From the next major release, Contact Form 7 will employ a new policy on support for old WordPress and PHP versions. In this policy, the plugin supports:
WordPress: The second latest major version (at the time of the plugin’s major release) and greater.
PHP: Versions recommended by the second latest major version of WordPress.
You may realize that performance on this site is better than before. You are right. We migrated this site to Kinsta hosting. Not only better performance, but we achieved a significant cost reduction ($6,624/year => $2,250/year).
In the past few hours a lot of Contact Form 7 users have reported that their security tools provided by Avast Software have given a security alert about Contact Form 7. In particular, the alert says it has found a Trojan Horse in one of the script files in the Contact Form 7 package.
I have confirmed no such malware exists in Contact Form 7, so I believe that it is probably a false alarm. So far we haven’t received any information from Avast about this case.
I’ll update this post when there is new information.
The Sendinblue integration module for Contact Form 7 is under development. We plan to include this module into Contact Form 7 5.4, which will be released next February.
Are you interested in being one of the initial stage users of the module? We call for volunteer beta testers to try this module on their websites and report issues if they find bugs or room for improvement.
If it is OK for you to become a beta tester, please refer to the instructions on the GitHub repository page and download a plugin package for the module.
WordPress 5.5 has introduced the auto-update feature for plugins and themes. Keeping plugins and themes updated to the latest version is a key factor in managing your WordPress site securely. We strongly recommend you enable auto-updates for the Contact Form 7 plugin, but you should also be aware that there are risks involved in the use of auto-updates.
I’m excited to present Contact Form 7’s official logo!
This elegant, minimalistic logo was designed by Cheung Vong, an artist, designer, developer, and long-time user of Contact Form 7. For more than ten years since its beginning, Contact Form 7 has had no official logo. Now I can say proudly, “This is our logo!” Thank you for your great work, Cheung!
What’s the mountain?
The mountain seen in the icon is Mount Fuji. Because I have used Hokusai’s old print art as a temporary logo for many years, and users are familiar with the image, I asked the designer to continue using Mount Fuji as a motif in the new logo.
While it is not a vulnerability of WordPress, or its plugins, because there must be so many users of our products who are at risk of these vulnerabilities, and the damage from it could be huge, I think I should write an article here to alert you of the issue.
Contact Form 7 protects your forms from spammers with several different spam protection modules such as Akismet, reCAPTCHA, and disallowed list. These modules help a lot, but how can you know which module has blocked a submitted message and why the module has blocked it?
The Additional Setting “on_sent_ok” is used to assign a JavaScript code that will be executed when a form submission completes and mail has been sent successfully. It is often used for the purpose of tracking form submissions with web analytics services or redirecting to another page after a form submission.
The “on_sent_ok” and its sibling setting “on_submit” are deprecated and scheduled to be abolished by the end of 2017. It’s not that using those settings is unsafe, but it’s possible that enabling them will increase risk in case there are vulnerabilities in this plugin or in other components of your site. It’s time to replace them with a safer alternative.
Update: on_sent_ok and on_submit have been officially removed from Contact Form 7 5.0.