Contact Form 7 4.9 is now available. If you have contact forms for logged-in users, the newly introduced Subscribers-Only Mode will be a great improvement. 4.9 adds new filter hooks and a custom DOM event that allows you to control your contact forms more flexibly. Fixes for several bugs seen in the previous versions are also included. I strongly recommend upgrading to 4.9 now.

Subscribers-Only Mode

You may want to ensure that only logged-in users can submit your contact form. In such cases, use the subscribers-only mode. In this mode, non-logged-in users can’t submit the contact form and will see a message informing them that login is required, while logged-in users can use it as usual.

To use the subscribers-only mode, open the Additional Settings tab panel and just input the following line into the field:

subscribers_only: true

No anti-spam verification will be provided for contact forms in the subscribers-only mode since only welcome people are supposed to be able to use them. If this assumption is not applicable to your site, subscribers-only mode probably isn’t a good option for you.

No Nonce by Default

A nonce is a randomly generated string used for security purposes. Contact Form 7 verifies a nonce to ensure that a form submission has correctly been sent from the contact form and not faked by a spammer.

You can set the WPCF7_VERIFY_NONCE constant to determine whether to verify nonces. In the past, the default value was true. Contact Form 7 4.9 changes the default value to false because any good effect expected from a nonce is limited when it is used for a publicly-open contact form that anyone can submit, and undesirable side effects have been seen in some cases.

You can continue to use nonces by setting the WPCF7_VERIFY_NONCE constant to true explicitly, or by using the new wpcf7_verify_nonce filter hook like the following:

add_filter( 'wpcf7_verify_nonce', '__return_true' );

Note that the subscribers-only mode needs nonces to work and a nonce is used in the contact form in the subscribers-only mode regardless of the value of the WPCF7_VERIFY_NONCE constant.

Requires: WordPress 4.7 or higher
Tested up to: WordPress 4.8.1

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Supports subscribers_only setting
• Changes the default value of WPCF7_VERIFY_NONCE to false
• WPCF7_FormTagsManager::collect_tag_types() supports invert option
• New filter hooks: wpcf7_verify_nonce, wpcf7_subscribers_only_notice, wpcf7_remote_ip_addr, and wpcf7_submission_is_blacklisted
• Fixed: Form-tag’s tabindex option did not accept 0 or negative integer values
• Shows a validation error when no option in a radio buttons group is checked
• Config validator: Adds a validation rule against the use of deprecated settings (on_sent_ok and on_submit)
• Allows to pass the skip_mail option through the WPCF7_ContactForm::submit() and WPCF7_Submission::get_instance() function parameters.
• Triggers wpcf7beforesubmit custom DOM event. You can manipulate the formData object through an event handler.

Contact Form 7 4.9.1 is now available. This release includes several fixes and improvements and has been confirmed to be compatible with WordPress 4.9.

Requires: WordPress 4.7 or higher
Tested up to: WordPress 4.9

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Code using create_function() has been removed to avoid security risks and warnings given when using with PHP 7.2+.
• Display the notice of config validation again to encourage admins to apply some important validation items recently added.
• REST API endpoint returns more specific HTTP status code 409 instead of 400.
• Fixed appearance of configuration error signs in the Additional Settings tab.

Contact Form 7 4.9.2 is available. This is a maintenance release that includes some bug-fixes and improvements. Though none of them is critical, updating immediately is recommended.

Requires: WordPress 4.7 or higher
Tested up to: WordPress 4.9.1

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Remove improper uses of esc_sql().
• Fix the refill REST-API request so that a nonce is set when available.
• Give more contrast to unused mail-tags in the Mail tab panel to make them easier to recognize.
• Undo the previous change of HTTP status code for the REST-API response.

Contact Form 7 5.0 is now available. With growing awareness of personal data protection, we are working on improvements that will allow you to make contact forms more privacy-friendly. Some of these changes are included in 5.0. Also, with newly introduced filter hooks and special mail tag types, customizability of mail has been significantly improved.

Acceptance Checkbox

Acceptance checkbox is one of the form-tag types that Contact Form 7 has long provided. It consists of a simple checkbox dedicated to confirming the submitter’s consent on a given condition.

We decided to redefine this feature because it was no longer adequate to meeting increasing requirements. Obtaining explicit consent in advance of collecting personal data is now considered essential in terms of protecting privacy rights. Therefore, it is important to record who has consented to what conditions if there is a possibility of reusing the personal data.

