Àpèjúwe
Flinkform is a form builder that lives entirely inside the WordPress Block Editor. Forms are composed from native blocks (block.json v3), styled through theme.json design tokens, and powered by the Interactivity API — no separate admin UI, no shortcodes, no jQuery.
How it works
- Block Editor native — forms are built with
block.jsonand the Interactivity API, directly inside the editor - theme.json styling — forms inherit your themeÌtumọ̀ Yorùbá: ’s typography, colours and spacing automatically
- Modern stack — WordPress 6.5+, PHP 8.1+, no jQuery, frontend JS under 15 KB gzipped
- Multi-step forms — split long forms into steps with a Page Break block, included in the free core
- Conditional logic — show/hide fields based on user input, included in the free core
- WCAG 2.1 AA — full keyboard navigation, screen-reader compatible, aria-live announcements
- Privacy by design — no external services, no tracking cookies, no IP tracking — everything stays on your server
Features (free core)
Form building
* 13 field types: Text, Email, Textarea, Number, Date, URL, Phone, Select, Radio, Checkbox, Toggle, Hidden, Section Heading
* Dedicated Consent field for privacy-policy agreement
* Multi-step forms with Page Break block, per-step validation and progress indicator (bar, dots or numbers)
* Conditional logic — show/hide fields, skip steps, gate the submit button
* Two-column layout with per-field full-width override
Styling
* Automatic theme.json inheritance (colours, typography, spacing, border radius)
* Style panel: primary colour, field style (bordered/soft/underline/minimal), label position (above/beside/floating/placeholder), submit button style (fill/outline/ghost)
Notifications
* Admin notification email on every submission (configurable recipient, merge tags)
* Optional confirmation email to the submitter
* Sends through your siteÌtumọ̀ Yorùbá: ’s standard WordPress mail (wp_mail)
Spam protection
* Always-on honeypot + signed time-based check (zero configuration)
* Built-in proof-of-work challenge with accessible math fallback for visitors without JavaScript
* No external service, no API keys, no tracking cookies, 100% GDPR-friendly
After submission
* Success message or redirect to a custom thank-you URL (with open-redirect protection)
* Optional submission ID and form ID query parameters for conversion tracking (GA4, Meta Pixel, Plausible, etc.)
Admin
* Submissions list with search, filter by form, sort, bulk actions
* Single-submission detail view with all field labels and values
* Mark as read/unread
* Per-form data retention with automatic daily purge
Privacy
Flinkform is built with privacy by default. Here is what the free core does and does not do:
What the free core stores:
* Form submissions (the field values visitors enter) in a dedicated database table ({prefix}flinkform_submissions)
What the free core does NOT do:
* It stores no IP addresses and no browser user-agent strings
* It sets no tracking, analytics or marketing cookies. Flinkform sets exactly one strictly-necessary cookie — flinkform_flash (lifetime ~60 seconds, httpOnly) — and only when a form submission fails validation, to carry the error message and the visitorÌtumọ̀ Yorùbá: ’s input across the page reload. Successful submissions set no cookie at all
* It contacts no external service
Data retention:
* By default, submissions are retained until you delete them. To comply with the storage-limitation principle (GDPR Art. 5), set a per-form retention period (Form block Data Retention) and Flinkform deletes older submissions automatically each day
* Individual submissions can be deleted from the admin submissions screen at any time
Data deletion:
* All free-core data (the submissions table) is permanently removed when the plugin is uninstalled through the WordPress admin
* Flinkform integrates with WordPressÌtumọ̀ Yorùbá: ’s privacy tools (Tools > Export Personal Data / Erase Personal Data) to support data-subject access and erasure requests
Source Code
The complete, uncompiled source code (including the src/ directory with the
unminified JavaScript/CSS that compiles into build/) is publicly available at:
https://github.com/dennisbuchwald/Flinkform
Build instructions (Node.js 18+ and npm required):
1. Clone the repository: git clone https://github.com/dennisbuchwald/Flinkform.git
2. Install dependencies: npm install
3. Build the compiled assets into build/: npm run build
The build is powered by @wordpress/scripts (webpack). The src/ sources are
excluded from the distributed plugin zip to keep it small; this repository is
the canonical, reviewable source.
Àwọn ìdí
Plugin yìí pèsè 16 àwọn ìdí.
- Flinkform Form A form container. Add field blocks inside to build your form.
- Email Field An email input with format validation.
- Section Heading A visual divider with an optional title and description. Not a field — nothing is submitted.
- Page Break Splits the form into steps. Place between field blocks to start a new step in a multi-step form.
- Date Field A date picker input.
- Number Field A numeric input with optional min, max and step.
- Dropdown A dropdown — single or multi-select.
- URL Field A website URL input with format validation.
- Toggle / Checkbox A single checkbox — great for terms-of-service style consents.
- Hidden Field An invisible field that records context with the submission (page URL, user, date, or a static value).
- Consent A required consent checkbox (e.g. a GDPR data-processing agreement) with an optional link to your privacy policy.
- Checkbox Group Multiple choices from a list of options.
- Textarea Field A multi-line text input.
- Radio Group A single choice from a list of options.
- Phone Field A phone number input.
- Text Field A single-line text input.
Ìgbéwọlẹ̀
- Upload the
flinkformfolder to/wp-content/plugins/ - Activate the plugin through the Plugins screen in WordPress
- Open any page or post in the Block Editor
- Insert the Form block (search for “Flinkform” or “Form”)
- Add fields, configure settings in the block inspector, publish — done
FAQ
-
Is Flinkform free?
-
Yes. Flinkform is GPLv2-licensed and completely free — including multi-step forms and conditional logic. Everything you need to build and run real forms is in the core.
-
What WordPress version do I need?
