Save 25% on Wizard’s SQL for WP w/ code: WIZARDSQL
Web Dev + WordPress + Security

WordPress Plugin: Contact Coldform

[ Image: Coldform Icon ] Welcome to the homepage for Contact Coldform, a secure, lightweight, flexible contact form with plenty of options and squeaky clean markup. Coldform blocks spam while making it easy for your visitors to contact you from your WordPress-powered website. The comprehensive Settings Page makes it easy to take full control with plenty of options and several built-in themes for styling the form. Coldform delivers everything you need and nothing you don’t — no frills, no gimmicks, just pure contact-form satisfaction. Now available at the WP Plugin Directory!


Contact Coldform had a good run (10 years!), but it’s time for something far better: Contact Form X. CFX is superior to Contact Coldform in every way. Contact Form X gives you all the same features of Contact Coldform, plus you also get a recent-email dashboard widget, GDPR options, inline docs, Google reCaptcha, and of course the contact form itself is all Ajax-powered and super awesome.

Contact Coldform = 2008–2018.
Contact Form X = 2018 & beyond..

I encourage all users of Contact Coldform to upgrade Contact Coldform to Contact Form X. You can learn more and download the plugin at the WP Plugin Directory. And yes, I use Contact Form X for my own contact form here at Perishable Press. </update>


  • Plug-&-play: display Coldform anywhere
  • Sweet emails: Coldform sends descriptive, well-formatted messages
  • Safe and secure: Coldform blocks spam and filters malicious content
  • Ultra-clean code: lightweight, standards-compliant, semantic, valid
  • Fully customizable: easy to configure and style via Coldform Settings


  • Slick, toggle settings panels make it easy to customize Coldform
  • Style Coldform using built-in coldskins or upload some custom CSS
  • Provides template tag to display Coldform anywhere in your theme
  • Provides shortcode to display Coldform on any post or page
  • Displays customizable confirmation message to the sender

Anti-spam & Security

  • Captcha: Coldform includes challenge question/answer
  • Bot trap: hidden input field further reduces automated spam
  • Secure form processing protects against bad bots and malicious input
  • User-friendly error messages help users complete all required fields

Customize Everything

  • Includes option to enable users to receive carbon copies
  • Coldform message includes IP, host, agent, and other user details
  • Customize form-field captions, error messages, and success message
  • Includes three built-in themes “coldskins” to style, or
  • Style the Coldform with your own custom CSS
  • Option to add a custom prefix to the subject line
  • Option to disable the captcha for registered users

Clean Codes

Coldform brings delicious code on every front:

  • Squeaky-clean PHP: every line like a fine wine
  • Crispy-clean markup: valid, semantic source code with proper formatting
  • Shiny-clean emails: Coldform delivers descriptive, well-formatted content
  • Better performance: conditional loading of stylesheet only when needed

More Features

  • Works perfectly without JavaScript.
  • Option to load CSS only when Coldform is displayed
  • Option to reset default settings
  • Options to customize many aspects of the form
  • Options to customize success, error, and spam messages
  • Option to enable and disable CSS styles

Installation and Usage:

Typical plugin install: upload, activate, and customize in the WP Admin.

  1. Unzip and upload the entire directory to your “plugins” folder and activate
  2. Use the shortcode to display Coldform on any post or page, or:
  3. Use the template tag to display the Coldform anywhere in your theme.
  4. Visit the Coldform Settings to configure your options and more info.



Template tag

<?php if (function_exists('contact_coldform_public')) contact_coldform_public(); ?>

For more information, visit the Coldform Settings page and readme.txt file.

Coldform Screenshots


As explained at the beginning of this post, I am retiring Contact Coldform. The plugin will be updated through 2018 or so, and will encourage all Coldform users to upgrade to the far superior Contact Form X. Check it out and download via the Plugin Directory:

Jeff Starr
About the Author
Jeff Starr = Creative thinker. Passionate about free and open Web.
The Tao of WordPress: Master the art of WordPress.

160 responses to “WordPress Plugin: Contact Coldform”

  1. I disagree with weston. Why generate a content if it’s not of any use ?

    If everything worked like that, imagine what search engines crawlers would see, or worse, imagine what pages would look like without CSS applied.

