Initial release of Formatrica. Requires PHP 8.1+ and WordPress 6.4+.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3486067,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3486067,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3486067,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3486067,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":{"formatrica\/form":{"$schema":"https:\/\/schemas.wp.org\/trunk\/block.json","apiVersion":3,"name":"formatrica\/form","title":"Formatrica","description":"Embed a form created with Formatrica.","category":"widgets","icon":"feedback","keywords":["form","contact","easy"],"supports":{"align":["wide","full"],"html":false,"anchor":true,"className":true,"multiple":true,"lock":false},"textdomain":"formatrica","editorScript":"formatrica-block"}},"tagged_versions":["1.0.6"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3486067,"resolution":"1","location":"assets","locale":""},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3486067,"resolution":"2","location":"assets","locale":""},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3486067,"resolution":"3","location":"assets","locale":""},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3486067,"resolution":"4","location":"assets","locale":""},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3486067,"resolution":"5","location":"assets","locale":""}},"screenshots":{"1":"Drag-and-drop form builder with live preview","2":"Form settings with tabs: General, Email Settings, Integrations, Security, Privacy, Advanced","3":"Form templates library","4":"Field editor with validation options","5":"Frontend form with inline validation"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[],"plugin_category":[],"plugin_contributors":[258077],"plugin_business_model":[],"class_list":["post-284225","plugin","type-plugin","status-publish","hentry","plugin_contributors-thezoran","plugin_committers-thezoran"],"banners":{"banner":"https:\/\/ps.w.org\/formatrica\/assets\/banner-772x250.png?rev=3486067","banner_2x":"https:\/\/ps.w.org\/formatrica\/assets\/banner-1544x500.png?rev=3486067","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/formatrica\/assets\/icon-128x128.png?rev=3486067","icon_2x":"https:\/\/ps.w.org\/formatrica\/assets\/icon-256x256.png?rev=3486067","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/formatrica\/assets\/screenshot-1.png?rev=3486067","caption":"Drag-and-drop form builder with live preview"},{"src":"https:\/\/ps.w.org\/formatrica\/assets\/screenshot-2.png?rev=3486067","caption":"Form settings with tabs: General, Email Settings, Integrations, Security, Privacy, Advanced"},{"src":"https:\/\/ps.w.org\/formatrica\/assets\/screenshot-3.png?rev=3486067","caption":"Form templates library"},{"src":"https:\/\/ps.w.org\/formatrica\/assets\/screenshot-4.png?rev=3486067","caption":"Field editor with validation options"},{"src":"https:\/\/ps.w.org\/formatrica\/assets\/screenshot-5.png?rev=3486067","caption":"Frontend form with inline validation"}],"raw_content":"\n
Formatrica was built to solve common frustrations with form builders: dated interfaces, overly complex workflows, and feature gating that makes proper evaluation difficult. It delivers a clean, modern drag-and-drop experience with practical defaults, so you can create a production-ready form in 5-6 clicks and add it to any page via shortcode or block.<\/p>\n\n
Form Builder<\/strong>\n* Intuitive drag-and-drop form builder (Vue.js + Pinia + SortableJS)\n* Real-time preview with live field editing\n* Form preview functionality with zoom control (50-100%)\n* 15 pre-built templates: Simple Contact, Business Contact, Newsletter Signup, Job Application, Appointment Request, Real Estate Inquiry, Course Registration, Event Registration, Customer Feedback, Support Ticket, Front-end Post Submission, Request a Quote, RSVP Response, Volunteer Signup, User Registration\n* Smart Quick Start notification for new forms<\/p>\n\n Field Types<\/strong>\n* Text, Email, Telephone, Password\n* Textarea for long-form content\n* Select (single\/multiple), Radio, Checkbox\n* File Upload with validation and size limits\n* Date Picker\n* Hidden fields for internal metadata\n* Custom Text blocks for static content\n* Submit Button with customizable labels<\/p>\n\n Security & Anti-Spam<\/strong>\n* Honeypot protection (enabled by default)\n* CSRF token validation\n* IP-based rate limiting (configurable per