-
WordPress 6.5 or higher and PHP 8.1 or higher. Flinkform uses modern WordPress APIs (Interactivity API, block.json v3, viewScriptModule) that are not available in older versions.
-
Does Flinkform work with my theme?
-
Yes. Flinkform reads your themeÌtumọ̀ Yorùbá: ’s design tokens from
theme.jsonand inherits colours, typography, spacing and border radius automatically. Forms look native on any modern WordPress theme — tested with GeneratePress, Twenty Twenty-Five, Astra and Kadence. -
Does Flinkform support multi-step forms?
-
Yes, in the free core. Insert a Page Break block between fields to split the form into steps, choose a progress indicator style (bar, dots or numbers), and benefit from per-step validation. Steps can even be skipped conditionally based on earlier answers.
-
How does the spam protection work?
-
Flinkform uses a layered approach that requires no setup:
- Honeypot — a hidden field that bots fill in but humans never see
- Signed time check — submissions faster than a couple of seconds after page load are rejected; the timestamp is cryptographically signed so bots cannot forge it
- Proof-of-work challenge — the visitorÌtumọ̀ Yorùbá: ’s browser solves a small computational puzzle in the background; visitors without JavaScript get a simple math question instead
No external service is contacted. No tracking cookies are set. No personal data is shared.
-
Is Flinkform GDPR-compliant?
-
Flinkform is designed with privacy by default — see the Privacy section below for the full detail. In short: no IP addresses or user-agent strings are stored, no data ever leaves your server, no external spam service is used, and Flinkform integrates with WordPressÌtumọ̀ Yorùbá: ’s privacy tools for data-subject access and erasure requests.
-
My notification emails donÌtumọ̀ Yorùbá: ’t arrive. What can I do?
-
Email deliverability depends on your host. Many hosts send
wp_mail()unreliably. If your notifications donÌtumọ̀ Yorùbá: ’t arrive, install a dedicated SMTP plugin to route mail through a proper provider — it will handle delivery for Flinkform too. -
Can I redirect to a thank-you page after submission?
-
Yes. In the block inspectorÌtumọ̀ Yorùbá: ’s “After Submit” panel, choose “Redirect to URL” and enter your thank-you page URL (validated against open redirects). Optionally append the submission ID and form ID as query parameters for conversion tracking.
Àwọn àgbéyẹ̀wò
Kò sí àwọn àgbéyẹ̀wò fún plugin yìí.
Àwọn Olùkópa & Olùgbéejáde
“Flinkform Ìtumọ̀ Yorùbá: – Forms for the Block Editor” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe ìkópa sí plugin yìí.
Àwọn Olùkópa
Túmọ̀ “Flinkform Ìtumọ̀ Yorùbá: – Forms for the Block Editor” sí èdè rẹ.
Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?
Ṣàwárí koodu, ṣàyẹ̀wò ibi ìpamọ́ SVN, tàbí ṣe àgbékalẹ̀ sí àkọsílẹ̀ ìdàgbàsókè nípasẹ̀ RSS.
Àkọsílẹ̀ àwọn àyípadà
0.4.2
- i18n: block attribute defaults (success message, submit label, consent text) are now translated at render time Ìtumọ̀ Yorùbá: – existing forms on non-English sites display the correct language without manual editing
- i18n: complete German (de_DE) translation Ìtumọ̀ Yorùbá: – all frontend text, editor UI, admin screens and validation messages
- i18n: load bundled translations via load_plugin_textdomain() so they work without waiting for translate.wordpress.org
- Fix: the “Add field” editor button no longer inherits a 62 px font-size when the form block is placed inside a Spectra/UAGB container
0.4.0
- Renamed the plugin to Flinkform (new slug, text domain, prefixes
flinkform_/FLINKFORM_, block namespaceflinkform/*) - Security: the spam time-check timestamp is now HMAC-signed and form-bound, so it can no longer be forged
- Security: additional sanitisation on the notification Reply-To header
- Reliability: the daily retention purge is now guarded against overlapping cron runs
- Corrected the FAQ: multi-step forms are part of the free core (and always were since 0.2.7)
- Fixed the plugin and author URIs to use a resolvable host (www.dennisbuchwald.de)
- Documented the public source repository and build steps in the readme (Source Code section)
- Output escaping: conditional-logic data attributes are now escaped late at render time (esc_attr), and submission detail values are output via wp_kses_post()
0.3.0
- Renamed all WordPress-global prefixes to satisfy WordPress.org naming requirements
- Revised readme description to remove promotional language
0.2.9
- WordPress.org Plugin Check pass: documented the safe direct custom-table queries, fixed admin sort-order input handling, sanitised spam/honeypot inputs — no functional change
- Resolved all Plugin Check errors and warnings (output escaping is handled internally; queries are prepared)
0.2.8
- Added a dedicated Consent field (GDPR), per-form retention auto-purge, and a GPLv2 LICENSE file
- Accessibility: explicit focus rings for checkboxes/radios/toggles, High-Contrast-Mode-safe focus on the soft field style, aria-invalid on group/consent errors, improved contrast
- Hardening: mail subject + Reply-To stripped of CR/LF; privacy-policy strings escaped; webhook header REST input sanitised
- Privacy text now documents the retention period and the strictly-necessary flash cookie
0.2.7
- Architecture refactor: the core stays fully free (incl. multi-step + conditional logic); integration features (webhooks, SMTP, CSV export) were factored out of the core
- Privacy: full WordPress privacy-tools integration (exporter + eraser); accurate disclosure of the single strictly-necessary flash cookie
- Accessibility: broader
prefers-reduced-motioncoverage; required spam-math fallback for no-JS visitors - Hardening: defence-in-depth against mail-header injection; open-redirect-safe thank-you redirects
0.1.0
- Initial build