i have made a simple php contact form following this tutorial: http://www.catswhocode.com/blog/how-to-create-a-built-in-contact-form-for-your-wordpress-theme

The big problem is that this form processing is not safe, I have heard people can use it to send spam and/or hack my server.

What are the basic steps needed to make this form more secure? Ps: I don't want to use re-captcha if it can be avoided...

Edit: I need suggestions to what php functions are used to filter and secure that the form is submitted "the right way" and not altered and/or used to hack my site or send email to other people (using the site to send spam to other people). Do i just need to use strip_slashes? or is there a better way?

One way: If you're not a huge site, it's not likely anyone is going to figure this out/take the time to.

You could use some tricky JS to handle tokens on click. So your server issues token-id's to clickable/focus-able elements on the page during the backend render phase. Log these in a database or data file. Then, when users click around and submit, you can compare the id's sent via the onclick() function. You could also apply some heuristics to determine if the history of clicks is reasonably paced. Posts are too fast to be a human or not, that is, even if they scripted the hijacking of the token-ids and auto submitted, you could check that the time between click events appears automated. Signed up for a twitter account lately? They use passive human detection that while not 100% foolproof, it is slower and more difficult to break. Somebody would REALLY want to hack/spam your site.

Important Step 2: strip out/URLEncode strange characters if you think this will break your page. common ones that break things are " and ' and :

Another Way: http://areyouahuman.com/

As long as you are using encrypted methods verifying humanity without crappy CAPTCHA is possible.I mean, don't ignore your headers either. These are complimentary ways.

The key is to have enough complexity to make for an NP-Complete problem. http://en.wikipedia.org/wiki/NP-complete

When the day comes when AI can solve multiple complex Human problems on their own, we will have other things to worry about than request tampering.

http://louisville.academia.edu/RomanYampolskiy/Papers/1467394/AI-Complete_AI-Hard_or_AI-Easy_Classification_of_Problems_in_Artificial

Another company doing interesting research is http://www.vouchsafe.com/play-games they actually use games designed to trick the RTT into training the RTT how to be more solvable by only humans!

Here's a great article on NP-Hard problems. I can see a huge possibility here: http://www.i-programmer.info/news/112-theory/3896-classic-nintendo-games-are-np-hard.html