內容簡介
Formatrica 是一款現代化的拖放式表單建構器,旨在解決傳統表單建構器的常見問題。使用者可以輕鬆創建生產就緒的表單,並透過簡單的短碼或區塊將其添加到任何頁面中。
【主要功能】
• 直觀的拖放式表單建構器
• 實時預覽與即時編輯功能
• 提供 15 種預建模板
• 多種欄位類型支援
• 強大的安全與防垃圾郵件功能
• 多種電子郵件傳遞提供者
開發者團隊
② 後台搜尋「Formatrica – Drag and Drop Form Builder」→ 直接安裝(推薦)
原文外掛簡介
Formatrica was built to solve common frustrations with form builders: dated interfaces, overly complex workflows, and feature gating that makes proper evaluation difficult. It delivers a clean, modern drag-and-drop experience with practical defaults, so you can create a production-ready form in 5-6 clicks and add it to any page via shortcode or block.
Key Features
Form Builder
* Intuitive drag-and-drop form builder (Vue.js + Pinia + SortableJS)
* Real-time preview with live field editing
* Form preview functionality with zoom control (50-100%)
* 15 pre-built templates: Simple Contact, Business Contact, Newsletter Signup, Job Application, Appointment Request, Real Estate Inquiry, Course Registration, Event Registration, Customer Feedback, Support Ticket, Front-end Post Submission, Request a Quote, RSVP Response, Volunteer Signup, User Registration
* Smart Quick Start notification for new forms
Field Types
* Text, Email, Telephone, Password
* Textarea for long-form content
* Select (single/multiple), Radio, Checkbox
* File Upload with validation and size limits
* Date Picker
* Hidden fields for internal metadata
* Custom Text blocks for static content
* Submit Button with customizable labels
Security & Anti-Spam
* Honeypot protection (enabled by default)
* CSRF token validation
* IP-based rate limiting (configurable per form)
* Multiple CAPTCHA providers:
– Google reCAPTCHA v3
– Cloudflare Turnstile
– FriendlyCaptcha
* CAPTCHA secrets stored encrypted at rest with write-only admin controls
* Minimum submission time detection
* File upload validation with type and size restrictions
Privacy Controls
* IP address storage options: Full, Anonymized, or None
* Default: Anonymized (removes last octet)
* Auto-delete submissions after X days (optional)
* GDPR-friendly data handling
Email Delivery
* Multiple delivery providers:
– WordPress default (wp_mail)
– SendGrid API
– SMTP2GO API
– Mailgun API (with EU/US region support)
– Postmark API
– Brevo API (formerly Sendinblue)
– Amazon SES (with AWS Signature v4 authentication)
– Custom SMTP
– Mailpit (for development)
* Encrypted credentials storage (AES-256-CBC)
* Test email functionality
* Customizable sender name, email, subject, and recipient
* Smart defaults from WordPress settings
* Verification emails for registration forms use the same provider configured in that form’s settings
User Registration
* Special form type for WordPress user registration
* Integrates with WordPress user creation flow
* Email verification required: users must confirm their email before logging in
* Verification emails respect each form’s configured delivery provider (SMTP/API/wp_mail)
* Login is blocked for unverified users with a clear message on wp-login.php
Integrations & Webhooks
* Zapier: Connect to 5,000+ apps via Webhooks by Zapier trigger
* Make.com: Build visual automation workflows (formerly Integromat)
* Slack: Instantly notify Slack channels via Incoming Webhooks
* WordPress Post: Create pending posts (or other post types) with field mappings, taxonomy, and meta controls
– Full ACF (Advanced Custom Fields) support with 20+ field types
– Author mode: current user, fixed user, or anonymous
– Featured image support, taxonomy term creation, custom post meta
* WooCommerce: Generate orders and optional customer records directly from form submissions
* Mailchimp: Subscribe contacts to audiences with field mapping and double opt-in
* Salesforce (Essentials): Create Web-to-Lead entries without OAuth
* HubSpot: Submit contacts to HubSpot forms using a Private App token
* Custom Webhooks: POST submission data to any endpoint
* Async integration queue: Background processing for external webhooks (WordPress Cron)
– Dramatically improves form submission performance (5-15s → <200ms)
– 10 jobs per batch, 3 retry attempts with error logging
– Keeps local integrations synchronous for data consistency
* Secret key signing for verification (custom webhooks only)
* Custom payload filtering via hooks
* SSRF protection and security validation
Developer-Friendly
* Comprehensive API documentation
* 15+ action and filter hooks for extensibility
* REST API endpoints for forms and submissions
* Provider-specific payload filters (Slack, Mailchimp, Salesforce, HubSpot, WordPress Post)
* PSR-4 autoloaded architecture with Service Layer design
* Clean separation of concerns: Validation, Security, File Handling, Rendering, and Integrations layers
* 22 single-responsibility classes for maintainability and testability
* Database schema versioning system with migration support
* Modular ES6 JavaScript with class-based structure
* Vite-powered build system
* Full TypeDoc-style inline documentation
* Admin list improvements: Active/Inactive filters, Activate/Deactivate actions, and safe delete confirmations
Hooks & Filters
Action Hooks
formatrica_before_submission
Fires before processing a form submission.
