WordPress

Minimal Contact Form Plugin for WordPress

by

There are many contact form plugins available for WordPress. These plugins tend to be highly configurable in order to produce complex forms. They typically require some effort to set up even for the simplest contact form and, invariably, they never produce exactly what I need because they cater to a large user base with infinite data collection needs. I wanted a minimal contact form that allows a user to complete a basic, four field form in order to submit a message through the website with no set up involved.

The Minimal Contact Form plugin produces a simple form to capture Name, Email, Subject, and Message fields. When the user submits the form, the input is sent to the WordPress defined Admin email address. The look and feel of the form can be changed through your child theme’s style sheet, but it isn’t a mandatory step.

Once the plugin is installed and activated, the shortcode “mcf_contact” is used to display the form on the desired page.

Minimal Contact Form Plugin Code

<?php
/*
Plugin Name: Minimal Contact Form
Plugin URI: https://www.dalesandro.net/
Description: A minimal contact form plugin.
Author: DALESANDRO.NET
Version: 1.0
Author URI: https://www.dalesandro.net/
*/

if(!class_exists('minimalContactForm')) : class minimalContactForm {
  function __construct() {
    add_action('plugins_loaded', array(&$this, 'mcf_load_textdomain'));
    add_shortcode('mcf_contact', array(&$this, 'mcf_shortcode'));
  }

  function mcf_load_textdomain() {
    load_plugin_textdomain('minimal-contact-form', false, trailingslashit(basename(dirname(__FILE__))) . 'languages/');
  }
	
  function mcf_shortcode() {
    if(!array_key_exists('submit', $_POST)) {
      return $this->generate_form();
    }

    $mcf_from_name = (empty($_POST['mcf_from_name']) ? '' : sanitize_text_field(stripslashes($_POST['mcf_from_name'])));
    $mcf_from_email = (empty($_POST['mcf_from_email']) ? '' : sanitize_email(stripslashes($_POST['mcf_from_email'])));
    $mcf_subject = (empty($_POST['mcf_subject']) ? '' : sanitize_text_field(stripslashes($_POST['mcf_subject'])));
    $mcf_message = (empty($_POST['mcf_message']) ? '' : sanitize_text_field(stripslashes($_POST['mcf_message'])));

    if(empty($mcf_from_name) || empty($mcf_from_email) || empty($mcf_subject) || empty($mcf_message)) {
      return $this->generate_form(__('All required fields have not been completed.', 'minimal-contact-form'));
    }

    if(!(is_email($mcf_from_email))) {
      return $this->generate_form(__('A valid email address is required.', 'minimal-contact-form'));
    }

    return $this->generate_email();
  }

  function generate_form($message='') {
    $required_fields = __('Required fields are marked', 'minimal-contact-form');
    $from_name_label = __('Name', 'minimal-contact-form');
    $from_email_label = __('Email', 'minimal-contact-form');
    $subject_label = __('Subject', 'minimal-contact-form');
    $message_label = __('Message', 'minimal-contact-form');
    $send_message_label = __('Send Message', 'minimal-contact-form');

    $mcf_from_name = (empty($_POST['mcf_from_name']) ? '' : esc_attr(sanitize_text_field(stripslashes($_POST['mcf_from_name']))));
    $mcf_from_email = (empty($_POST['mcf_from_email']) ? '' : esc_attr(sanitize_email(stripslashes($_POST['mcf_from_email']))));
    $mcf_subject = (empty($_POST['mcf_subject']) ? '' : esc_attr(sanitize_text_field(stripslashes($_POST['mcf_subject']))));
    $mcf_message = (empty($_POST['mcf_message']) ? '' : esc_textarea(sanitize_text_field(stripslashes($_POST['mcf_message']))));