With the new acceptance checkbox, you can specify a condition to consent to in the content part of the form-tag, and if the submitter consents to it, the fact will be recorded in a mail message, or in the database (Flamingo).

on_sent_ok Retired

The additional settings on_sent_ok and on_submit have been officially removed from this release. The reason behind this decision and the better alternative now offered were explained in this announcement post.

Requires: WordPress 4.8 or higher
Tested up to: WordPress 4.9.2

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Additional settings: on_sent_ok and on_submit have been removed.
• New additional setting: skip_mail
• Flamingo: Inbound channel title changes in conjunction with a change in the title of the corresponding contact form.
• DOM events: Make an entire API response object accessible through the event.detail.apiResponse property.
• HTML mail: Adds language-related attributes to the HTML header.
• File upload: Sets the accept attribute to an uploading field.
• Introduces the WPCF7_MailTag class.
• Allows aborting a mail-sending attempt using the wpcf7_before_send_mail action hook. Also, you can set a custom status and a message through the action hook.
• Acceptance checkbox: Allows the specifying of a statement of conditions in the form-tag’s content part.
• Acceptance checkbox: Supports the optional option.
• New special mail tags: [_site_title], [_site_description], [_site_url], [_site_admin_email], [_invalid_fields], [_user_login], [_user_email], [_user_url], [_user_first_name], [_user_last_name], [_user_nickname], and [_user_display_name]
• New filter hooks: wpcf7_upload_file_name, wpcf7_autop_or_not, wpcf7_posted_data_{$type}, and wpcf7_mail_tag_replaced_{$type}
• New form-tag features: zero-controls-container and not-for-mail

Contact Form 7 5.0.1 is available. This is a maintenance release including some bug-fixes and improvements.

Requires: WordPress 4.8 or higher
Tested up to: WordPress 4.9.4

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Fixed incorrect uses of _n().
• Config validation: Fixed incorrect count of alerts in the Additional Settings tab panel.
• Config validation: Fixed improper treatment for the [_site_admin_email] special mail-tag in the From mail header field.
• Acceptance checkbox: The class and id attributes specified were applied to the wrong HTML element.
• Config validation: When there is an additional mail header for mailboxes like Cc or Reply-To, but it has a possible empty value, “Invalid mailbox syntax is used” error will be returned.
• Explicitly specify the fourth parameter of add_action() to avoid passing unintended parameter values.
• Check if the target directory is empty before removing the directory.

You may have already heard of GDPR, the European data protection regulation that will be applicable as of May 25 this year. Although it is an EU law, you will be required to comply with GDPR as long as you are engaged in storing or processing personal data of EU citizens, even if you are not an EU citizen.

“Is Contact Form 7 compliant with GDPR?” We’ve been getting a lot of inquiries like this about GDPR, but unfortunately I don’t have a precise answer. Since I’m not a lawyer, I’m not in a position to say whether a WordPress plugin is compliant with specific legislation or not.

What I can tell you is that we always work to assist using Contact Form 7 in a privacy-friendly manner. We design Contact Form 7 carefully to allow you to make contact forms compliant with the current data protection standards, including GDPR.

The remainder of this post is my personal advice on making privacy-friendly contact forms. A lot of responsibility for making your contact forms GDPR-compliant still lies with you as the webmaster or contact form controller, but you should be able to accomplish it with this advice.

Don’t Collect Unnecessary Data

A privacy-friendly contact form requires minimum information from the submitter.

If your contact form has ten or more input fields, you may find that there are some fields you can actually live without. Review your contact form and remove unnecessary fields.

The less personal data you collect, the less impact of possible data breaches. The golden rule is that, if you are not 100% sure that the data is necessary, just remove the field.

You should also avoid collecting sensitive personal data, such as information about ethnic origin, political opinions, religious or philosophical beliefs, or genetic or biometric data.

Obtain Clear Consent

Obtaining clear and unambiguous consent in advance of collecting personal data is now considered essential in terms of protecting privacy rights.

Contact Form 7 provides the acceptance form-tag type to represent acceptance checkboxes that are dedicated to confirming the submitter’s consent for a specific condition.

Although an acceptance form-tag can include the default:on option that makes checkbox selection by default, using this option isn’t recommended because any consent that has been obtained by default isn’t considered adequate in current data protection standards.

