Search Over 30,000 FREE Plugins from the Official WordPress Plugin Directory Repository

Fast Secure Contact Form

An easy and powerful form builder that lets your visitors send you email. Blocks all automated spammers. No templates to mess with.

Easily create and add forms to WordPress. Fields are easy to add, remove, and re-order. The contact form will let the user send emails to a site's admin, and also send a meeting request to talk over phone or video.

Features: easy form edit, multiple forms, confirmation emails, no templates to mess with, and an option to redirect visitors to any URL after the message is sent. Includes Google reCAPTCHA and Akismet support to block spammers. Spam is no longer a problem. You can add extra fields of any type: text, textarea, checkbox, checkbox-multiple, radio, select, select-multiple, attachment, date, time, hidden, password, and fieldset.

Help Keep This Plugin Free

If you find this plugin useful to you, please consider making a donation to help contribute to my time invested and to further development. Thanks for your kind support! - Mike Challis

  • All new improved 4.xx version code base.
  • New user interface with tabs.
  • New 'Fields' tab where you can re-order the display sequence of all the fields via a drag and drop interface.
  • Forms are easy to add, remove, label, and edit and preview. Add as many as you need.
  • Comes with standard fields of (Name, Email, Subject, Message). Any of the standard fields can be disabled.
  • Fields are easy to add, remove, and re-order.
  • Add extra fields of any type: text, textarea, checkbox, checkbox-multiple, radio, select, select-multiple, attachment, date, time, hidden, password, fieldset(box). See FAQ
  • File attachments are supported, see here for details:
  • Backup/restore tool. You can backup/restore all your forms or single forms and settings.See FAQ
  • Easy to hide subject and message fields for use as a newsletter signup.
  • Send mail to single or multiple contacts.
  • Optional - redirect to any URL after message sent.
  • Optional - posted data can be sent as a query string on the redirect URL. See faq
  • Optional - confirmation email message.See FAQ
  • Valid coding for HTML, XHTML, HTML STRICT, Section 508, and WAI Accessibility.
  • Reloads form data and warns user if user forgets to fill out a field.
  • CAPTCHA can be turned off or hidden from logged in users and or admins.
  • Auto form fill for logged in users.
  • Customizable form field labels.
  • Customizable CSS style.
  • New PHP Sessions are no longer enabled by default allowing for best compatibility with servers, caching, themes, and other plugins. This should resolve any PHP sessions related issues some users had.
  • New added filter hooks for 3rd party plugins and custom modifications.
  • New improved validation of time fields.
  • New improved CAPTCHA images.
  • New improved select options setting.
  • New more optimized HTML indents when view source, added ID tags to form elements.
  • New setting on the Advanced tab to enable a "view / print message" button after message sent. This feature will be skipped if the "redirect after the message sends" is also enabled.
  • New Default CSS style for 'labels on top' is now responsive(note:your theme style has to be responsive also).
  • New improved Styles tab with internal or external CSS Style feature, you choose what you want.
  • New easier to use field labels, tags, and field options. You no longer have to escape comas in form labels and options.
  • New feature: for select, radio, checbox-miltiple, select-multiple field types: If you add options as a key==value set (use == to separate) the value will show on the form and the key will show in the email.
  • New field Setting: "Hide label" check this setting if you want to hide the field label on the form.
  • New field setting: "Default as placeholder" Check this setting if you want the default text to be a placeholder inside the form field. The placeholder is a short hint that is displayed in the input field before the user enters a value. Works with the following input types only: name, email, subject, message, text, textarea, url, and password.
  • New tags capability for fields.
  • New 'Reset Form' button to Tools tab.
  • New 'Delete Form' function to Tools tab.
  • New 'Reset Styles on all forms' button to the Tools tab.
  • New setting to skip names of non-required and unfilled-out fields in emails.
  • Sends Email with UTF-8 character encoding for US and International character support.
  • Pre-fill in form fields from a URL query string. See FAQ
  • Save emails to the WordPress database, or export to CSV or Excel. See FAQ
  • I18n language translation support. See FAQ
Online Scheduling, Appointment Booking and Free Invoicing via vCita:
  • Add an online scheduling button to your form, or at the bottom of every page
  • Display your up-to-date availability on your website, based on your existing calendar (Google, Outlook, etc)
  • Invite leads and clients to schedule a phone call, book an appointment or request a service
  • Automated confirmations and reminders will be sent to your clients, including meeting details (time, location or phone number)
  • Scheduled appointments will be added to your calendar
  • Built-in phone conference service, and easy integration with Skype, Google Hangout, and other online meetings.
  • Collect payments online before the appointment or invoice and bill your clients for your time and services
  • Learn more about vCita Online Scheduling Software
  • Akismet spam protection support.
  • Spam checks: prevents spammer forcing to:, cc:, bcc:, newlines, and other email injection attempts to spam the world.
  • Checks that the form was posted from your blog domain name only.
  • Secure input sanitization and validation.
  • Email message footer shows blog username(if logged on), Date/Time timestamp, IP address, and user agent (browser version) of user who contacted you.
CAPTCHA Image Support:
  • Uses Google reCAPTCHA or a custom version of Secure Image CAPTCHA branched from the library by
  • CAPTCHA can be enabled or disabled on the 'Security' tab.
  • Works with Wordpress 3.4.2+ and WPMU (Wordpress 4+ is highly recommended)
  • PHP5
Author Mike Challis, Ken Carlson
Contributors mikechallis
Tags Akismet, captcha, contact, contact form, email, form, mail, multilingual, spam
  1. si-contact-form screenshot 1

