WordPress 5.5 has introduced the auto-update feature for plugins and themes. Keeping plugins and themes updated to the latest version is a key factor in managing your WordPress site securely. We strongly recommend you enable auto-updates for the Contact Form 7 plugin, but you should also be aware that there are risks involved in the use of auto-updates.
Continue reading Heads-up about auto-updatesCategory Archives: Announcement
Development moves to GitHub
The development repository of Contact Form 7 has moved to GitHub. The GitHub repository lets you:
- Browse the code in development branches;
- Trace back through the development logs;
- Contribute to the development by reporting issues and making pull requests;
- And more!
The release repository will continue to be on the WordPress.org Plugin Directory’s SVN-based system as before.
New official logo
I’m excited to present Contact Form 7’s official logo!
This elegant, minimalistic logo was designed by Cheung Vong, an artist, designer, developer, and long-time user of Contact Form 7. For more than ten years since its beginning, Contact Form 7 has had no official logo. Now I can say proudly, “This is our logo!” Thank you for your great work, Cheung!
What’s the mountain?
The mountain seen in the icon is Mount Fuji. Because I have used Hokusai’s old print art as a temporary logo for many years, and users are familiar with the image, I asked the designer to continue using Mount Fuji as a motif in the new logo.
Heads-up about spreadsheet vulnerabilities
Vulnerabilities affecting spreadsheet applications like Microsoft Excel and OpenOffice Calc have been known to exist for over 5 years, and unfortunately they seem to be still unresolved.
While it is not a vulnerability of WordPress, or its plugins, because there must be so many users of our products who are at risk of these vulnerabilities, and the damage from it could be huge, I think I should write an article here to alert you of the issue.
Continue reading Heads-up about spreadsheet vulnerabilitiesWhy is this message marked “Spam”?
Contact Form 7 protects your forms from spammers with several different spam protection modules such as Akismet, reCAPTCHA, and disallowed list. These modules help a lot, but how can you know which module has blocked a submitted message and why the module has blocked it?
Continue reading Why is this message marked “Spam”?on_sent_ok is deprecated
The Additional Setting “on_sent_ok” is used to assign a JavaScript code that will be executed when a form submission completes and mail has been sent successfully. It is often used for the purpose of tracking form submissions with web analytics services or redirecting to another page after a form submission.
The “on_sent_ok” and its sibling setting “on_submit” are deprecated and scheduled to be abolished by the end of 2017. It’s not that using those settings is unsafe, but it’s possible that enabling them will increase risk in case there are vulnerabilities in this plugin or in other components of your site. It’s time to replace them with a safer alternative.
Update: on_sent_ok and on_submit have been officially removed from Contact Form 7 5.0.
HTML is not allowed in messages
In the Messages tab in a contact form editor screen, you can edit messages that Contact Form 7 displays in different situations. In the messages, you can only use plain text; do not use HTML tags and entities.
Allowing HTML in a message can be a security risk; Contact Form 7 4.4 and later forcibly strip HTML when displaying the message. Review the Messages tab to make sure that you don’t have any HTML there.
Continue reading HTML is not allowed in messagesRed border error issue on WordPress 4.4.1
We are currently seeing trouble reports in a specific pattern on the support forum. The most common issue is:
- After a form submission, they see “Failed to send your message” with a red border. Mail is not sent.
- They claim that the trouble started after upgrading to WordPress to 4.4.1.
Translations Migrate to translate.wordpress.org
This is an announcement for volunteer translators.
Thanks to your enormous effort, Contact Form 7 is now available in 64 languages. This is great, and I appreciate your contributions.
As you may already know, translate.wordpress.org (GlotPress) has been introduced as the translation infrastructure for WordPress and related projects. It added plugin translation support last year.
Translating on translate.wordpress.org has a lot of advantages; for example, you can translate collaboratively to share the burden with other translators.
We are going to migrate translations to translate.wordpress.org.
Next time you update the translation, please do it on translate.wordpress.org. For the details of translate.wordpress.org, refer to the Translator Handbook. Also, I updated the instruction page for beginner translators.
Contact Form 7 4.4 is scheduled to be released next month. I’ll check the status of translations just before the release, and if there are languages that are 100% translated at the time, I’ll remove the corresponding language (.mo) files from the plugin package so that the translations on translate.wordpress.org are used preferentially.