do_action(‘formatrica_before_submission’, $form_id, $form, $request_data, $context);
formatrica_after_submission
Fires after successful submission processing.
do_action(‘formatrica_after_submission’, $form_id, $sanitised, $result, $form, $context);
formatrica_user_registered
Fires after a new WordPress user is registered via form.
do_action(‘formatrica_user_registered’, $user_id, $data);
formatrica_webhook_failed
Fires when webhook delivery fails.
do_action(‘formatrica_webhook_failed’, $error_data);
formatrica_integration_dispatch
Fires when an integration ID is not handled by the built-in dispatchers, allowing custom providers.
do_action(‘formatrica_integration_dispatch’, $integration_id, $settings, $form, $payload, $context, $field_meta);
Filter Hooks
formatrica_submission_request
Filter raw submission data before validation.
apply_filters(‘formatrica_submission_request’, $request_data, $form_id, $form, $context);
formatrica_sanitized_submission
Filter sanitized submission data before processing.
apply_filters(‘formatrica_sanitized_submission’, $sanitised, $form_id, $form, $request_data, $context);
formatrica_webhook_payload
Filter webhook payload before sending to integrations (Zapier, Make, Slack) or custom webhooks. The $context parameter includes an integration key identifying the target.
apply_filters(‘formatrica_webhook_payload’, $body, $form, $payload, $context, $field_meta);
formatrica_slack_payload
Filter the Slack payload before dispatching to the incoming webhook.
apply_filters(‘formatrica_slack_payload’, $body, $form, $payload, $context, $field_meta);
formatrica_mailchimp_payload
Filter the Mailchimp member payload before it is sent via the API.
apply_filters(‘formatrica_mailchimp_payload’, $body, $form, $payload, $context, $field_meta);
formatrica_salesforce_payload
Filter the Salesforce Web-to-Lead form data before submission.
apply_filters(‘formatrica_salesforce_payload’, $data, $form, $payload, $context, $field_meta);
formatrica_hubspot_payload
Filter the HubSpot Forms API payload before dispatch.
apply_filters(‘formatrica_hubspot_payload’, $body, $form, $payload, $context, $field_meta);
formatrica_duplicate_title
Filter duplicated form title.
apply_filters(‘formatrica_duplicate_title’, $title, $original_form);
formatrica_min_submission_time
Filter minimum time between page load and submission (anti-bot).
apply_filters(‘formatrica_min_submission_time’, 2, $form_id);
formatrica_max_upload_size
Filter maximum file upload size in MB.
apply_filters(‘formatrica_max_upload_size’, $max_size, $field);
formatrica_allowed_file_types
Filter allowed MIME types for file uploads.
apply_filters(‘formatrica_allowed_file_types’, $allowed_types, $field);
formatrica_max_image_dimension
Filter maximum image dimension in pixels.
apply_filters(‘formatrica_max_image_dimension’, 4096, $field);
formatrica_recaptcha_v3_min_score
Filter minimum reCAPTCHA v3 score threshold.
apply_filters(‘formatrica_recaptcha_v3_min_score’, 0.5, $form_id);
For detailed examples, see the plugin documentation.
REST API
Formatrica registers REST API endpoints under the formatrica/v1 namespace. All admin endpoints require the manage_options capability and a valid REST nonce.
Public Endpoints
The following endpoints are intentionally public (no authentication required) because they serve front-end form functionality for unauthenticated visitors:
POST /formatrica/v1/forms/{form_id}/submissions
Accepts a form submission from any visitor. Security is enforced at the application layer: CSRF token validation, honeypot field detection, minimum submission time check, IP-based rate limiting, CAPTCHA verification, and full field sanitisation/validation.
GET /formatrica/v1/utility/countries
Returns a read-only list of country names for front-end country select fields. No user data is accepted or stored.