    return "\r\n" .
        '<div id="mcf-contact">' .
          (empty($message) ? '' : '<p><span class="mcf-required">' . $message . '</span></p>') .
          '<form action="" method="post">' .
            '<p>' . $required_fields . ' <span class="mcf-required">*</span></p>' .
            '<p class="from-name">' .
              '<label for="mcf_from_name"' . (empty($mcf_from_name) && array_key_exists('submit', $_POST) ? ' class="mcf-error-label"' : '') . '>' . $from_name_label . '</label>' .
              '<span class="mcf-required">*</span>' .
              '<input id="mcf_from_name" name="mcf_from_name" type="text" value="' . $mcf_from_name . '"' . (empty($mcf_from_name) && array_key_exists('submit', $_POST) ? ' class="mcf-error"' : '') . ' />' .
             '</p>' .
             '<p class="from-email">' .
               '<label for="mcf_from_email"' . (empty($mcf_from_email) && array_key_exists('submit', $_POST) ? ' class="mcf-error-label"' : '') . '>' . $from_email_label . '</label>' .
               '<span class="mcf-required">*</span>' .
               '<input id="mcf_from_email" name="mcf_from_email" type="text" value="' . $mcf_from_email . '"' . (empty($mcf_from_email) && array_key_exists('submit', $_POST) ? ' class="mcf-error"' : '') . ' />' .
             '</p>' .
             '<p class="subject">' .
               '<label for="mcf_subject"' . (empty($mcf_subject) && array_key_exists('submit', $_POST) ? ' class="mcf-error-label"' : '') . '>' . $subject_label . '</label>' .
               '<span class="mcf-required">*</span>' .
               '<input id="mcf_subject" name="mcf_subject" type="text" value="' . $mcf_subject . '"' . (empty($mcf_subject) && array_key_exists('submit', $_POST) ? ' class="mcf-error"' : '') . ' />' .
             '</p>' .
             '<p class="message">' .
               '<label for="mcf_message"' . (empty($mcf_message) && array_key_exists('submit', $_POST) ? ' class="mcf-error-label"' : '') . '>' . $message_label . '</label>' .
               '<textarea id="mcf_message" name="mcf_message" cols="45" rows="8"' . (empty($mcf_message) && array_key_exists('submit', $_POST) ? ' class="mcf-error"' : '') . '>' . $mcf_message . '</textarea>' .
             '</p>' .
             '<p class="form-submit">' .
               '<input id="submit" name="submit" type="submit" value="' . $send_message_label . '" />' .
             '</p>' .
          '</form>' .
        '</div>' .
      "\r\n";
  }

  function generate_email() { 
    $to_email = get_option('admin_email');

    $mcf_from_name = (empty($_POST['mcf_from_name']) ? '(no name)' : sanitize_text_field(stripslashes($_POST['mcf_from_name'])));
    $mcf_from_email = (empty($_POST['mcf_from_email']) ? $to_email : sanitize_email(stripslashes($_POST['mcf_from_email'])));
    $mcf_subject = (empty($_POST['mcf_subject']) ? '(no subject)' : sanitize_text_field(stripslashes($_POST['mcf_subject']))) . " - " . get_bloginfo('name');
    $mcf_message = (empty($_POST['mcf_message']) ? '(no message)' : sanitize_text_field(stripslashes($_POST['mcf_message'])));

    $mcf_headers = 'From: ' . $mcf_from_name . ' <' . $mcf_from_email . '>' . "\r\n";

    if(mail($to_email, $mcf_subject, $mcf_from_email . "\r\n\r\n" . $mcf_message, $mcf_headers)) {
      return '<p>' . __('Message sent successfully.', 'minimal-contact-form') . '</p>';
    }

    return '<p><span class="mcf-required">' . __('An unexpected error occurred. The message was not sent.', 'minimal-contact-form') . '</span></p>';
  }
}
endif;

new minimalContactForm;
?>

Plugin to Remove WordPress Version Number From Meta Info

by

For security reasons, especially if you are running an older version of WordPress, you may want to hide the automatically added WordPress version number that shows up in your site’s source code and RSS feeds. This plugin will prevent the version number from being added to the generated pages. Add the below code to a .php file and upload it to your plugin directory. Once uploaded, activate the plugin from your dashboard and the WordPress version number will not appear.

<?php
/*
Plugin Name: WP Version Remover
Plugin URI: https://www.dalesandro.net/
Description: WordPress plugin to remove the version from being displayed in meta info.
Author: DALESANDRO.NET
Version: 1.0
Author URI: https://www.dalesandro.net/
*/

function wp_version_remover() {
  return '';
}

add_filter('the_generator', 'wp_version_remover');

?>

WordPress Plugin to Block Spam Comments

by

I don’t receive many real comments from actual humans on my posts, but I do receive a lot of annoying spam comments each day. It’s a nuisance to regularly empty the spam folder, but I prefer to leave the option to post comments open for the rare occasion when someone has a follow-up question or comment. There are many WordPress plugins available to block spam, however, they are typically overkill for a small site like mine. I wrote this plugin to provide a simpler solution to block the majority of spam comments. It is not meant to block every possible method that spammers have for generating comments, but it will block the vast majority. The intent was also to avoid employing user obstacles such as CAPTCHAs and other challenge-response tests.

I’ve had this plugin running on my site for several months and I have not had any spam comments.