Don’t try to hide the conditions for consent in your Terms and Conditions or Privacy Policy document and just confirm the submitter’s consent by a single checkbox for the whole content of the documents. Each condition for how the data will be treated must be described in an unambiguous fashion, and you need to obtain clear consent for each individual item.

When the data subject is a child, you may be required to obtain additional consent from a parent.

Privacy Notices

Figure out how personal data collected through the contact form will be processed and stored, and explain the entire data flow in the privacy policy document.

At minimum, be clear on these points:

• What types of personal data are collected through the contact form?
• For what purposes those data necessary?
• Who can access the data?
• Are the data stored in some way? If so, where and for how long are they stored?
• Are the data shared with third-party entities? If so, who are they?
• In which country will the data be processed?
• What security measures are taken to protect the data?
• Can data subjects request exporting or deleting their data?

When someone makes a request to export or delete their personal data, and there is a good reason such as tangible privacy concerns, you’ll need to accede to the request.

The privacy policy should be written in plain language that the data subject can understand. Don’t write it like a legal document or a technical document that is difficult for laymen.

Security Considerations

Protect the personal data you’ve collected with appropriate security measures according to current common sense.

For example, implementing HTTPS for the entire website and encrypting data flow between the client browser and web server is now considered to be a common practice. On the other hand, encrypting an email message itself is advisable, but is not yet very common practice.

Many people seem to have a misconception that storing data in the database is less secure than sending them via email. In most cases, the security level of email implementation isn’t that good. In fact, do you know exactly who can access the email? Are you sure that the email recipients don’t forward messages to other parties who you don’t know? What if their personal computers are not maintained securely and malware are installed? Do you know in which country mail servers exist? You may be able to make things clearer if you manage them in the database.

There are cases in which you can reduce the risk by stopping email and storing data only in the database. You can use the Flamingo plugin to store contact form submissions in the database, and Contact Form 7’s skip_mail setting lets the contact form skip the email sending process.

GDPR does not specify what particular security measures should be applied, so the decision is up to you.

Contact Form 7 5.0.2 is available. This is a maintenance release including some bug-fixes and improvements.

Requires: WordPress 4.8 or higher
Tested up to: WordPress 4.9.6

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Added the Privacy Notices section to the readme.txt file.
• Updated the Information meta-box content.
• Use get_user_locale() instead of get_locale() where it is more appropriate.
• Acceptance Checkbox: Reset submit buttons’ disabled status after a successful submission.

Contact Form 7 5.0.3 is available. This is a maintenance release including some bug-fixes and improvements. In addition, Contact Form 7 5.0.3 introduces a few features related to personal data protection.

Anonymizing IP Address

Contact Form 7 5.0.3 added the wpcf7_anonymize_ip_addr function. This function anonymizes an IP address by replacing the last octet (IPv4) or the last 80 bits (IPv6) of the address with zero values.

$anonymized = wpcf7_anonymize_ip_addr( '198.51.100.123' );
// $anonymized => '198.51.100.0'

If you want to anonymize form submitters’ remote IP addresses to ensure that you don’t collect their personal data (user’s IP address is a type of personal data in terms of the current personal data protection standards like GDPR), use this function in combination with the wpcf7_remote_ip_addr filter hook, like this:

add_filter( 'wpcf7_remote_ip_addr', 'wpcf7_anonymize_ip_addr' );

consent_for:storage Option

If you want to decide whether to store the submission data in the database based on the submitter’s selection, you can do it with the newly introduced consent_for:storage form-tag option. While it is possible to use this option in any type of form-tags that accept user input, using it in an acceptance checkbox form-tag, like the following example, is the most common use:

[acceptance your-consent consent_for:storage optional] I consent that this submission data is to be stored in the database. [/acceptance]

If the submitter doesn’t select the checkbox, Contact Form 7 sets the do_not_store property and allows message storage plugins like Flamingo to not store this submission, so the entirety of the submission data won’t be stored in the database.

Requires: WordPress 4.8 or higher
Tested up to: WordPress 4.9.7

» Download Contact Form 7 plugin from WordPress.org

Change Log

• CSS: Applies the “not-allowed” cursor style to submit buttons in the “disabled” state.
• Acceptance Checkbox: Revises the tag-generator UI to encourage the use of better options in terms of personal data protection.
• Introduces wpcf7_anonymize_ip_addr() function.
• Introduces the consent_for:storage option for all types of form-tags.

Contact Form 7 5.0.4 is available. This is a security and maintenance release and we strongly encourage you to update to it immediately.