    screenshot-1.gif is the contact form.

  2. si-contact-form screenshot 2

    screenshot-2.gif is the contact form showing the inline error messages.

  3. si-contact-form screenshot 3

    screenshot-3.gif is the Contact Form options tab on the Admin Plugins page.

  4. si-contact-form screenshot 4

    screenshot-4.gif adding the shortcode [si-contact-form form='1'] in a Page.

  5. si-contact-form screenshot 5

    screenshot-5.png Schedule an appointment feature.

  1. Install automatically through the Plugins, Add New menu in WordPress, or upload the si-contact-form folder to the /wp-content/plugins/ directory.

  2. Activate the plugin through the Plugins menu in WordPress. On the Admin screen use the Plugins side menu to select FS Contact Form to configure the forms.

  3. You must add this shortcode [si-contact-form form='1'] in a Page, Post, or Text Widget. You can find this shortcode on the Basic Settings tab of any form. Here is how to add the shortcode: Log into your blog admin dashboard. Click Pages, click Add New, add a title to your page, enter the shortcode [si-contact-form form='1'] in the page. Uncheck Allow Comments, then click Publish.

  4. Test an email from your form.

  5. Updates are automatic. Click on "Upgrade Automatically" if prompted from the admin menu. If you ever have to manually upgrade, simply deactivate, uninstall, and repeat the installation steps with the new version.

For best mail delivery results, be sure to properly configure the email settings on the Basic Settings tab:

Read the following instructions and watch the YouTube video below:

Set the "Return-path address" setting to a real email address on the SAME domain as your web site. This step really is ALWAYS necessary so mail is properly identified as originating from your server. For best results the "Email To" and the "Return-path address" should ALWAYS be separate REAL email addresses on the SAME DOMAIN as your web site (don't skip this important step!).

Some people will like to set the "Email To" to a,, or some other webmail address (if that is what you want, go ahead and try it), but the "Return-path address" should ALWAYS be set to a real email addresses on the SAME DOMAIN as your web site. If you try a webmail address and your mail is not sending, try changing the "Email to" address to a REAL email addresses on the SAME DOMAIN as your web site. You can still deliver it to your webmail address by forwarding the email from a setting in your hosting control panel, or configuring your webmail to fetch a mail account.

Next step, check this setting box: Enable when web host requires "Mail From" strictly tied to site (don't skip this important step!).

Click "Save Changes", then test your form's mail delivery by sending a message from the form on your page. When testing your form on your page, do not fill out the email field with the same email address as the "Email To" or "Return-path address". Use a different email address because some server's security settings do not allow email to send from/to the same address.

If you have other forms in use, be sure to repeat these settings for each form.

Now your email is properly configured for best delivery. Your form Email should now be DMARC compliant for users who submit your form with yahoo, aol, comcast, or any other provider who now requires DMARC compliance.

The email you receive will appear to be from your site email address, but because the email header "Reply-to" is set as the form user's email address. You should be able to just hit reply and send email back to the real sender. Also you should see the sender's email address in the message content. So it is still possible to send mail to that address if the "Reply-to" is somehow ignored by your email program.

I just installed this and do not get any email from it, what could be wrong?