form)\n* Multiple CAPTCHA providers:\n - Google reCAPTCHA v3\n - Cloudflare Turnstile\n - FriendlyCaptcha\n* CAPTCHA secrets stored encrypted at rest with write-only admin controls\n* Minimum submission time detection\n* File upload validation with type and size restrictions<\/p>\n\n Privacy Controls<\/strong>\n* IP address storage options: Full, Anonymized, or None\n* Default: Anonymized (removes last octet)\n* Auto-delete submissions after X days (optional)\n* GDPR-friendly data handling<\/p>\n\n Email Delivery<\/strong>\n* Multiple delivery providers:\n - WordPress default (wp_mail)\n - SendGrid API\n - SMTP2GO API\n - Mailgun API (with EU\/US region support)\n - Postmark API\n - Brevo API (formerly Sendinblue)\n - Amazon SES (with AWS Signature v4 authentication)\n - Custom SMTP\n - Mailpit (for development)\n* Encrypted credentials storage (AES-256-CBC)\n* Test email functionality\n* Customizable sender name, email, subject, and recipient\n* Smart defaults from WordPress settings\n* Verification emails for registration forms use the same provider configured in that form's settings<\/p>\n\n User Registration<\/strong>\n* Special form type for WordPress user registration\n* Integrates with WordPress user creation flow\n* Email verification required: users must confirm their email before logging in\n* Verification emails respect each form's configured delivery provider (SMTP\/API\/wp_mail)\n* Login is blocked for unverified users with a clear message on wp-login.php<\/p>\n\n Integrations & Webhooks<\/strong>\n* Zapier<\/strong>: Connect to 5,000+ apps via Webhooks by Zapier trigger\n* Make.com<\/strong>: Build visual automation workflows (formerly Integromat)\n* Slack<\/strong>: Instantly notify Slack channels via Incoming Webhooks\n* WordPress Post<\/strong>: Create pending posts (or other post types) with field mappings, taxonomy, and meta controls\n - Full ACF (Advanced Custom Fields) support with 20+ field types\n - Author mode: current user, fixed user, or anonymous\n - Featured image support, taxonomy term creation, custom post meta\n* WooCommerce<\/strong>: Generate orders and optional customer records directly from form submissions\n* Mailchimp<\/strong>: Subscribe contacts to audiences with field mapping and double opt-in\n* Salesforce (Essentials)<\/strong>: Create Web-to-Lead entries without OAuth\n* HubSpot<\/strong>: Submit contacts to HubSpot forms using a Private App token\n* Custom Webhooks<\/strong>: POST submission data to any endpoint\n* Async integration queue<\/strong>: Background processing for external webhooks (WordPress Cron)\n - Dramatically improves form submission performance (5-15s \u2192 <200ms)\n - 10 jobs per batch, 3 retry attempts with error logging\n - Keeps local integrations synchronous for data consistency\n* Secret key signing for verification (custom webhooks only)\n* Custom payload filtering via hooks\n* SSRF protection and security validation<\/p>\n\n Developer-Friendly<\/strong>\n* Comprehensive API documentation<\/a>\n* 15+ action and filter hooks for extensibility\n* REST API endpoints for forms and submissions\n* Provider-specific payload filters (Slack, Mailchimp, Salesforce, HubSpot, WordPress Post)\n* PSR-4 autoloaded architecture with Service Layer design\n* Clean separation of concerns: Validation, Security, File Handling, Rendering, and Integrations layers\n* 22 single-responsibility classes for maintainability and testability\n* Database schema versioning system with migration support\n* Modular ES6 JavaScript with class-based structure\n* Vite-powered build system\n* Full TypeDoc-style inline documentation\n* Admin list improvements: Active\/Inactive filters, Activate\/Deactivate actions, and safe delete confirmations\n formatrica_before_submission<\/strong>\nFires before processing a form submission.\n do_action('formatrica_before_submission', $form_id, $form, $request_data, $context);<\/p>\n\n formatrica_after_submission<\/strong>\nFires after successful submission processing.\n do_action('formatrica_after_submission', $form_id, $sanitised, $result, $form, $context);<\/p>\n\n formatrica_user_registered<\/strong>\nFires after a new WordPress user is registered via form.\n do_action('formatrica_user_registered', $user_id, $data);<\/p>\n\n formatrica_webhook_failed<\/strong>\nFires when webhook delivery fails.