Title: LW Simple Forms
Author: LHAS
Published: <strong>April 17, 2025</strong>
Last modified: April 5, 2026

---

Search plugins

![](https://ps.w.org/lw-simple-forms/assets/banner-772x250.png?rev=3275291)

![](https://ps.w.org/lw-simple-forms/assets/icon-256x256.png?rev=3275291)

# LW Simple Forms

 By [LHAS](https://profiles.wordpress.org/furao77/)

[Download](https://downloads.wordpress.org/plugin/lw-simple-forms.1.2.0.zip)

 * [Details](https://xho.wordpress.org/plugins/lw-simple-forms/#description)
 * [Reviews](https://xho.wordpress.org/plugins/lw-simple-forms/#reviews)
 *  [Installation](https://xho.wordpress.org/plugins/lw-simple-forms/#installation)
 * [Development](https://xho.wordpress.org/plugins/lw-simple-forms/#developers)

 [Support](https://wordpress.org/support/plugin/lw-simple-forms/)

## Description

LW Simple Forms is a versatile WordPress form plugin that allows you to create customizable
forms. It supports the Japanese-style workflow of a complete form submission process:

 1. Input screen – Users enter their information
 2. Confirmation screen – Users review their input before submitting
 3. Completion screen – Thank you message after successful submission

The plugin also supports a simpler one-step submission process when confirmation
is not needed.

A sample form with all supported field types is automatically created on first activation,
so you can get started right away.

**Important: Cache Plugin Compatibility**
 If you are using a caching plugin (e.
g., WP Super Cache, W3 Total Cache, WP Total Cache, LiteSpeed Cache) or a CDN (e.
g., Cloudflare), form submissions may not work correctly because cached pages do
not process POST data. Please exclude the form page URLs (input, confirmation, completion,
error) from caching.

**CSS Styling**
 This plugin does not include any frontend CSS for form display.
You are expected to style the forms using your own theme’s stylesheet. HTML/CSS 
samples are available for reference on the plugin’s website.

### Development Concept

 * **HTML-First Approach**: This plugin is designed to faithfully reproduce your
   designed HTML forms, confirmation screens, and error screens without forcing 
   you to adapt to plugin limitations. The forms conform to your design, not the
   other way around.
 * **Built for Web Professionals**: LW Simple Forms does not provide CSS or HTML
   templates for the frontend. It’s specifically created for web designers and developers
   who already have designed their form screens and need a way to implement the 
   functionality. (HTML/CSS samples are available for reference.)
 * **Minimalist Philosophy**: This plugin intentionally maintains a minimalist approach,
   focusing on core functionality rather than excessive features. We prioritize 
   site speed and minimal data usage to keep your websites running efficiently.

### Key Features

 * **Complete Form Workflow**: Create forms with input screen, error screen, confirmation
   screen, and completion screen
 * **Flexible Design**: Customize each screen with your own HTML
 * **Form Validation**: Server-side and client-side validation for each input field(
   required fields, email format, phone number validation)
 * **Email Notifications**: Send confirmation emails to both administrators and 
   users
 * **Security Features**: CSRF protection, data sanitization, input validation, 
   and secure data handling
 * **Multiple Field Types**: Support for text fields, text areas, checkboxes, radio
   buttons, select menus, and multi-select menus
 * **Shortcode Support**: Easy integration into WordPress pages via shortcodes
 * **Custom HTML**: Design your forms with complete HTML freedom
 * **Multi-Form Support**: Create and manage multiple forms on a single site
 * **Database Storage**: Form data is temporarily stored in the database rather 
   than in sessions or cookies, allowing for unlimited submission data
 * **JavaScript/No-JavaScript Support**: Forms work properly even in environments
   where JavaScript is disabled (e.g., screen readers)
 * **Field Validation**: Extensive validation system with customizable error messages
 * **reCAPTCHA v3 Support**: Optional Google reCAPTCHA v3 integration for spam protection
 * **Duplicate Submission Prevention**: PRG (Post-Redirect-Get) pattern prevents
   duplicate form submissions on page reload
 * **Security Measures**: Protection against common vulnerabilities including CSRF
   attacks and header injection