Follow the instructions above, but if you still need help...

See the FAQ page: How to troubleshoot mail delivery


  • (12 Feb 2017) - Remove ini_get booleen test to check if safe_mode may be on or off. Older PHP versions that use safe mode are unsupported now anyways.
  • Update Mike's plugin links


  • (04 Feb 2017) - Fix compatible with my soon to be released Fast Secure reCAPTCHA plugin.


  • (03 Feb 2017) - Make compatible with my soon to be released Fast Secure reCAPTCHA plugin.
  • Move settings link from the Plugins menu to the Settings menu.
  • Fix some strings that could not be internationalized (a few more to will be fixed soon).
  • Improve the reCAPTCHA functions, HTML, and settings.


  • (20 Jan 2017) - Added Google reCAPTCHA. By default, the original Secure Image CAPTCHA is enabled, but you can enable Google reCAPTCHA if you want. Just go to the form edit page Security tab - CAPTCHA Settings. Check the setting "Enable reCAPTCHA", enter your Google reCAPTCHA keys for the site. Included is a link to get new free keys. Some users have reported a recent increase of spam on their forms, if you are having this problem, I suggest enabling Google reCAPTCHA. Fast Secure Contact Form reCAPTHCA usage


  • (03 Jan 2017) - Apply similar patch to CVE 2016 10033 and CVE 2016 10045 vulnerabilities.


  • (22 Oct 2016) - Change alternative text "CAPTCHA image" and "Refresh image" to "CAPTCHA" and "Refresh".
  • 500 Internal Server error is now fixed on the Newsletter tab


  • (23 Jun 2016) - Fix: wp_get_current_user error after wordpress 4.5.


  • (18 Jun 2016) - Fix: syntax error on password field.
  • added autocomplete=off to CAPTCHA field.
  • fix: removed stray ampersand on end of redirect url.


  • (13 Feb 2016) - Fix: PHP Fatal error: Class 'securimage_ctf' not found.


  • (12 Feb 2016) - Fix: Captcha did not show on some PHP7 installations
  • Fix: W3C validation Error with the attachment field.


  • (01 Jan 2016) - Fix: The sender's location was no longer being shown in emails when you upgraded Visitor Maps and Who's Online to version
  • updated vCita code for recent API changes.
  • removed advertisements.
  • updated the Swedish translation


  • (07 Sep 2015) - Fix: There are five form settings fields where unfiltered HTML is allowed by form Administrators by design. The problem fixed was that the setting DISALLOW_UNFILTERED_HTML was not being checked before allowing HTML. This issue was reported by Sathish from Cyber Security Works Pvt Ltd.


  • (25 May 2015) - fixed bug: redirect url encoding.
  • fixed bug: the auto form fill feature will now automatically make the name and email form fields readonly when the feature is enabled to auto fill the logged on user's name and email. Non-logged in users can still edit those fields to enter their own name and email. Note: administrator is ignored, always has to fill in the fields.
  • fixed bug: placeholder was not working on password field type.
  • added filter to modify autoresponder subject. This is useful for adding a ticket number.


  • (02 May 2015) - Fixed possible xss vulnerability with add_query_arg(), remove_query_arg() and esc_url() usage.
  • Improved timezone compliance with WP standards.


  • (03 Apr 2015) - added a new filter hook to allow modifying the $user_info array. The user info is displayed at the end of the email
  • changed the default CSS for Radio and Checkbox field inputs to comply with google webmaster tools mobile friendly test. The tap targets were too close for radio and checkbox fields on mobile devices. CSS changes made in an update will only change the defaults for new forms you add, not any existing ones. This is to respect any settings you might have made yourself on the forms you have now.

Please adjust these settings manually on any existing forms with radio or checkbox fields: Edit each of your forms on the form edit page, click on the Styles tab Change these two settings, like so: Input checkbox fields: width:22px; height:32px; Input radio fields: width:22px; height:32px;

Click the Save Changes button, repeat for your other forms. The defaults settings were: width:13px;


  • (17 Feb 2015) - fixed fscf_init_languages priority
  • fixed a print array was left active during silent send
  • updated turkish language file

Fast Secure Contact Form - WordPress changelog archive

See the official FAQ at

I just installed this and do not get any email from it, what could be wrong?

See FAQ page: How to troubleshoot email delivery

If I upgrade from version 3.xx, will my forms and settings be lost?

