Tidy Contact Form – Simple Form with Anti-Spam
Tidy Contact Form is built on a simple promise: a contact form that just works.
- No page builder. No drag & drop. No bloat.
- Gutenberg block + shortcode.
- Loads CSS and JS only on pages that use the form.
- Under 50 KB total.
- Zero required external dependencies.
Core features
- Gutenberg block: search ”Tidy Contact Form” in the block inserter, with template picker in the sidebar
- Shortcode:
[tidy_contact_form]with attributes (template, email_to, subject, rgpd, id) - Fields: Name, Email, Subject, Phone (optional), Message, RGPD consent checkbox
- Security: WordPress nonce + honeypot + time-check + IP rate limiting
- Anti-spam CAPTCHA: Google reCAPTCHA v3 (invisible) or Cloudflare Turnstile (privacy-friendly)
- Emails: Admin notification + optional auto-reply to sender
- SMTP: Built-in SMTP configuration for reliable delivery
- 5 templates: Default, Minimal, Card, Inline (2-col), Dark
- Dark mode: Auto via CSS custom properties
- Works without JavaScript: Progressive enhancement with admin-post.php fallback
Message management
- Message storage: All submissions saved as a Custom Post Type
- Unread badge: Unread message count in the admin menu
- Dashboard widget: Recent messages and statistics at a glance
- CSV export: One-click download from the messages list
- Auto-purge: Delete messages older than X days
Integrations
- Webhooks: Generic JSON (Zapier, Make, n8n), Slack, Discord
- Mailing lists: MailerLite, Brevo, ConvertKit, SendGrid
- Import/Export: Transfer settings between sites as JSON
What we deliberately left out
No drag-and-drop builder. No conditional logic engine. No CRM. No upsells. No tracking pixels.
More from Tidy Plugins
If you like this plugin, take a look at the rest of the Tidy suite:
- Tidy Table of Contents — automatic, accessible table of contents
- Tidy Draft Share — share drafts via secure, expiring preview links
- Tidy Author Box — author bio box with avatar and social links
- Tidy Broken Link Scan — find broken links and images, no external service
External services
This plugin can connect to several third-party services. All of them are strictly opt-in: no external request is made unless the corresponding option is enabled and credentials/URLs are configured in the plugin settings.
Google reCAPTCHA v3 (anti-spam, optional)
* Host: www.google.com/recaptcha/api/siteverify (server side) and www.google.com/recaptcha/api.js (loaded in the browser).
* What is sent: the user’s reCAPTCHA token, the site secret key, and the visitor’s IP address (Google may also collect cookies and browsing data — see Google’s policy).
* When: each time a visitor submits the form, only if ”Google reCAPTCHA v3” is selected and a secret key is configured.
* Privacy: https://policies.google.com/privacy — Terms: https://policies.google.com/terms
Cloudflare Turnstile (privacy-friendly CAPTCHA, optional)
* Host: challenges.cloudflare.com/turnstile/v0/siteverify (server side) and challenges.cloudflare.com/turnstile/v0/api.js (loaded in the browser).
* What is sent: the Turnstile response token and the site secret key.
* When: each time a visitor submits the form, only if ”Cloudflare Turnstile” is selected and a secret key is configured.
* Privacy: https://www.cloudflare.com/privacypolicy/ — Terms: https://www.cloudflare.com/website-terms/
Webhooks (Slack, Discord, generic JSON for Zapier / Make / n8n, optional)
* Host: any URL you configure in the Integrations tab (for example hooks.slack.com, discord.com/api/webhooks, your own endpoint).
* What is sent: a JSON payload with the submitted form fields (name, email, subject, message, site URL, timestamp).
* When: each time a visitor submits the form, only if at least one webhook URL is filled in.
* Privacy/Terms: Slack — https://slack.com/privacy and https://slack.com/terms-of-service ; Discord — https://discord.com/privacy and https://discord.com/terms ; for generic endpoints, see the policy of the service you point to.
Mailing-list providers (MailerLite, Brevo, ConvertKit, SendGrid, optional)
* Hosts: connect.mailerlite.com, api.brevo.com, api.convertkit.com, api.sendgrid.com.
* What is sent: the visitor’s email address and first name, plus your API key and the configured list/group identifier.
* When: each time a visitor submits the form, only if one of these providers is selected, an API key is configured, and the visitor ticked the corresponding opt-in checkbox.
* Privacy/Terms: MailerLite — https://www.mailerlite.com/privacy-policy and https://www.mailerlite.com/legal/terms-of-service ; Brevo — https://www.brevo.com/legal/privacypolicy/ and https://www.brevo.com/legal/termsofuse/ ; ConvertKit — https://convertkit.com/privacy and https://convertkit.com/terms ; SendGrid — https://www.twilio.com/en-us/legal/privacy and https://www.twilio.com/en-us/legal/tos
