=== Mailfix Contact Forms ===
Contributors: mailfix
Tags: contact form, form builder, ajax form, email notifications, antispam
Requires at least: 6.2
Tested up to: 7.0
Requires PHP: 7.4
Stable tag: 1.1.45
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Secure contact form with a visual form builder, AJAX submissions, stored messages, email notifications, mail logs, SMTP settings, and CSV export.

== Description ==

Mailfix Contact Forms adds a WordPress-native contact form builder with saved submissions, notification emails, spam protection, and a clear admin workflow.

Main features:

* Form field builder with live appearance preview.
* AJAX form submissions.
* Gutenberg block for inserting forms.
* Stored messages with unread/read, archive, and trash views.
* Admin email notifications and optional thank-you emails.
* GDPR/privacy consent checkbox with editable text and privacy policy link.
* HTML email templates with editable content.
* Mail logs with readable HTML previews.
* Custom SMTP settings for better deliverability.
* Honeypot protection, minimum submit time, rate limiting, optional Google reCAPTCHA v3, and blocked spam counters.
* CSV export for one form or all forms.
* Form appearance controls, including colors, field size, button alignment, and border radius.

Additional features are available in a separate Mailfix Pro add-on from mailfix.cz. This WordPress.org plugin is fully functional on its own.

== Installation ==

1. Upload the plugin folder to `/wp-content/plugins/` or install it through the WordPress admin.
2. Activate the plugin from the Plugins screen.
3. Open `Forms` in the admin and create a new form.
4. Copy the shortcode from the form editor.
5. Insert the shortcode into a page, post, or compatible page builder.

== Frequently Asked Questions ==

= Does the plugin send data outside my website? =

By default, no. Submitted messages are stored locally in the WordPress database and emails are sent through `wp_mail()` or your configured SMTP server. If Google reCAPTCHA v3 is enabled, the reCAPTCHA token is verified through Google reCAPTCHA.

= How do I insert a form into a page? =

Copy the shortcode from the form editor, for example `[mailfix_form id="123"]`, and paste it into a page, post, or compatible builder.

= Where do I configure email notifications? =

Open `Forms > Notifications`, choose a form, and configure recipients, sender details, the admin notification, and the optional thank-you email.

= What personal data does the plugin store? =

The plugin stores submitted form fields, submission date, an IP hash, and the user agent for administration and basic security checks. The IP hash is not a readable IP address. If Google reCAPTCHA v3 is enabled, the verification token is checked through Google reCAPTCHA.

= How can I test email delivery? =

Open `Forms > Notifications`, choose a form, and send a test email. The result is stored in the mail log. A `sent` status means WordPress accepted the email for sending; actual delivery still depends on the mail server and domain DNS.

= Does the form work without JavaScript? =

Frontend submissions are designed as AJAX forms and require JavaScript in the visitor's browser.

== External services ==

= Google reCAPTCHA =

This plugin can optionally use Google reCAPTCHA v3 for spam protection when the site administrator enables reCAPTCHA and enters Google reCAPTCHA keys in the plugin settings.

When reCAPTCHA is enabled for a form, the plugin loads the Google reCAPTCHA script from `www.google.com` on pages where that form is displayed. When a visitor submits the form, the plugin sends the reCAPTCHA response token, the configured secret key, and the visitor IP address to Google's `siteverify` endpoint to validate the submission. The plugin also offers an administrator-only secret key check that sends the configured secret key and a test response token to Google.

Google reCAPTCHA is provided by Google LLC. Terms: https://policies.google.com/terms Privacy Policy: https://policies.google.com/privacy

== Screenshots ==

1. Dashboard with form statistics, recent messages, antispam activity, and setup status.
2. Add new form screen with the form builder and live appearance preview.
3. All messages inbox with unread, read, archive, and trash views.
4. Message detail with readable submission data and related mail logs.
5. Notifications editor with admin email, thank-you email, tokens, and email template previews.

== Changelog ==

= 1.1.45 =
* Removed unused helper methods and stale admin CSS selectors.

= 1.1.44 =
* Fixed field radius consistency across frontend, form preview, and choice fields.

= 1.1.43 =
* Added an appearance option to show or hide the form title.

= 1.1.42 =
* Improved sticky preview behavior when editing appearance settings on new forms.

= 1.1.41 =
* Added shortcode copying to the forms list table.
* Improved the form editor layout so appearance settings stay closer to the live preview.

= 1.1.40 =
* Reviewed WordPress.org guideline wording and clarified that the free plugin is fully functional on its own.

= 1.1.39 =
* Shortened older changelog entries for a cleaner WordPress.org readme.

= 1.1.38 =
* Protected automatic message read-state changes with a nonce.
* Hardened reCAPTCHA response handling and duplicate form redirects.

= 1.1.37 =
* Tightened request handling for admin notices, notification settings, SMTP tests, and frontend submissions.
* Sanitized local request arrays before passing them into internal helpers.

= 1.1.36 =
* Sanitized structured form editor settings before extension filters run.
* Escaped custom field HTML returned by extension filters with a strict allowlist.
* Passed sanitized email preview context to extension filters.

= 1.1.35 =
* Reworked message and mail log list queries to avoid dynamically interpolated SQL fragments.
* Reworked setup wizard shortcode detection to avoid interpolated IN placeholders.
* Tightened sanitization for submitted field values, SMTP/reCAPTCHA settings, and onboarding redirects.

= 1.1.34 =
* Improved translation cleanup and clarified rate-limit help text.

= 1.1.33 =
* Rechecked custom SQL reads and raised the minimum WordPress version to 6.2.

= 1.1.32 =
* Refined extension hooks for external add-ons.

= 1.1.31 =
* Rechecked message, log, dashboard, and CSV database reads.

= 1.1.30 =
* Cleaned package contents and prepared SQL reads.

= 1.1.29 =
* Added a shortcode copy box below the Publish panel.

= 1.1.28 =
* Standardized the public plugin brand spelling.

= 1.1.27 =
* Fixed notification preview compatibility and Czech translations.

= 1.1.26 =
* Cleaned stale translation strings.

= 1.1.25 =
* Renamed the plugin, aligned the text domain, and documented Google reCAPTCHA.

= 1.1.24 =
* Improved Gutenberg block controls.

= 1.1.23 =
* Split editor, frontend, notification, onboarding, message, settings, and admin action code into focused traits.

= 1.1.22 =
* Split SMTP handling and CSV export into dedicated classes.

= 1.1.21 =
* Hardened frontend option validation and proxy IP handling.

= 1.1.20 =
* Refined Plugin Check annotations for mail log queries.