A privilege escalation vulnerability has been found in Contact Form 7 5.0.3 and older versions. Utilizing this vulnerability, a logged-in user in the Contributor role can potentially edit contact forms, which only Administrator and Editor-role users are allowed to access by default. This issue has been reported by Simon Scannell from RIPS Technologies.

To minimize damage from possible attacks utilizing those vulnerabilities, Contact Form 7 5.0.4 and higher will restrict the local file attachment feature. More particularly, you will no longer be able to specify an absolute file path that refers to a file placed outside the wp-content directory. You can still specify files inside the wp-content directory with relative or absolute file paths, so all you need to change is the location of the attachment files.

Requires: WordPress 4.8 or higher
Tested up to: WordPress 4.9.8

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Specifies the capability_type argument explicitly in the register_post_type() call to fix the privilege escalation vulnerability issue.
• Local File Attachment – disallows the specifying of absolute file paths referring to files outside the wp-content directory.
• Config Validator – adds a test item to detect invalid file attachment settings.
• Fixes a bug in the JavaScript fallback function for legacy browsers that do not support the HTML5 placeholder attribute.
• Acceptance Checkbox – unsets the form-tag’s do-not-store feature.

Contact Form 7 5.0.5 is available. This is a maintenance release including a few minor bug-fixes.

Requires: WordPress 4.8 or higher
Tested up to: WordPress 4.9.8

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Fixes the inconsistency problem between get_data_option() and get_default_option() in the WPCF7_FormTag class.
• Suppresses PHP errors occur on unlink() calls.
• Introduces wpcf7_is_file_path_in_content_dir() to support the use of the UPLOADS constant.

Contact Form 7 5.1 is now available. There are major upgrades in the Integration page. The Constant Contact integration module has been newly introduced, and the reCAPTCHA module now supports the v3 API.

Constant Contact Integration

The Constant Contact integration module allows you to send contact data collected through your contact forms to the Constant Contact API. You can create reliable email subscription services in a few easy steps. For details, see Constant Contact Integration.

reCAPTCHA v3

The reCAPTCHA technology keeps on evolving. With the latest version of reCAPTCHA v3, you don’t even need to tick the “I’m not a robot” checkbox. You can’t hide, robots! For details, see reCAPTCHA (v3).

Requires: WordPress 4.9 or higher
Tested up to: WordPress 5.0

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Introduces the Constant Contact integration module.
• Updates the reCAPTCHA module to support reCAPTCHA v3.
• Adds Dark Mode style rules.

Contact Form 7 5.1.1 has just been released. This release makes improvements to the server side validation process of reCAPTCHA.

If you use reCAPTCHA v3 with Contact Form 7 5.1 and feel that you get more spam through contact forms than before, upgrading to 5.1.1 might relieve the situation.

But, please read through this post before you run an upgrade. This is an important notice.

It is expected that some websites using reCAPTCHA v3 will experience side effects from the changes in 5.1.1. In those cases, you will see a response message surrounded by an orange border every time after you submit a form.

The orange border indicates that a spammy attempt has been detected by a spam protection module like reCAPTCHA. Seeing the orange border every time is obviously abnormal unless you are a real spambot.

If you get into such situations after upgrading to 5.1.1, you are advised to ensure that the theme you use properly loads JavaScript in the footer area of each page.

We know some theme authors improperly omit wp_footer() call to block scripts from loading. That is one of the worst practices in theme development that will surely causes problems like those explained above. Ask the theme author for a fix if you find your theme has such issues.

Requires: WordPress 4.9 or higher
Tested up to: WordPress 5.0.1

» Download Contact Form 7 plugin from WordPress.org

Change Log

• reCAPTCHA: Modifies the reaction to empty response tokens.

Contact Form 7 5.1.2 is now available. This is a maintenance release that includes some bug-fixes and improvements. If you use the Constant Contact integration, you will find the newly introduced contact list selector very useful.

Requires: WordPress 4.9 or higher
Tested up to: WordPress 5.2

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Constant Contact: Introduces the contact list selector.
• Constant Contact: Introduces the constant_contact additional setting.
• reCAPTCHA: Introduces the wpcf7_recaptcha_actions and wpcf7_recaptcha_threshold filter hooks.

Contact Form 7 protects your forms from spammers with several different spam protection modules such as Akismet, reCAPTCHA, and Comment Blacklist. These modules help a lot, but how can you know which module has blocked a submitted message and why the module has blocked it?

