SOBIFORMS
Plugin v1.6.0
Features
Full product reference—or switch to marketing mode for the short pitch.
Forms & management
| Feature | Description |
|---|---|
| Multiple forms | Run as many forms as you need from one plugin. Create, edit, duplicate, and delete forms without touching code. |
| Admin title + fixed slug | Give each form a clear admin name and a URL-safe slug. The slug is locked after creation so shortcodes and embeds never break when you rename the title. |
| List search | Find forms quickly in the admin list by searching the title, slug, or notification recipient email. |
| Submit button label | Customize the submit button text per form—"Send", "Request a quote", "Subscribe", and so on. |
| AJAX save | Save builder changes instantly without a full page reload. Keyboard shortcut: ⌘/Ctrl+S. |
| Default form | Mark one form as the site default so the shortcode or Gutenberg block can render it without an id or slug. |
Builder
Layout & editing
| Feature | Description |
|---|---|
| Document-first canvas | Build forms in a focused canvas on the left while field and form settings stay in a sidebar on the right—similar to editing a document, not clicking through nested admin tabs. |
| Add & reorder fields | Add fields from a picker, then drag and drop to reorder. Powered by @dnd-kit for smooth, predictable sorting. |
| Field menu (⚙) | Open a compact menu on any field to mark it required, delete or duplicate it, or switch its type without starting over. |
| Settings sections | Sidebar settings are grouped into collapsible sections with a light animation so you can focus on one area at a time. |
| Lucide icons | Consistent Lucide iconography across the builder and submissions inbox for a cleaner, more modern admin UI. |
| Sidebar inputs | All sidebar controls share unified styling. Discreet inline hints warn you when a setting needs attention (e.g. email enabled but no recipient). |
| Select fields | Dropdown fields show a chevron indicator so visitors immediately recognise them as select inputs. |
| Embed overlay | Copy the shortcode or follow Gutenberg block instructions from a built-in overlay—no hunting through docs while you build. |
Field types
| Feature | Description |
|---|---|
| Text & links | Collect short text, email addresses, URLs, and long-form messages with dedicated field types and appropriate validation. |
| Numbers | Phone and number fields with optional min/max limits—useful for quantities, budgets, or formatted phone input. |
| Choices | Dropdowns, visual radio tiles, and checkboxes—including multi-select options or a simple consent checkbox. |
| File upload | Let visitors attach one file per field. Ideal for CVs, briefs, or supporting documents. |
Layout blocks
| Feature | Description |
|---|---|
| Title block | Add section headings inside the form to structure longer flows. Display-only—not submitted with the entry. |
| Paragraph block | Insert instructions, disclaimers, or helper text between fields. Display-only—not submitted with the entry. |
Per-field options
| Feature | Description |
|---|---|
| Label visibility | Show or hide the field label on the front-end—handy when the placeholder or surrounding copy is enough context. |
| Number limits | Set minimum and maximum values on number fields to prevent out-of-range submissions. |
| Text / email limits | Enforce minimum and maximum character counts on text and email fields for cleaner, more predictable data. |
| Textarea | Allow visitors to resize the textarea and cap its length so long messages stay within your limits. |
| Choice options | Edit select, radio, and checkbox options inline on the canvas or from the field settings menu. |
| File field | Restrict allowed file extensions via a searchable multi-select and set a max file size (default 5 MB, capped by your server limits). |
Prefill & hidden data
| Feature | Description |
|---|---|
| URL prefill | Pre-populate scalar fields from URL query parameters on the client—useful for campaign links and still friendly to page caching. |
| Hidden fields | Capture UTM tags, referral codes, or internal IDs invisibly on the front-end. Configure label, URL param, and optional default in a sidebar table. Always submitted; visible in the inbox and notification emails. |
Per-form settings
Availability
| Feature | Description |
|---|---|
| Pause | Stop accepting submissions immediately—useful for sold-out offers, maintenance, or manual review periods. |
| Auto-close | Schedule an automatic close date and time using your WordPress site timezone. The form stops accepting entries when the deadline hits. |
