settings of WordPress. Particular reasons are old versions of plugins. The next actions help to resolve this problem. Necessary settings of WordPress you can perform using cPanel or another file manager.
Block execution of PHP files in the folders wp-admin, wp-content, wp-includes
Enable visibility of hidden files.

Create the file .htaccess in the folders wp-admin, wp-content, wp-includes if it does not exist.

Add the next lines to the .htaccess files in the folders wp-admin, wp-content, wp-includes.
<Files *.php>
deny from all
</Files>

Disable file editor
Add or edit the line with the parameter DISALLOW_FILE_EDIT in the file wp-config.php.
define(‘DISALLOW_FILE_EDIT’, true);
The location of the file wp-config.php.

The example of the file of wp-config.php.

Regularly update plugins
Old versions of plugins are also the source of vulnerability. It is necessary to use plugins that are up to date.
Worthy to remember about the importance of the last version of WordPress. Hackers regularly find vulnerabilities in this CMS. Thus, the last version of WordPress helps to avoid many security problems.