In the past, there was no method for knowing why a message was being marked as spam. The latest releases of the Contact Form 7 and Flamingo plugins have jointly introduced the spam logging feature, which tells you the reason a message is in the Spam tray.

This spam logging feature requires Contact Form 7 5.1.2 or higher, and Flamingo 2.0 or higher.

Contact Form 7 5.1.4 is now available. This is a maintenance release that includes some bug-fixes and improvements.

Alternative Way to Set reCAPTCHA API Keys

To use reCAPTCHA, you need to set reCAPTCHA v3 API keys (the site key and secret key) on the Integration screen.

Contact Form 7 5.1.4 introduces an alternative way to set those keys, and it would be useful to share the same API key pair among different domains.

You can set the keys using the WPCF7_RECAPTCHA_SITEKEY and WPCF7_RECAPTCHA_SECRET constants like the following:

define( 'WPCF7_RECAPTCHA_SITEKEY', '(site key here)' );

define( 'WPCF7_RECAPTCHA_SECRET', '(secret key here)' );

You can also do the same thing using the wpcf7_recaptcha_sitekey and wpcf7_recaptcha_secret filter hooks:

add_filter( 'wpcf7_recaptcha_sitekey', function( $sitekey ) {
	return '(site key here)';
} );

add_filter( 'wpcf7_recaptcha_secret', function( $secret ) {
	return '(secret key here)';
} );

Needless to say, you will still need to register the sites correctly on Google’s reCAPTCHA configuration page. Otherwise reCAPTCHA won’t work on your sites. For details about reCAPTCHA setup, see reCAPTCHA (v3).

Requires: WordPress 4.9 or higher
Tested up to: WordPress 5.2.2

» Download Contact Form 7 plugin from WordPress.org

Change Log

• reCAPTCHA: introduces the WPCF7_RECAPTCHA_SITEKEY and WPCF7_RECAPTCHA_SECRET constants.
• reCAPTCHA: Introduces the wpcf7_recaptcha_sitekey and wpcf7_recaptcha_secret filter hooks.
• Adds $status parameter to the wpcf7_form_response_output filter.
• Creates a nonce only when the submitter is a logged-in user.
• Introduces WPCF7_ContactForm::unit_tag(), a public method that returns a unit tag.
• reCAPTCHA: gives a different spam log message for cases where the response token is empty.
• Acceptance Checkbox: supports the label_first option in an acceptance form-tag.

Flamingo 2.1 is now available. You no longer have to move spam messages to Trash manually since Flamingo does the task for you. Also, a new contributor has joined the Flamingo development team.

Auto-trashing Spam

You might be getting a lot of spam messages every day and are annoyed by moving them to Trash by hand. The auto-trashing feature introduced by Flamingo 2.1 will mitigate the burden.

No setup is needed; just leave the spam messages for 30 days. After 30 days, you will find the messages are gone and moved to the Trash folder. Messages in Trash will be removed completely after another 30 days.

You can increase or decrease the number of days that Flamingo keeps messages in the Spam folder (default is 30). To do this, define the FLAMINGO_MOVE_TRASH_DAYS constant in your wp-config.php file, like the following:

define( 'FLAMINGO_MOVE_TRASH_DAYS', 10 ); // 10 days to move to trash

If you prefer to keep moving messages manually, set FLAMINGO_MOVE_TRASH_DAYS to false or 0 to deactivate the auto-trashing feature:

define( 'FLAMINGO_MOVE_TRASH_DAYS', false ); // stop auto-trashing

Notice that this auto-trashing is applied only to new messages created after you upgrade Flamingo to 2.1 or higher. Old messages remain in the Spam folder unless you manually move them to Trash.

New Contributor

Umar Draz has joined the Flamingo development team. He is a WordPress plugin developer and a co-organizer of WordCamp Islamabad and WordPress Meetup Islamabad, Pakistan.

Umar did most of the work of Flamingo 2.1 development. He makes clever and beautiful code. I have great hopes that Flamingo will make a leap forward with his help.

Umar, welcome aboard!

Contact Form 7 5.1.5 is now available. This is a maintenance release that includes some improvements. Version 5.1.5 is the first to have been tested with WordPress 5.3.

Requires: WordPress 4.9 or higher
Tested up to: WordPress 5.3

» Download Contact Form 7 plugin from WordPress.org

Change Log

• Config Validator: New test item for the unavailable_html_elements error.
• Config Validator: New test item for the attachments_overweight error.

