Contact Form 7 4.9 is now available. If you have contact forms for logged-in users, the newly introduced subscribers-only mode will be a great improvement. 4.9 adds new filter hooks and a custom DOM event that allows you to control your contact forms more flexibly. Fixes for several bugs seen in the previous versions are also included. I strongly recommend upgrading to 4.9 now.
Subscribers-only mode
You may want to ensure that only logged-in users can submit your contact form. In such cases, use the subscribers-only mode. In this mode, non-logged-in users can’t submit the contact form and will see a message informing them that login is required, while logged-in users can use it as usual.
To use the subscribers-only mode, open the Additional Settings tab panel and just input the following line into the field:
subscribers_only: true
No anti-spam verification will be provided for contact forms in the subscribers-only mode since only welcome people are supposed to be able to use them. If this assumption is not applicable to your site, subscribers-only mode probably isn’t a good option for you.
No nonce by default
A nonce is a randomly generated string used for security purposes. Contact Form 7 verifies a nonce to ensure that a form submission has correctly been sent from the contact form and not faked by a spammer.
You can set the WPCF7_VERIFY_NONCE
constant to determine whether to verify nonces. In the past, the default value was true. Contact Form 7 4.9 changes the default value to false because any good effect expected from a nonce is limited when it is used for a publicly-open contact form that anyone can submit, and undesirable side effects have been seen in some cases.
You can continue to use nonces by setting the WPCF7_VERIFY_NONCE
constant to true explicitly, or by using the new wpcf7_verify_nonce
filter hook like the following:
add_filter( 'wpcf7_verify_nonce', '__return_true' );
Note that the subscribers-only mode needs nonces to work and a nonce is used in the contact form in the subscribers-only mode regardless of the value of the WPCF7_VERIFY_NONCE
constant.
Requires: WordPress 4.7 or higher
Tested up to: WordPress 4.8.1
» Download Contact Form 7 plugin from WordPress.org
Change log
- Supports
subscribers_only
setting - Changes the default value of
WPCF7_VERIFY_NONCE
to false WPCF7_FormTagsManager::collect_tag_types()
supportsinvert
option- New filter hooks:
wpcf7_verify_nonce
,wpcf7_subscribers_only_notice
,wpcf7_remote_ip_addr
, andwpcf7_submission_is_blacklisted
- Fixed: Form-tag’s tabindex option did not accept 0 or negative integer values
- Shows a validation error when no option in a radio buttons group is checked
- Config validator: Adds a validation rule against the use of deprecated settings (on_sent_ok and on_submit)
- Allows to pass the
skip_mail
option through theWPCF7_ContactForm::submit()
andWPCF7_Submission::get_instance()
function parameters. - Triggers
wpcf7beforesubmit
custom DOM event. You can manipulate the formData object through an event handler.