A simple, lightweight WordPress contact form plugin with anti-spam protection. Easy to use with a shortcode and no external dependencies.
- Simple Shortcode: Use
[contact_form]to display the contact form anywhere - Anti-Spam Protection: Built-in honeypot field to prevent spam submissions
- Email Notifications: Sends form submissions via
wp_mail()to specified recipient - Customizable Fields: Enable/disable name and phone fields
- Client-Side Validation: Real-time form validation with JavaScript
- Success/Error Handling: Clear feedback messages for users
- Responsive Design: Mobile-friendly form layout
- Accessible: Keyboard navigation and screen reader friendly
- Translation Ready: i18n/l10n support
- WPCS Compliant: Follows WordPress coding standards
- Upload the
yt-contact-form-litefolder to the/wp-content/plugins/directory - Activate the plugin through the 'Plugins' menu in WordPress
- Configure settings at Settings → Contact Form
- Add
[contact_form]shortcode to any page, post, or widget
[contact_form]
[contact_form button_text="Send Message"]
button_text- Custom text for submit button (default: "Send Message")
Navigate to Settings → Contact Form to configure:
- Recipient Email: Email address to receive form submissions (default: admin email)
- Email Subject: Subject line for notification emails (default: "New Contact Form Submission")
- Success Message: Message displayed after successful submission
- Enable Name Field: Show/hide name field in the form
- Enable Phone Field: Show/hide phone field in the form
- Recipient: Site admin email
- Subject: "New Contact Form Submission"
- Success Message: "Thank you for your message! We will get back to you soon."
- Name Field: ✓ Enabled
- Phone Field: ✗ Disabled
- User fills out form with required fields
- JavaScript validation runs on submit (client-side)
- Form submits to WordPress via POST
- Server-side validation checks all fields
- Honeypot check prevents spam bots
- Nonce verification ensures security
- Email sent via
wp_mail()to recipient - Success/error message displayed to user
The plugin uses a honeypot field technique:
- Hidden field (
yt_contact_form_lite_website) not visible to humans - Bots automatically fill all fields including hidden ones
- Submissions with honeypot field filled are rejected
- No CAPTCHA needed, better user experience
- Nonce Verification: WordPress nonce for CSRF protection
- Input Sanitization: All inputs sanitized before processing
- Output Escaping: All output properly escaped
- Email Validation: Server-side email format validation
- Honeypot Field: Spam bot prevention
- No Database Storage: No sensitive data stored (privacy-friendly)
-
Email (required)
- Input type: email
- Validated for proper email format
- Used as reply-to address in notification
-
Message (required)
- Textarea field
- Minimum 5 rows
- Supports multiline text
-
Name (optional, enabled by default)
- Input type: text
- Can be disabled in settings
-
Phone (optional, disabled by default)
- Input type: tel
- Can be enabled in settings
- Not required even when visible
When a form is submitted successfully, an HTML email is sent containing:
- Name (if enabled)
- Email address (with mailto link)
- Phone (if provided)
- Message (formatted with line breaks)
- Site information (site name and URL)
- Submission timestamp
Email Headers:
- Content-Type: text/html
- Reply-To: User's email address
yt-contact-form-lite/
├── class-yt-contact-form-lite.php # Main plugin file (~760 lines)
├── assets/
│ ├── css/
│ │ └── yt-contact-form-lite.css # Form styles
│ └── js/
│ └── yt-contact-form-lite.js # Client validation
└── README.md # This file
All functions, classes, and elements use the yt_contact_form_lite prefix:
- Class:
YT_Contact_Form_Lite - Constants:
YT_CONTACT_FORM_LITE_* - Functions:
yt_contact_form_lite_* - Form Fields:
yt_contact_form_lite_* - CSS Classes:
.yt-contact-form-lite-* - Options:
yt_contact_form_lite_options - Text Domain:
yt-contact-form-lite
The plugin includes default styles with:
- Clean, modern design
- Responsive layout
- Focus states for accessibility
- Error state styling
- Success/error message boxes
- Dark mode support
Override default styles by adding CSS to your theme:
.yt-contact-form-lite {
background: #your-color;
padding: 30px;
}
.yt-contact-form-lite-submit {
background: #your-button-color;
}
.yt-contact-form-lite-submit:hover {
background: #your-hover-color;
}The included JavaScript provides:
- Real-time Validation: Fields validated on blur
- Error Display: Inline error messages
- Error Clearing: Errors clear on input
- Email Format Check: Client-side email validation
- Auto-scroll: Scrolls to messages after submission
- Focus Management: Focuses first error field
- Loading State: Visual feedback during submission
- Duplicate Prevention: Prevents multiple submissions
- Visual Feedback: Focus states for better UX
- Check spam folder: Form emails might be filtered
- Verify recipient email: Ensure it's correct in settings
- Test wp_mail(): WordPress email functionality might need SMTP plugin
- Check server: Some hosts block wp_mail()
- Use SMTP plugin: Consider WP Mail SMTP or similar
- Check shortcode: Ensure
[contact_form]is correct - Plugin activated: Verify plugin is active
- Theme compatibility: Some themes may have CSS conflicts
- JavaScript errors: Check browser console for errors
- JavaScript enabled: Ensure JS is not blocked
- jQuery loaded: Plugin requires jQuery
- Console errors: Check for JavaScript errors
- Browser compatibility: Test in different browsers
The honeypot field blocks most bots, but sophisticated bots might:
- Enable server-side logging to identify patterns
- Consider adding reCAPTCHA via another plugin
- Use a security plugin for additional protection
- Test email delivery: Send test submission after setup
- Check spam folder: Configure email authentication (SPF, DKIM)
- Customize messages: Personalize success message for your brand
- Monitor submissions: Regularly check for issues
- Backup settings: Document your configuration
- Use SMTP: For reliable email delivery
When the plugin is deleted via WordPress admin:
- All plugin options are removed
- No database tables created (nothing to clean)
- WordPress cache is flushed
- Form submissions are not stored (privacy-friendly)
- WordPress 5.8 or higher
- PHP 7.4 or higher
- JavaScript enabled in browser (for validation)
wp_mail()function working (for email delivery)
- Main PHP File: ~760 lines (with comments)
- CSS File: ~210 lines
- JS File: ~170 lines
- Total: ~1,140 lines across all files
No, submissions are only sent via email. This is privacy-friendly and reduces database bloat.
The lite version has fixed fields. For custom fields, you would need to extend the code.
Yes! Use the [contact_form] shortcode in any page builder's shortcode block.
Yes, but they'll all use the same settings. For different forms, use separate pages.
Yes, as it doesn't store data. Add a privacy policy link in your site footer as needed.
The email template is built in the yt_contact_form_lite_build_email_body() function. You can modify it by editing the plugin file.
Honeypot is invisible to users, providing better UX while still blocking most spam bots.
Yes! The plugin is translation-ready with all strings properly wrapped in translation functions.
- Initial release
- Basic contact form with email, name, phone, message fields
- Honeypot anti-spam protection
- Email notifications via wp_mail()
- Client-side and server-side validation
- Settings page for configuration
- Responsive design
- Accessibility features
- Dark mode support
GPL v2 or later
Krasen Slavov
- Website: https://krasenslavov.com
- GitHub: https://github.com/krasenslavov
For issues and feature requests, please visit the GitHub repository.
Potential features for future versions:
- Custom field builder
- File attachment support
- Database logging option
- Email templates
- Auto-reply to sender
- Multiple form support
- Integration with email services
- Form analytics