| Submission limit | Cap total submissions (e.g. 100 spots). Shows progress as N / max with no automatic reset—ideal for limited registrations. |
| Unavailable message | Show visitors a custom message when the form is paused, closed, or full instead of a generic error. |
Storage
| Feature | Description |
|---|---|
| Database save | Store submissions in the built-in inbox. Enabled by default on new forms so you always have a backup beyond email. |
| File fields | Forms with file uploads must save to the database so attachments can be stored and retrieved securely in the inbox. |
| Auto-purge | Automatically delete old submissions after a set number of days to limit data retention and support privacy compliance. Configured per form. |
Notifications
| Feature | Description |
|---|---|
| Admin email | Send HTML notification emails to one or more team members (up to 10 recipients) when a new submission arrives. |
| Visitor confirmation | Optionally send a simple thank-you email to the visitor using a designated email field on the form. |
| Config warnings | Inline hints in the builder when email notifications are enabled but recipients or a target email field are missing. |
After submit
| Feature | Description |
|---|---|
| Success handling | Thank visitors with an inline success message on the same page, or redirect them to any published WordPress page. |
Webhooks
| Feature | Description |
|---|---|
| Per-form URL | When the Webhooks app is enabled, set a destination URL and toggle delivery per form directly in the builder sidebar. |
| Global pause | Pause all webhook delivery site-wide from Apps → Webhooks without deleting your configuration. |
Advanced
| Feature | Description |
|---|---|
| Custom error message | Replace the default submission error text with your own copy—useful for brand voice or clearer next steps. |
Embed & integration
| Feature | Description |
|---|---|
| Shortcode | Embed any form with `[sobiforms id="3"]` or `[sobiforms slug="contact"]`. Use id or slug—whichever fits your workflow. |
| Gutenberg block | Drop in the Sobi Forms Contact block and pick a form visually—no shortcode memorisation required. |
| Page builders | Works anywhere shortcodes work: Elementor, Divi, classic widgets, and other builder plugins. |
Visitor experience
| Feature | Description |
|---|---|
| AJAX submit | Visitors submit without a full page reload—faster, smoother, and less disruptive to the browsing experience. |
| Validation | Instant HTML5 checks in the browser, then strict server-side JSON schema validation so bad data never reaches your inbox. |
| Nonce loading | Security tokens load on hover or focus so cached pages stay fast while submissions remain protected. |
| Closed form | When a form is paused or past its deadline, visitors see your custom unavailable message instead of the form. |
| Choice UI | Radio options render as visual tiles; checkboxes support multi-select lists or a single consent checkbox. |
| Front-end CSS | Ships with minimal, neutral styles. Developers can disable plugin CSS entirely via the `sobiforms_enqueue_front_assets` filter. |
| JavaScript | Vanilla JS on the public site—no React, no jQuery. Keeps the front-end footprint small and predictable. |
| Asset loading | CSS and JS load only on pages that actually render a form. Every other page on your site stays untouched. |
Inbox & submissions
Layout & navigation
| Feature | Description |
|---|---|
| Split view | Browse submissions in a list on the left and read the full entry on the right—like Gmail or Linear. Columns are resizable. |
| Views | Switch between All, Unread, and Starred tabs. Spam has its own top-level view for quick triage. |
| Per-form filter | Narrow the inbox to a single form with a compact dropdown—handy on sites running many forms. |
| Search | Full-text search across submission content so you can find a lead without scrolling. |
| Pagination | Loads 50 submissions per page to keep the admin fast even with large volumes. |
| Admin badge | An unread count on the Sobi Forms admin menu so new submissions are hard to miss. |
Submission detail
| Feature | Description |
|---|---|
| Field data | See every submitted field plus metadata such as date received and which form it came from. |
| Source page | Records the page title and pathname at the moment of submission (query strings excluded—use hidden fields for UTM tracking). |
| Legacy submissions | Older entries submitted before source-page tracking show “Not recorded” instead of leaving a blank. |
| Admin note | Add private team notes on any submission. Never shown on the front-end or in notification emails. |
| File attachments | View the uploaded filename and download the file from the inbox—admin-only, capability-checked. |