\n do_action('formatrica_webhook_failed', $error_data);<\/p>\n\n formatrica_integration_dispatch<\/strong>\nFires when an integration ID is not handled by the built-in dispatchers, allowing custom providers.\n do_action('formatrica_integration_dispatch', $integration_id, $settings, $form, $payload, $context, $field_meta);<\/p>\n\n formatrica_submission_request<\/strong>\nFilter raw submission data before validation.\n apply_filters('formatrica_submission_request', $request_data, $form_id, $form, $context);<\/p>\n\n formatrica_sanitized_submission<\/strong>\nFilter sanitized submission data before processing.\n apply_filters('formatrica_sanitized_submission', $sanitised, $form_id, $form, $request_data, $context);<\/p>\n\n formatrica_webhook_payload<\/strong>\nFilter webhook payload before sending to integrations (Zapier, Make, Slack) or custom webhooks. The formatrica_slack_payload<\/strong>\nFilter the Slack payload before dispatching to the incoming webhook.\n apply_filters('formatrica_slack_payload', $body, $form, $payload, $context, $field_meta);<\/p>\n\n formatrica_mailchimp_payload<\/strong>\nFilter the Mailchimp member payload before it is sent via the API.\n apply_filters('formatrica_mailchimp_payload', $body, $form, $payload, $context, $field_meta);<\/p>\n\n formatrica_salesforce_payload<\/strong>\nFilter the Salesforce Web-to-Lead form data before submission.\n apply_filters('formatrica_salesforce_payload', $data, $form, $payload, $context, $field_meta);<\/p>\n\n formatrica_hubspot_payload<\/strong>\nFilter the HubSpot Forms API payload before dispatch.\n apply_filters('formatrica_hubspot_payload', $body, $form, $payload, $context, $field_meta);<\/p>\n\n formatrica_duplicate_title<\/strong>\nFilter duplicated form title.\n apply_filters('formatrica_duplicate_title', $title, $original_form);<\/p>\n\n formatrica_min_submission_time<\/strong>\nFilter minimum time between page load and submission (anti-bot).\n apply_filters('formatrica_min_submission_time', 2, $form_id);<\/p>\n\n formatrica_max_upload_size<\/strong>\nFilter maximum file upload size in MB.\n apply_filters('formatrica_max_upload_size', $max_size, $field);<\/p>\n\n formatrica_allowed_file_types<\/strong>\nFilter allowed MIME types for file uploads.\n apply_filters('formatrica_allowed_file_types', $allowed_types, $field);<\/p>\n\n formatrica_max_image_dimension<\/strong>\nFilter maximum image dimension in pixels.\n apply_filters('formatrica_max_image_dimension', 4096, $field);<\/p>\n\n formatrica_recaptcha_v3_min_score<\/strong>\nFilter minimum reCAPTCHA v3 score threshold.\n apply_filters('formatrica_recaptcha_v3_min_score', 0.5, $form_id);<\/p>\n\n For detailed examples, see the plugin documentation<\/a>.<\/p>\n\n Formatrica registers REST API endpoints under the The following endpoints are intentionally public (no authentication required) because they serve front-end form functionality for unauthenticated visitors:<\/p>\n\n POST \/formatrica\/v1\/forms\/{form_id}\/submissions<\/strong>\nAccepts a form submission from any visitor. Security is enforced at the application layer: CSRF token validation, honeypot field detection, minimum submission time check, IP-based rate limiting, CAPTCHA verification, and full field sanitisation\/validation.<\/p>\n\n GET \/formatrica\/v1\/utility\/countries<\/strong>\nReturns a read-only list of country names for front-end country select fields. No user data is accepted or stored.<\/p>\n\n GET \/formatrica\/v1\/utility\/states\/{country}<\/strong>\nReturns a read-only list of states\/provinces for a given ISO 3166-1 alpha-2 country code (e.g. Formatrica does not contact any external service by default. Each service below is used only when a site administrator explicitly enables and configures it for a form.<\/p>\n\n When a CAPTCHA provider is enabled on a form, the visitor's browser loads the provider's JavaScript widget and, on submission, the visitor's IP address and a verification token are sent to that provider's server-side verification endpoint. This happens once per form submission.<\/p>\n\n Google reCAPTCHA v3<\/strong> \u2014 Verifies submissions are from real users by scoring browser behaviour.\nData sent: visitor IP address, verification token, site key.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Cloudflare Turnstile<\/strong> \u2014 Non-intrusive bot detection challenge.\nData sent: visitor IP address, verification token, site key.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n FriendlyCaptcha<\/strong> \u2014 Privacy-focused proof-of-work CAPTCHA.