I’ve added Safe Signup Form to the WordPress Plugin Repository. Safe Signup Form is a WordPress Plugin that will forward a form submission to an email address, while preventing most automated attacks.

I developed Safe Signup Form using some key functions from Elliot Back’s WP Hashcash. WP Hashcash is an elegant anti-spam plugin for blocking automated submissions to WordPress comments. What I wanted was a signup, contact, or registration form with the same protection — a mechanism that blocked robots without forcing users to identify a Captcha image or answer an unnecessary question.

The PHP to write and process the form was not hard to develop. I focused most on giving administrators control over the instructional, error, and success messages that create a good user experience.

In the process I made a few tradeoffs. Since the form is called via shortcode rather than a filter, the administration messages are not automaticaly formatted. Administrators can apply HTML code as they see fit or even write javascript or CSS to the form.

This brings up a second tradeoff. Where Elliot Back hooks his javascript call to the WordPress wp_head function, I simply write mine at the end of the form code. His approach is standards compliant. My approach targets the call only where it is required and is common practice for AJAX applications and Google-style widgets.