### Usage Guide

 1. Design and create the HTML for input screen, confirmation screen, and completion
    screen
 2. Register each screen as a WordPress page
 3. Create a new form from “Forms” in the WordPress admin panel
 4. Configure each section. You can configure the following:
 5.  * HTML for each screen (input, confirmation, completion)
     * URL for each screen
     * Administrator email settings
     * User email settings
     * Validation settings (required fields, email format, phone number validation)
 6. Use the “Parse HTML” button to automatically extract form fields from your input
    screen HTML
 7. Add the appropriate shortcodes to your pages
 8. Test the form operation before going live

Note: This plugin is designed to give you maximum freedom in writing form HTML, 
so you need to write the HTML for your form pages yourself. The plugin does not 
provide CSS or images for form display. HTML samples are available for reference.

### Supported Input Fields

 * `<input type="text">`
 * `<input type="tel">`
 * `<input type="email">`
 * `<input type="radio">`
 * `<input type="checkbox">`
 * `<textarea>`
 * `<select>`
 * `<select multiple>`

### Form Screen Placeholders

**Input Screen:**
 * Use `[lwsf_value_fieldname]` to display previously entered 
values * Use `[lwsf_error_fieldname]` to display validation error messages * Use`[
lwsf_send]` for the submit button

**Confirmation Screen:**
 * Use `[lwsf_confirm_fieldname]` to display submitted 
values * Use `[lwsf_back]` for the back button * Use `[lwsf_send]` for the submit
button

**Completion Screen:**
 * Use `[lwsf_field_fieldname]` to display submitted values

### Email Settings

**Available placeholders for email templates:**
 * `[lwsf_field_fieldname]` – Display
submitted form data * `[lwsf_site_admin_email]` – Display site admin email * `[lwsf_site_name]`–
Display site name * `[lwsf_site_home_url]` – Display site URL

### Additional Information

 * For items that allow multiple selections (`<input type="checkbox">`, `<select
   multiple>`), you need to add [] to the name attribute.
    Example:
    - For checkboxes: `<input type="checkbox" name="services[]" value="ServiceA"
      > Service A <input type="checkbox" name="services[]" value="ServiceB"> Service
      B`
    - For select multiple:
       `<select id="products" name="products[]" multiple size
      ="4"> <option value="ProductA">Product A</option> <option value="ProductB"
      >Product B</option> </select>
 * Works in environments where JavaScript is disabled, such as screen readers
 * The outputted source code uses entity references for security measures and stable
   operation
 * Includes Japanese language files (UTF-8 only)
 * Avoids using reserved WordPress query variable names for form fields to prevent
   conflicts
 * **PHP Compatibility**: Requires PHP 7.4 or higher. Tested on PHP 7.4 and PHP 
   8.3.

### Data Storage and Security

 * Form submissions are temporarily stored in the WordPress database (prefix_lwsf_form_data
   table)
 * Data is automatically cleaned up after 1 hour
 * All user inputs are sanitized before processing
 * CSRF protection is implemented on all form submissions
 * Email headers are validated to prevent header injection

### Why This Plugin Was Created

This plugin was created because MW WP Form, which had been used for client work 
for many years, ended development. There was a need for a form plugin with confirmation
screens that operated cleanly. The plugin was created primarily for web development
work, and we thought many web development companies might have similar needs.

### Future Implementation Plans

 * The ability to change validation error messages
 * PHP-based validation hooks that operate before and after form submission
 * Additional validation types (URL, numeric values, custom regex patterns)
 * Hooks to trigger at important timings such as just before and just after email
   sending
 * File upload handling

### Privacy Policy

This plugin stores form submission data in the WordPress database (prefix_lwsf_form_data
table) for the purpose of displaying confirmation and completion screens. Data is
automatically deleted after 1 hour.

When enabled, user email addresses may be used to send confirmation emails to form
submitters.

When reCAPTCHA v3 is enabled, form submission data (reCAPTCHA token and user’s IP
address) is sent to Google’s reCAPTCHA verification API (https://www.google.com/
recaptcha/api/siteverify) for spam detection. Please refer to [Google’s Privacy Policy](https://policies.google.com/privacy)
and [Terms of Service](https://policies.google.com/terms) for details on how Google
handles this data. No other data is shared with external services.