No, it will automatic import of settings from versions 2.5.6 up to 3.xx. As long as you do not use the delete button when deactivating the plugin. You can and should make a backup of your forms.

I upgraded from version 3.xx, to 4.xx and my forms and settings did not import

The forms should have imported. In some rare cases, they don't import. Sorry for any inconvenience. Update to the latest version, click the button on the Tools tab "Import forms from 3.xx version".

More help is on this help page: I upgraded to 4.xx version and my forms did not import

What happens during upgrade from 3.xx, where are the settings stored?

The upgrade is run automatically only once after installing or upgrading the 4.xx version over a 3.xx versions. The 4.xx version uses different wp options settings than 3.xx The options settings are rows in the wp_options database table.

4.xx wp_options: fs_contact_global, fs_contact_form1, fs_contact_form2, fs_contact_form3,

3.xx wp_options: si_contact_gb, si_contact_form, si_contact_form2, si_contact_form3, si_contact_form4,

During 4.xx install, the installation looks to see if 4.xx options are not present(first time install), and if 3.xx options are present(3.xx was installed previously), if it passes both those tests, then it runs the import code in class-fscf-import.php

How do I backup or restore my forms?

On the Tools settings tab is a backup / restore tool. The backup / restore feature can be used for backups or as a site to site transfer. You can back up ALL forms and transfer ALL forms to the same or new site using the restore feature. Or you can back up individual forms and restore them to the the same or new site replacing any one form selected during the restore. Please consider that restoring one form or ALL forms makes permanent replacements to the forms already on the site you restore them to. Read more about backups

Is this plugin available in other languages?

Yes. To use a translated version, you need to obtain or make the language file for it. At this point it would be useful to read Installing WordPress in Your Language from the Codex. You will need an .mo file for this plugin that corresponds with the "WPLANG" setting in your wp-config.php file. Translations are listed below -- if a translation for your language is available, all you need to do is place it in the /wp-content/plugins/si-contact-form/languages directory of your WordPress installation. If one is not available, and you also speak good English, please consider doing a translation yourself (see the next question).

The following translations are included:


  • Albanian (sq_AL) - Romeo Shuka
  • Arabic (ar) - Jasmine Hassan
  • Bulgarian (bg_BG) - Dimitar Atanasov
  • Chinese (zh_CN) - Awu
  • Danish (da_DK) - GeorgWP
  • Farsi (Persian)(fa_IR) Ramin Firooz
  • Finnish (fi) - Mikko Vahatalo
  • French (fr_FR) - Pierre Sudarovich
  • German (de_DE) - Sebastian Kreideweiss
  • Greek (el) - Ioannis
  • Hebrew, Israel (he_IL) - Asaf Chertkoff FreeAllWeb GUILD
  • Hungarian (hu_HU) - Jozsef Burgyan
  • Italian (it_IT) - Gianni Diurno
  • Japanese (ja) - Ichiro Kozuka
  • Norwegian Bokmal (nb_NO) - Tore Johnny Bratveit
  • Polish (pl_PL) - Pawel Mezyk
  • Portuguese (pt_PT) - AJBFerreira Blog
  • Portuguese Brazil (pt_BR) - Rui Alao
  • Romanian (ro_RO) - Anunturi Jibo
  • Russian (ru_RU) - Iflexion
  • Spanish (es_ES) - Manuel
  • Swedish (sv_SE) - Elger Lindgren
  • Traditional Chinese, Taiwan (zh_TW) - Cjh
  • Turkish (tr_TR) - Tolga
  • Ukrainian (uk_UA) - Wordpress Ua
  • More are needed... Please help translate.

Can I provide a translation?

Yes! How to translate Fast Secure Contact Form for WordPress

Is it possible to update the translation files for newest version?

How to update a translation of Fast Secure Contact Form for WordPress

For more help... See the official FAQ at

What is the "Schedule an appointment" button on my contact form?

You can extend your contact form to let your users to schedule appointments based on your availability. Learn more about Why should I add Online Scheduling to my website

You can enable or disable this option in the "Scheduling" tab of your contact form plugin settings page.

If you have additional questions visit vCita Support Page


Version 4.0.49

Requires WordPress version: 3.4.2 or higher

Compatible up to: 4.7.2

Last Updated 12 Feb 2017

Date Added: 27 Aug 2009

Plugin Homepage


4.7 stars
543 ratings


Not Enough Data

Works: 0
Broken: 0