Workflow
| Feature | Description |
|---|---|
| Status | Mark submissions read or unread, star important leads, and move spam into a dedicated queue. |
| Auto-read | Opening a submission automatically marks it as read so your unread count stays accurate. |
| Row checkbox | The row checkbox auto-selects when you open a submission, making bulk actions faster. |
| Checkboxes UI | Custom Lucide checkboxes replace native browser checkmarks for a consistent admin look. |
| Mark all as read | Clear your entire unread queue in one click when you have caught up. |
| Bulk actions | Select multiple submissions and mark read, mark spam, delete, or run other batch actions. |
| Dashboard widget | A WordPress dashboard widget surfaces recent unread submissions as soon as you log in. |
Email & delivery
| Feature | Description |
|---|---|
| Admin notification | Send formatted HTML emails to your team when a submission arrives. Uses WordPress wp_mail() by default, or your SMTP app when enabled. |
| Recipients | Route notifications to up to 10 email addresses per form—sales, support, and ops can all stay in the loop. |
| File fields in email | Emails include the filename and a link back to the inbox rather than attaching files directly—safer for deliverability. |
| Visitor confirmation | Send visitors a simple thank-you email confirming their message was received. Does not repeat submitted field contents. |
| Sender | Emails are sent using your site name as the sender—not the generic “WordPress” label. |
| Reply-To | When the form includes an email field, replies go straight to the visitor so you can continue the conversation in your inbox. |
| Delivery modes | Choose email only, inbox only, or both per form—depending on whether you want alerts, a database record, or redundancy. |
Apps & integrations
Sobi Forms → Apps — nothing enabled by default.
SMTP Email (free)
| Feature | Description |
|---|---|
| SMTP account | Connect one SMTP provider per site so form emails are delivered through your own mail server instead of default hosting mail. |
| Testing | Run a connection test and send a test email from the admin before going live. |
| Credentials | Passwords are stored encrypted. Optionally define SOBIFORMS_SMTP_PASSWORD in wp-config.php for extra control. |
| Fallback | Disable the app to fall back to wp_mail() instantly—your SMTP credentials stay saved for later. |
| Configuration | SMTP is configured under Apps only, keeping delivery settings separate from general plugin resources. |
Webhooks (free)
| Feature | Description |
|---|---|
| Per-form setup | Set a webhook URL and enable delivery per form from the builder sidebar once the app is active. |
| Overview | Manage all webhook endpoints and pause delivery globally from Apps → Webhooks. |
| Payload | Sends a versioned JSON payload. Uploaded files are referenced as { id: null, name, url, mime_type }. |
| Spam handling | Webhooks do not fire on spam ingest. They fire once when a submission is marked as not spam. |
| Delivery | Delivered asynchronously via WP-Cron so form submissions stay fast for visitors. |
| v1 limits | No replay queue or custom payload editing in v1—planned for a future Webhooks Advanced tier. |
Apps shell
| Feature | Description |
|---|---|
| Empty state | When no apps are enabled, you see an app store-style screen to discover available integrations. |
| Active apps | Once apps are enabled, the UI switches to an inbox-style split view with a Discover tab for inactive apps. |
Planned (roadmap)
| Feature | Description |
|---|---|
| Multi-page forms | Break long forms into steps with page_break fields—on the internal roadmap. |
| Conditional logic | Show or hide fields based on previous answers—planned for a future release. |
| Templates | Start from pre-built form templates instead of a blank canvas—planned. |
| CRM connectors | Push submissions to tools like Brevo or Mailchimp—planned integrations. |
| AI form builder | Generate forms from a prompt—on the long-term roadmap. |
Anti-spam & security
| Feature | Description |
|---|---|
| Honeypot | A hidden trap field catches bots without showing visitors an ugly CAPTCHA. |
| WordPress nonce | Every submission is verified with a WordPress security token to block forged requests. |
| Rate limiting | Limits each visitor to 5 submissions per hour per hashed IP to prevent abuse and server overload. |
| Server validation | All data is validated against a strict JSON schema on the server—client-side checks alone are not enough. |
| File uploads | Server-side MIME checks, getimagesize() for images (SVG excluded), and a blocklist of dangerous extensions. |