\nData sent: visitor IP address, puzzle solution, site key.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n<\/ul>\n\n When a third-party email delivery provider is configured, submission notification emails are transmitted to the provider's API each time a form is submitted. Data sent includes: recipient address, sender name and email, subject line, and the message body containing the submitted form data.<\/p>\n\n SendGrid<\/strong> (Twilio) \u2014 Transactional email API.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n SMTP2GO<\/strong> \u2014 Transactional email API.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Mailgun<\/strong> (Sinch) \u2014 Transactional email API.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Postmark<\/strong> (ActiveCampaign) \u2014 Transactional email API.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Brevo<\/strong> (formerly Sendinblue) \u2014 Transactional email API.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Amazon SES<\/strong> (AWS) \u2014 Transactional email API. Uses AWS Signature v4 authentication.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n<\/ul>\n\n Custom SMTP and Mailpit send data to your own mail server. The default WordPress provider uses When an integration is enabled and configured by the site administrator, form submission data is sent to the configured endpoint upon each form submission. Data sent includes: form title, submitted field values, and field metadata. The Zapier, Make.com, and custom webhook integrations also include the submitter's IP address and user agent in the payload.<\/p>\n\n Zapier<\/strong> \u2014 Automation platform. Receives a JSON webhook with full submission data on each form submission.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Make.com<\/strong> (formerly Integromat) \u2014 Automation platform. Receives a JSON webhook with full submission data on each form submission.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Slack<\/strong> \u2014 Team messaging. Sends a formatted message containing form title and submitted field values to a Slack Incoming Webhook URL. No IP address or user agent is sent.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Mailchimp<\/strong> (Intuit) \u2014 Email marketing. Subscribes the visitor's email address and optionally mapped name fields to a Mailchimp audience list.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Salesforce<\/strong> \u2014 CRM. Submits mapped lead fields via the Web-to-Lead endpoint. Only the fields explicitly mapped by the administrator are sent.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n HubSpot<\/strong> \u2014 CRM. Submits mapped contact properties to the HubSpot Forms API using a Private App token. Only the fields explicitly mapped by the administrator are sent.\nTerms of Service<\/a> | Privacy Policy<\/a><\/p><\/li>\n Custom Webhooks<\/strong> \u2014 Sends a signed JSON payload to an arbitrary endpoint URL configured by the site administrator.<\/p><\/li>\n<\/ul>\n\n First Time Setup<\/strong>\n1. Create your first form or apply a template\n2. Configure email delivery in form settings\n3. Test email delivery before going live<\/p>\n\n\n Open a form in the builder, click Settings<\/strong>, navigate to Email Settings<\/strong> tab, configure your email settings, and click Send test email<\/strong>.<\/p><\/dd>\n If storage is enabled, submissions are saved in Yes! Use the \"User Registration\" template or set form type to \"User Registration\" in settings. The form creates WordPress users and sends a verification email. The new user must confirm before logging in. The verification email is sent using the same delivery provider you configured for the form (SMTP\/API\/wp_mail).<\/p><\/dd>\n For security, login is blocked until the user confirms their email. The verification link redirects back to the WordPress login screen with a success message.<\/p><\/dd>\n Open a form, head to Settings \u2192 Integrations<\/strong>, enable Slack, and paste the webhook URL. Message templates support placeholders such as Enable Mailchimp<\/strong> in the Integrations tab, add your API key, fetch or paste the audience ID, then map the form fields for email and names. Toggle double opt-in if you want Mailchimp to send confirmation emails. See the Mailchimp integration guide<\/a> for screenshots and payload examples.