  2. Avatar photo
    Perishable 2008/01/14 7:50 am

    @Stephen: Thank you kindly! I look forward to hearing your thoughts on the functionality of plugin as well! ;)

    @weston: Thanks for the idea.. I think adding unique field ids is a great idea. If anything it will give users a way to style each field individually.

    @Louis: Good point about not using the ids primarily for hiding/showing unwanted fields, however, I do think ids are a good idea for reasons previously mentioned.

  3. Hi,
    I really like the plugin, but my mail server requires smtp authentication, how/where (in the code) can I enter my smtp username and password so the plugin will actually send the email to the recipient?

  4. Avatar photo

    Hi Gail,

    This initial release of Coldform does not support SMTP authentication, however, I am looking into adding that feature (along with a growing list of others) to the next upgrade.

  5. Avatar photo

    Hey, found your form today and implemented it on my site.

    It’s excellent! Thanks for helping me postpone learning to code a while longer!

  6. Avatar photo
    Perishable 2008/02/06 9:37 am

    My pleasure, 6ft5 — happy to help postpone the learning process ;)
    Thanks for the feedback!

  7. Avatar photo

    That’s Plugin looks cool.

    I am trying to use it my non English blog without success.

    When i try to send a message without completing the required information the non English characters become gibberish as described in these links:

    I tried to find a solution but at last i gave up. May i find here helpful information.


  8. Avatar photo

    Hello Perishable,

    Thanks for your quick respond.

    I still investigating it more and I don’t thinks it’s a translation issue. I am familiar with translating plugins and this case looks like something different.

    I tried to check this similar plugin:

    And here is the result:

    Arabic characters looks normal.

  9. Avatar photo
    Perishable 2008/02/11 6:16 pm


    I believe this is a language/translation-related issue, although I am far from knowledgeable in this area. Using methods described here, it is possible to add support for different languages. When writing the plugin, I did incorporate (nearly all) of the hooks needed for successful translation, but simply did not have time to actually translate any of the content. Although I am not 100% certain that this would resolve the issue, it certainly would help to find out. As you appear fluent in both English and Arabic, perhaps you would be willing to investigate further..?

    ( Also, thanks for the screenshots — I am going to combine them into your first post. )


  10. Mustafa Saadi 2008/02/12 3:10 am

    Hello Jeff, rasheed,

    The problem is that all _$POST variables are converted to HTML entities using the htmlentities php function. I don’t think you need that anyway — emails shound be sent in plain format. Anyway, we have uploaded the fix archive to rasheed’s server. Here is the link:

    Mustafa Saadi.

  11. Avatar photo
    Perishable 2008/02/12 8:16 am

    Hi Mustafa Saadi,

    Thank you for swooping in and saving the day, Mustafa! It should have occurred to me that htmlentities may have been the culprit. Are you sure that removing it does not jeopardize security of the form? I have read almost everywhere about “how important htmlentities is” to prevent JavaScript exploits, XSS attacks, etc.

    Thanks for your help!

  12. Mustafa Saadi 2008/02/12 12:57 pm


    I completely agree with you. You can really use the following: htmlentities( $html, ENT_QUOTES, “UTF-8” ); or maybe htmlentities ($s, ENT_NOQUOTES, “UTF-8”); — remember that you should use the “header(‘Content-type: text/html; charset=utf-8’);” when posting the data. Best to probably use strip_tags() and mysql_escape_string(), the strip_tags() function simply looks for any markup elements in a given string and removes them.

    Mustafa Saadi.

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
AI is creating problems that only AI can solve. #deepthoughts
I try to make use of default functionality whenever possible. For everything.
Upgraded iMac to Ventura. Disabled "unsend mail" feature and found some (now) hidden wallpaper settings. Overall smooth upgrade.
( $this ) is bloat. ($this) is better.
The Legend of Zelda: Tears of the Kingdom coming May 12, 2023. Absolutely pumped.
Favorite thing for breakfast is a tall glass of cold water. Hits the spot every time.
Fall is my favorite season :)
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.