Receiving multiple emails with the same content from the same sender in a short period of time — I often receive support requests like this.

Although some suppose these are caused by a bug or made by spam bots, in most cases they are created by real humans. It is real well meaning people who are making multiple submissions through contact forms on their sites.

They ask me if they can make Contact Form 7 prevent such multiple submissions. Actually this is not difficult at all. You have some options to do so, such as disabling the Submit button after the first submission.

You might think that such functions should be activated by default if it is not difficult. In reality such functions are intentionally not implemented in this plugin — because it obviously leads to a terrible outcome.

Address the Root Problem.

What would make people attempt to submit multiple times? One submission is enough. Ordinary people should think so.

Let’s think about the reason from their stand-point.

People may make multiple submissions when they are uncertain if their submission has worked successfully.

For example if you get no response or reaction after clicking the submit button you may think the submission has failed, and may want to click it once more.

Let’s think about how we can eliminate the root cause instead of trying to hide surface-level issues.

If people are feeling uncertain because they see no response or reaction the root problems behind that could be:

• the Loader icon indicating progression doesn’t appear.
• the CSS stylesheet applied to the page makes the response invisible.
• the backend process takes an abnormally long time.
• etc.

If you recognize the root problem and resolve it then surface-level issues like multiple submissions will be automatically resolved.

What would happen if, however, you left the root problem and simply disabled the submit button? Users would still feel uncertain. And they would be more confused than before because now they couldn’t even click on the button.

Phenomena like multiple submissions are like taking a canary into a coal mine: they inform you that there are more severe, more fundamental problems hiding.

So don’t try to hide issues. Address the root problem behind them.

Contact Form 7 5.1.6 is now available. This is a maintenance release that includes some bug-fixes and improvements.

Requires: WordPress 4.9 or higher
Tested up to: WordPress 5.3

» Download Contact Form 7 plugin from WordPress.org

Change Log

• CSS: removes a style rule from the stylesheet that was unnecessary and conflicting with Twenty Twenty’s rules.
• REST API: retrieves the contact form ID explicitly from the route parameters.

From my long experience in helping Contact Form 7 users on the support forum I can say that the most common reason behind troubles is interference from other plugins, or with the theme which the user uses.

Some see this as an incompatibility issue between plugins, but that is not true in the precise sense. Plugin authors and theme authors don’t have to care about compatibility with a particular plugin — even if the plugin is one of the most popular ones. Authors only have to care about compliance with the best practice in WordPress plugin and theme development.

However, it is a fact that there are many plugin and theme authors who don’t care about anything. Their plugins and themes often interfere with other plugins, and can break their functionality. Many of them are commercial products, or products distributed under no proper licensing (CodeCanyon and ThemeForest are notorious as typical distributors of such poorly made products). No wonder you face problems if you use such plugins or themes.

This is the reason why you are advised to deactivate all plugins (excluding Contact Form 7), and switch your theme to the default theme at the same time. By doing this you can determine whether the trouble you face is caused by Contact Form 7 itself, is caused by one of the other plugins or is caused by the theme that you’ve just deactivated. If it turns out that the culprit is one of the latter two then by re-activating them one by one, doing the same test each time, you should be able to narrow down and eventually pin down the real culprit behind the trouble.

When we say “default theme” this refers to the official theme that has come with WordPress itself. If you use WordPress 5.3 then Twenty Twenty is the default theme. Twenty Nineteen and Twenty Seventeen are former default themes, and they are still maintained. Default themes are more reliable than other themes because they are created and maintained by expert developers.

You may worry that you might lose configuration data when switching themes. If the theme is created in the right way, and is compliant with recommended practices, then you can safely switch themes without any data loss. If not, unfortunately, there is no guarantee. In any case you are advised to make a backup of data beforehand.

There may be cases where you feel it is difficult to deactivate plugins, or to switch themes, because of reasons such as it being the client’s site and they might be unhappy if you were to do that. I appreciate the difficulty of these situations, but if the responsibility to troubleshoot lies with you then you have to do that somehow.

Many experienced webmasters, in anticipation of such cases, prepare a staging environment on which you can test changes without effecting the live production environment. Or you may want to try a plugin called Health Check & Troubleshooting. This plugin allows you to make changes to a site in such a way that the changes are only visible to you as the logged-in administrator.