| Private storage | Uploads live in uploads/sobiforms/ with .htaccess deny-all on Apache so files are not publicly browsable. |
| File download | Only logged-in admins with the right capability can download files, with path verification on every request. |
| Akismet (optional) | When enabled, suspected spam is quarantined in the inbox with no admin email and a discreet success message for the visitor. |
| Admin actions | Every admin action checks user capabilities and WordPress nonces before anything changes. |
| POST guard | Checks post_max_size before nonce validation on empty POST bodies with a content-length header—clearer errors on large uploads. |
Data & privacy
| Feature | Description |
|---|---|
| Custom tables | Form and submission data live in dedicated database tables—not scattered across wp_postmeta or wp_options. |
| IP storage | Visitor IPs are stored as SHA-256 hashes only. Raw IP addresses are never saved. |
| Admin notes | Internal team notes stay inside the inbox. They are never exposed on the front-end or included in emails. |
| Retention | Automatically delete old submissions after a set period to support privacy frameworks like GDPR. Configured per form; manual purge also available. |
| Telemetry | No usage data is sent back to the plugin author. Your submissions stay on your server. |
| Akismet | Submission content is sent to Akismet only when you explicitly enable the integration. |
Performance
| Feature | Description |
|---|---|
| Front-end weight | About 3.7 KB of gzipped JS and CSS on pages that render a form—light enough to protect Core Web Vitals. |
| Script loading | Scripts load in the footer with defer on WordPress 6.3+ so they do not block page rendering. |
| Conditional enqueue | Assets load only when the first form on a page is rendered—not site-wide. |
| Early enqueue | On singular posts, assets can load earlier when a shortcode or block is detected—reducing flash of unstyled content. |
| Object cache | Form definitions are cached to avoid repeated database reads on every page view. |
| Inbox queries | Tab counts use aggregate queries; list rows skip the heavy data column until you open a submission. |
| Builder admin | The React builder (~27 KB gzipped) loads only on the form edit screen—never on the public site. |
Admin & resources
| Feature | Description |
|---|---|
| Admin menu | Submissions, Forms, Apps, and Resources are organised in a clear top-level menu. |
| Resources → Usage | Shortcode and block documentation plus the global Akismet toggle live in one place. |
| Resources → Feedback | Quick links to the WordPress.org support forum, public roadmap, and review page. |
| Requirements | Requires WordPress 6.0 or newer and PHP 7.4 or newer. |
Key messages
| Angle | Line |
|---|---|
| Performance | Zero impact on pages without a form; ~3.7 KB gzipped when a form is shown. |
| Workflow | Gmail-style inbox + dashboard widget — never miss a lead. |
| Simplicity | Modern builder without bloat; shortcode or block everywhere. |
| Pro | Visitor confirmation, emails from your site name, Akismet spam quarantine. |
| vs heavy plugins | No React on the front, no forced reCAPTCHA, no pricing tiers (yet). |
Core Features & Form Builder
| Feature | Description |
|---|---|
| Blazing Fast React Builder | Zero-reload canvas, drag-and-drop, ⌘/Ctrl+S, instant AJAX saving. |
| Smart Form Scheduling | Pause manually or auto open/close with custom unavailable messages. |
| Flexible Embeds | Gutenberg block, id/slug shortcodes, Elementor, Divi, Bricks. |
| Field types + layout blocks | 11 input types, title/paragraph blocks, file upload, hidden fields, URL prefill. |
Submission Inbox
| Feature | Description |
|---|---|
| SaaS-grade split view | List + detail with resizable columns — like Gmail or Linear. |
| Instant triage | All / Unread / Starred / Spam, search, per-form filter. |
| Admin notes & source page | Private annotations and frozen page context per submission. |
| Dashboard widget | Unread badge on admin menu + home screen widget. |
Security & Privacy
| Feature | Description |
|---|---|
| Silent anti-spam | Honeypot, nonces, rate limits, optional Akismet quarantine. |
| Privacy by design | Hashed IPs, custom tables, no telemetry, configurable purge. |
| File uploads | Validated, private storage, admin-only downloads. |
Email, Apps & Delivery
| Feature | Description |
|---|---|
| Pro-grade emails | Up to 10 recipients, Reply-To, visitor receipts, site-name sender. |
| SMTP app | Optional SMTP delivery with test tools. |
| Webhooks app | Versioned JSON payloads, per-form URLs, async delivery. |
| Hybrid modes | Email only, inbox only, or both. |
