Each form has its own settings accessible from the Settings tab when editing a form. These control how the form behaves after submission, what fields are validated, and more.
Save Submissions
Setting: save_submissions
Default: Enabled
When enabled, every form submission is saved to the wp_cf_submissions database table. You can view and manage submissions from the Submissions tab on the form edit screen.
Disabling this means submissions are only processed through form actions (email, webhooks, etc.) but are not stored in the database. The Submissions tab will not appear for forms with this setting disabled.
Hide Form After Success
Setting: hide_after_success
Default: Disabled
When enabled, the form is hidden after a successful submission and only the success message is displayed. This prevents users from submitting the form again without refreshing the page.
Redirect URL
Setting: redirect_url
Default: Empty (no redirect)
If set, the user is redirected to this URL after a successful submission instead of seeing the success message. The redirect URL supports data variables, so you can pass submission data in the URL:
https://example.com/thank-you/?name=[name]&email=[email]The redirect URL can be filtered using cf_form_redirect_url.
Required Fields
Setting: required_fields
Default: Empty
A comma-separated list of field names that must be filled in before the form can be submitted. If any required field is empty, the form returns the required_field_missing error message.
Example: name, email, message
The validation checks that the value is not empty. For arrays (like checkbox groups), it checks that at least one option is selected.
Email Validation Fields
Setting: email_fields
Default: Empty
A comma-separated list of field names that should contain valid email addresses. If a non-empty value in one of these fields is not a valid email, the form returns the invalid_email error message.
Example: email, secondary_email
Empty values pass validation since the field may be optional. Combine with required fields to enforce both presence and format.
Enable Nonce Verification
Setting: enable_nonce (global setting)
Default: Disabled
This is a global setting, not a per-form setting. When enabled, all forms include a WordPress nonce for CSRF protection. Forms submitted with an expired or missing nonce will be rejected.
Note: Enabling nonces can cause issues with page caching, since nonce values expire and cached pages may serve stale nonces.
Enable Math CAPTCHA
Setting: enable_math_captcha
Default: Disabled
Adds a simple math problem (like “12 + 8 = ?”) to the form that users must solve before submitting. This is a lightweight, no-external-service-required spam protection method. See the Spam Protection chapter for details.
Enable reCAPTCHA
Setting: enable_recaptcha
Default: Disabled
Enables Google reCAPTCHA v3 for the form. Requires site key and secret key to be configured in global settings. See the Spam Protection chapter for details.
Enable Turnstile
Setting: enable_turnstile
Default: Disabled
Enables Cloudflare Turnstile for the form. Requires site key and secret key to be configured in global settings. See the Spam Protection chapter for details.
Custom CSS
Setting: custom_css
Default: Empty
CSS rules applied to this specific form. The CSS is automatically scoped to .cf-form-{ID}, so you only need to write the property declarations:
max-width: 600px;
padding: 20px;
background: #f9f9f9;Custom JavaScript
Setting: custom_js
Default: Empty
JavaScript that runs when the form loads. The code executes inside a closure with access to the form DOM element:
form.querySelector('[name="date"]').valueAsDate = new Date();Default Settings Filter
All default form settings can be modified using the cf_form_default_settings filter. Extensions use this to register their own settings:
add_filter( 'cf_form_default_settings', function( $settings ) {
$settings['my_custom_setting'] = 'default_value';
return $settings;
} );