<\/p><\/dd>\n Yes. Enable Salesforce (Essentials)<\/strong> or HubSpot<\/strong>, provide the required identifiers (organisation ID, portal ID, form GUID, etc.) and map the fields you want to sync. Salesforce uses Web-to-Lead, while HubSpot submits to the Forms API with optional GDPR consent. Refer to the Salesforce<\/a> and HubSpot<\/a> integration guides.<\/p><\/dd>\n Yes. If you configured a delivery provider in the form's Email Settings, verification emails are routed through the same provider. If no provider is set (e.g., registration created outside a form context), the plugin falls back to wp_mail().<\/p><\/dd>\n Add custom CSS in Settings \u2192 Advanced \u2192 Custom CSS<\/strong> per form, or target Default: JPG, PNG, GIF, WebP, PDF, DOC, DOCX, TXT. Customize via Go to Settings \u2192 Privacy<\/strong> and select \"Store anonymized IP address\". This removes the last octet (e.g., 192.168.1.xxx).<\/p><\/dd>\n Yes! In Settings \u2192 Privacy<\/strong>, enable \"Automatically delete old submissions\" and set retention period (default: 90 days).<\/p><\/dd>\n Hover over any form in the list and click Duplicate<\/strong>. The copy will have \" (Copy)\" appended to the title.<\/p><\/dd>\n Use the Deactivate<\/strong> action in the Forms list. Deactivated forms are hidden on the frontend and won\u2019t accept submissions, but you keep all data. You can re-enable via Activate<\/strong>.<\/p><\/dd>\nHooks & Filters<\/h3><\/p>\n\n
Action Hooks<\/h4>\n\n
Filter Hooks<\/h4>\n\n
$context<\/code> parameter includes an integration<\/code> key identifying the target.\n apply_filters('formatrica_webhook_payload', $body, $form, $payload, $context, $field_meta);<\/p>\n\nREST API<\/h3>\n\n
formatrica\/v1<\/code> namespace. All admin endpoints require the manage_options<\/code> capability and a valid REST nonce.<\/p>\n\nPublic Endpoints<\/h4>\n\n
US<\/code>, DE<\/code>). The country code is validated to exactly two uppercase letters. No user data is accepted or stored.<\/p>\n\nAdmin Endpoints (require `manage_options` + REST nonce)<\/h4>\n\n
\n
GET\/POST \/formatrica\/v1\/forms<\/code> \u2014 List or create forms<\/li>\nGET\/PUT\/PATCH\/DELETE \/formatrica\/v1\/forms\/{form_id}<\/code> \u2014 Read, update, or delete a form<\/li>\nPOST \/formatrica\/v1\/emails\/test<\/code> \u2014 Send a test email<\/li>\nGET \/formatrica\/v1\/wp\/post-types<\/code> \u2014 List available post types<\/li>\nGET \/formatrica\/v1\/woocommerce\/catalog<\/code> \u2014 List WooCommerce products\/categories<\/li>\nPOST \/formatrica\/v1\/integrations\/mailchimp\/lists<\/code> \u2014 Fetch Mailchimp audience lists<\/li>\nGET\/POST \/formatrica\/v1\/settings\/email<\/code> \u2014 Read or update email settings<\/li>\nPOST \/formatrica\/v1\/settings\/email\/test<\/code> \u2014 Test email configuration<\/li>\nGET \/formatrica\/v1\/settings\/email\/diagnostics<\/code> \u2014 Email delivery diagnostics<\/li>\n<\/ul>\n\nExternal services<\/h3>\n\n
CAPTCHA Verification<\/h4>\n\n
\n
Email Delivery<\/h4>\n\n
\n
wp_mail()<\/code> with no external API call.<\/p>\n\nIntegrations<\/h4>\n\n
\n
Privacy<\/h3>\n\n
Local Data Storage<\/h4>\n\n
\n
\n
\/wp-content\/plugins\/formatrica<\/code>, or install through the WordPress plugins screen<\/li>\n[formatrica id=\"123\"]<\/code> or Gutenberg block to embed forms<\/li>\n<\/ol>\n\n\n
How do I send a test email?<\/h3><\/dt>\n
Where are submissions stored?<\/h3><\/dt>\n
{$wpdb->prefix}formatrica_submissions<\/code> table with full field metadata.<\/p><\/dd>\nCan I create WordPress users from forms?<\/h3><\/dt>\n
Why is the new user blocked from logging in?<\/h3><\/dt>\n
How do I send Slack notifications?<\/h3><\/dt>\n
{{form_title}}<\/code> and {{field:email}}<\/code>. See the Slack integration guide<\/a> for a detailed walkthrough.<\/p><\/dd>\nHow do I add contacts to Mailchimp?<\/h3><\/dt>\n
Can I push submissions into Salesforce or HubSpot?<\/h3><\/dt>\n
Do verification emails use my SMTP\/API settings?<\/h3><\/dt>\n
How do I customize form styling?<\/h3><\/dt>\n
.formatrica<\/code> classes in your theme.<\/p><\/dd>\nWhat file types are allowed for uploads?<\/h3><\/dt>\n
formatrica_allowed_file_types<\/code> filter.<\/p><\/dd>\nHow do I anonymize IP addresses?<\/h3><\/dt>\n
Can submissions be automatically deleted?<\/h3><\/dt>\n
How do I duplicate a form?<\/h3><\/dt>\n
How do I disable a form without deleting its data?<\/h3><\/dt>\n
What\u2019s the difference between Deactivate and Delete permanently?<\/h3><\/dt>\n