Add the below code to a .php file and upload it to your plugin directory. Once uploaded, activate the plugin from your dashboard and it will begin blocking spam comments for your site.

The plugin uses three methods to filter spam comments:

  • Timestamp Method: If a comment is submitted in less than 15 seconds after viewing the page or after more than an hour, then the comment will be rejected as spam. The time thresholds should be adjusted to meet your individual needs. I’ve noticed that most spam comments are submitted within 5 seconds after viewing the page.
  • Honeypot Method: Many automated tools for generating spam comments will blindly add data to every available field in a form. The honeypot method adds a non-visible field to the comment form that will cause a comment to be rejected as spam if any information is submitted in the field.
  • Link Counter Method: If a comment includes 2 or more URLs in the comment body, then the comment will be rejected as spam. The number of allowed URLs in a comment should be adjusted to meet your individual needs. Spam comments generally have multiple URLs included in the comment body.
<?php
/*
Plugin Name: WP Spam Blocker
Plugin URI: https://www.dalesandro.net/
Description: WordPress plugin to block comment spam.
Author: DALESANDRO.NET
Version: 1.0
Author URI: https://www.dalesandro.net/
*/

function wp_spam_blocker__pre_comment_on_post() {
  if(!(wp_spam_blocker__is_valid_timestamp() &&
       wp_spam_blocker__is_valid_honeypot() &&
       wp_spam_blocker__is_valid_comment_number_of_urls())) {
    wp_die(__('This comment has been rejected.'));
  }
}

function wp_spam_blocker__is_valid_timestamp() {
  $salt = get_option('wp_spam_blocker_salt');
  $timestamp_current = time();
  $timestamp_allowed_age_min = 15;
  $timestamp_allowed_age_max = 3600;
  $timestamp_difference = 0;
  $valid = 0;

  $form_hash_value = isset($_POST["wp_spam_blocker"]) ? base64_decode($_POST["wp_spam_blocker"]) : "";
  $data = explode(",", $form_hash_value);

  if(count($data) == 2) {
    if(md5($data[1] . $_SERVER['REMOTE_ADDR'] . $salt) == $data[0]) {
      $timestamp_initial = $data[1];

      if(is_numeric($timestamp_initial)) {
        $timestamp_difference = $timestamp_current - $timestamp_initial;

        if (($timestamp_difference > $timestamp_allowed_age_min) && ($timestamp_difference < $timestamp_allowed_age_max)) {
          $valid = 1;
        }
      }
    }
  }

  return $valid;
}

function wp_spam_blocker__is_valid_honeypot() {
  $valid = 0;

  if(isset($_POST["wp_spam_blocker_comment"])) {
    if(strlen($_POST["wp_spam_blocker_comment"]) == 0) {
      $valid = 1;
    }
  }

  return $valid;
}

function wp_spam_blocker__is_valid_comment_number_of_urls() {
  $number_of_urls_allowed = 1;
  $matches = null;
  $count = 0;
  $valid = 0;

  $count = preg_match_all("~\b(?:https?://)?(?:[a-z0-9-]+[.])*(?:[a-z0-9-]+[.][a-z]{2,4})/?~is", $_POST["comment"], $matches);

  if($count <= $number_of_urls_allowed) {
    $valid = 1;
  }

  return $valid;
}

function wp_spam_blocker__comment_form() {
  echo('<p style="display: none;"><label for="wp_spam_blocker_comment">Do Not Use</label>' .
       '<textarea id="wp_spam_blocker_comment" name="wp_spam_blocker_comment" cols="45" rows="8"' .
       '></textarea></p>' .
       '<input type="hidden" id="wp_spam_blocker" name="wp_spam_blocker" value="' .
       wp_spam_blocker__get_hash() .'"/>');
}

function wp_spam_blocker__get_hash() {
  $salt = get_option('wp_spam_blocker_salt');
  $timestamp = time();

  return base64_encode(md5($timestamp . $_SERVER['REMOTE_ADDR'] . $salt) . "," . $timestamp);
}

function wp_spam_blocker__activate() {
  update_option('wp_spam_blocker_salt', md5(microtime().rand()));
}

function wp_spam_blocker__deactivate() {
  delete_option('wp_spam_blocker_salt');
}

add_action('comment_form', 'wp_spam_blocker__comment_form');

add_action('pre_comment_on_post', 'wp_spam_blocker__pre_comment_on_post');

register_activation_hook(__FILE__, 'wp_spam_blocker__activate');

register_deactivation_hook(__FILE__, 'wp_spam_blocker__deactivate');
?>