GET /formatrica/v1/utility/states/{country}
Returns a read-only list of states/provinces for a given ISO 3166-1 alpha-2 country code (e.g. US, DE). The country code is validated to exactly two uppercase letters. No user data is accepted or stored.
Admin Endpoints (require `manage_options` + REST nonce)
GET/POST /formatrica/v1/forms — List or create forms
GET/PUT/PATCH/DELETE /formatrica/v1/forms/{form_id} — Read, update, or delete a form
POST /formatrica/v1/emails/test — Send a test email
GET /formatrica/v1/wp/post-types — List available post types
GET /formatrica/v1/woocommerce/catalog — List WooCommerce products/categories
POST /formatrica/v1/integrations/mailchimp/lists — Fetch Mailchimp audience lists
GET/POST /formatrica/v1/settings/email — Read or update email settings
POST /formatrica/v1/settings/email/test — Test email configuration
GET /formatrica/v1/settings/email/diagnostics — Email delivery diagnostics
External services
Formatrica does not contact any external service by default. Each service below is used only when a site administrator explicitly enables and configures it for a form.
CAPTCHA Verification
When a CAPTCHA provider is enabled on a form, the visitor’s browser loads the provider’s JavaScript widget and, on submission, the visitor’s IP address and a verification token are sent to that provider’s server-side verification endpoint. This happens once per form submission.
Google reCAPTCHA v3 — Verifies submissions are from real users by scoring browser behaviour.
Data sent: visitor IP address, verification token, site key.
Terms of Service | Privacy Policy
Cloudflare Turnstile — Non-intrusive bot detection challenge.
Data sent: visitor IP address, verification token, site key.
Terms of Service | Privacy Policy
FriendlyCaptcha — Privacy-focused proof-of-work CAPTCHA.
Data sent: visitor IP address, puzzle solution, site key.
Terms of Service | Privacy Policy
Email Delivery
When a third-party email delivery provider is configured, submission notification emails are transmitted to the provider’s API each time a form is submitted. Data sent includes: recipient address, sender name and email, subject line, and the message body containing the submitted form data.
SendGrid (Twilio) — Transactional email API.
Terms of Service | Privacy Policy
SMTP2GO — Transactional email API.
Terms of Service | Privacy Policy
Mailgun (Sinch) — Transactional email API.
Terms of Service | Privacy Policy
Postmark (ActiveCampaign) — Transactional email API.
Terms of Service | Privacy Policy
Brevo (formerly Sendinblue) — Transactional email API.
Terms of Service | Privacy Policy
Amazon SES (AWS) — Transactional email API. Uses AWS Signature v4 authentication.
Terms of Service | Privacy Policy
Custom SMTP and Mailpit send data to your own mail server. The default WordPress provider uses wp_mail() with no external API call.
Integrations
When an integration is enabled and configured by the site administrator, form submission data is sent to the configured endpoint upon each form submission. Data sent includes: form title, submitted field values, and field metadata. The Zapier, Make.com, and custom webhook integrations also include the submitter’s IP address and user agent in the payload.
Zapier — Automation platform. Receives a JSON webhook with full submission data on each form submission.
Terms of Service | Privacy Policy
Make.com (formerly Integromat) — Automation platform. Receives a JSON webhook with full submission data on each form submission.
Terms of Service | Privacy Policy
Slack — Team messaging. Sends a formatted message containing form title and submitted field values to a Slack Incoming Webhook URL. No IP address or user agent is sent.
Terms of Service | Privacy Policy
Mailchimp (Intuit) — Email marketing. Subscribes the visitor’s email address and optionally mapped name fields to a Mailchimp audience list.
Terms of Service | Privacy Policy
Salesforce — CRM. Submits mapped lead fields via the Web-to-Lead endpoint. Only the fields explicitly mapped by the administrator are sent.
Terms of Service | Privacy Policy
HubSpot — CRM. Submits mapped contact properties to the HubSpot Forms API using a Private App token. Only the fields explicitly mapped by the administrator are sent.
Terms of Service | Privacy Policy
Custom Webhooks — Sends a signed JSON payload to an arbitrary endpoint URL configured by the site administrator.
Privacy
Local Data Storage
Submissions are stored in a custom database table on your WordPress site when storage is enabled.
IP address storage can be set to Full, Anonymized (last octet removed), or None per form.
Automatic submission deletion can be enabled with a configurable retention period.
API keys and secrets are encrypted at rest using AES-256-CBC and are never exposed in the admin UI or REST API responses.