## Screenshots

 * [[
 * Example of an Edit Form screen.
 * [[
 * Example of an Edit Form screen in Japanese.
 * [[
 * Example of embedding the form input screen shortcode in a static page.
 * [[
 * Example of the form input screen on the front end (CSS not applied).
 * [[
 * Example of embedding the input error screen shortcode in a static page.
 * [[
 * Example of the input error screen on the front end (CSS not applied).
 * [[
 * Example of embedding the confirmation screen shortcode in a static page.
 * [[
 * Example of the form input screen on the front end (with basic CSS applied).
 * [[
 * Example of embedding the submission completion screen shortcode in a static page.
 * [[
 * Example of the submission completion screen on the front end (CSS not applied).

## Installation

 1. Upload the `lw-simple-forms` folder to the `/wp-content/plugins/` directory
 2. Activate the plugin through the ‘Plugins’ menu in WordPress
 3. Create a new form from the ‘Forms’ menu item
 4. Configure the form settings including HTML templates and email notifications
 5. Create pages for your form screens (input, confirmation, completion)
 6. Add the appropriate shortcodes to your pages:
 7.  * `[lwsf_input id="123"]` – For the input screen
     * `[lwsf_confirm id="123"]` – For the confirmation screen (optional – leave empty
       to skip confirmation)
     * `[lwsf_complete id="123"]` – For the completion screen (optional – displayed
       on the input screen URL if omitted)
     * `[lwsf_error id="123"]` – For the error screen (optional – errors are displayed
       on the input screen if omitted)

## FAQ

### How do I create a form?

Navigate to LW Simple Forms  Add New Form in your WordPress admin, configure the
form settings, and save. You’ll then need to add the appropriate shortcodes to your
pages.

### How do I set required fields?

After creating your form HTML, use the “Parse HTML” button to detect form fields
automatically. Then you can mark fields as required in the “Validation Settings”
section.

### Can I skip the confirmation screen?

Yes. Simply leave the “Confirmation Screen URL” field empty, and the form will skip
straight to completion after submission.

### How long is submission data kept in the system?

Data is temporarily stored in the database for one hour. After this period, the 
data is automatically deleted.

### Will the form work if a user has JavaScript disabled?

Yes. The plugin is designed to work both with and without JavaScript. All validations
and form processing have server-side fallbacks.

### How do I show different error messages for different validation types?

Currently, the plugin uses standard error messages. Future versions may support 
customizable validation messages.

### Can I use special characters in my forms?

Yes. The plugin properly handles special characters and different encodings, but
it’s recommended to use UTF-8 encoding.

### How do I send confirmation emails to users?

Enter a field name (usually an email field) in the “Recipient Email Address Field”
setting under “User Auto-send Email Settings”.
 e.g. If the name attribute of the
email field is set to “your-email”, you should write it as [lwsf_field_your-email].

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“LW Simple Forms” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ LHAS ](https://profiles.wordpress.org/furao77/)

“LW Simple Forms” has been translated into 1 locale. Thank you to [the translators](https://translate.wordpress.org/projects/wp-plugins/lw-simple-forms/contributors)
for their contributions.

[Translate “LW Simple Forms” into your language.](https://translate.wordpress.org/projects/wp-plugins/lw-simple-forms)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/lw-simple-forms/), 
check out the [SVN repository](https://plugins.svn.wordpress.org/lw-simple-forms/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/lw-simple-forms/)
by [RSS](https://plugins.trac.wordpress.org/log/lw-simple-forms/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.2.0

**New Features:**

 * IP-based rate limiting – Prevents the same IP address from submitting forms excessively
   within a configurable time window. Default: 5 submissions per hour. Configurable
   in Settings.
 * Honeypot field – An invisible form field that catches automated bots. Bots that
   fill all fields are silently rejected. Enabled by default, can be toggled in 
   Settings.
 * Confirmation screen enforcement – When a confirmation screen is configured, the
   server now verifies that the confirmation screen was actually displayed before
   allowing completion. Prevents bots from bypassing the confirmation step.

**Improvements:**

 * reCAPTCHA v3 score threshold increased from 0.3 to 0.5 (Google’s recommended 
   default) for better spam detection
 * New “Spam Protection” settings section in the admin panel for configuring rate
   limiting and honeypot options
 * Rate limit records are automatically cleaned up after 24 hours

**Security:**

 * Added protection against automated SQL injection scanning attacks
 * Bots that trigger the honeypot receive a fake success response to prevent detection
   of the security measure

#### 1.1.1

**New Features:**

 * Sample form with all supported field types (text, tel, email, radio, checkbox,
   textarea, select, select multiple) is automatically created on first activation
   for easy reference

**Documentation:**

 * Added cache plugin/CDN compatibility warning
 * Added CSS styling note (no frontend CSS included)
 * Marked optional shortcodes in Installation section
 * Clarified PHP version compatibility (tested on PHP 8.3)
 * Updated WordPress compatibility to 6.9

#### 1.1.0

**New Features:**

 * reCAPTCHA v3 integration – Configure Site Key and Secret Key in LW Simple Forms
   > Settings. When enabled, reCAPTCHA tokens are automatically generated and verified
   on form submission. Fails open on API communication errors to avoid blocking 
   legitimate users. Score threshold: 0.5.
 * PRG (Post-Redirect-Get) pattern for duplicate submission prevention – After form
   completion, a cookie-based session key is stored and the browser is redirected
   to a clean URL via 302 redirect. The completion screen is displayed once, and
   page reload redirects back to the input page.

**Improvements:**

 * WordPress reserved word validation now blocks saving (previously only warned)
   when form field names use reserved query variables (e.g., `name`, `p`, `s`, `
   page`). Case-sensitive comparison: `Name` is allowed, `name` is blocked.
 * Extended wp_kses allowed HTML tags to include `<form>`, `<button>`, and `<textarea
   >` with their common attributes. This ensures confirmation screen buttons and
   form elements retain their HTML attributes (e.g., class, id).
 * Frontend CSS externalized – The plugin no longer outputs inline CSS. Error messages
   and button styles should be defined in your site’s stylesheet.
 * POST data now properly handled with `wp_unslash()` to prevent double-escaping
   issues caused by WordPress `wp_magic_quotes()` (e.g., `I'm` no longer becomes`
   I\'m`).
 * Improved HTML sanitization warnings – Normalized comparison to avoid false positives
   from `wp_kses` removing trailing semicolons in style attributes. Warning messages
   now show the actual changed lines instead of a generic message.
 * Updated admin notes to clarify that style attributes are allowed (only script
   tags are blocked for security).
 * Confirmation button default label changed from “Confirm Input” to “Confirm”.

**Bug Fixes:**

 * Fixed direct submission mode (without confirmation screen) – Replaced query parameter
   approach (`?lwsf_complete=1&key=...`) which caused 404 errors due to WordPress
   interpreting query parameters. Email is now sent within the REST API call, and
   a flag is returned to JavaScript.
 * Fixed reCAPTCHA token regeneration – Tokens are now regenerated before the final
   form submission since reCAPTCHA tokens can only be used once.
 * Documented incompatibility with async-javascript plugin – The plugin adding `
   async` attribute to `lwsf.js` breaks form functionality. Workaround: exclude `
   lwsf-form-handler` in the async-javascript plugin settings.

#### 1.0.0

 * Initial release

## Meta

 *  Version **1.2.0**
 *  Last updated **6 days ago**
 *  Active installations **10+**
 *  WordPress version ** 6.0 or higher **
 *  Tested up to **6.9.4**
 *  PHP version ** 7.4 or higher **
 *  Languages
 * [English (US)](https://wordpress.org/plugins/lw-simple-forms/) and [Japanese](https://ja.wordpress.org/plugins/lw-simple-forms/).
 *  [Translate into your language](https://translate.wordpress.org/projects/wp-plugins/lw-simple-forms)
 * Tags
 * [contact](https://xho.wordpress.org/plugins/tags/contact/)[contact form](https://xho.wordpress.org/plugins/tags/contact-form/)
   [custom form](https://xho.wordpress.org/plugins/tags/custom-form/)[email](https://xho.wordpress.org/plugins/tags/email/)
   [form](https://xho.wordpress.org/plugins/tags/form/)
 *  [Advanced View](https://xho.wordpress.org/plugins/lw-simple-forms/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/lw-simple-forms/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/lw-simple-forms/reviews/)

## Contributors

 *   [ LHAS ](https://profiles.wordpress.org/furao77/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/lw-simple-forms/)