Title: CROzap Forms
Author: gyaner
Published: <strong>July 6, 2026</strong>
Last modified: July 6, 2026

---

Search plugins

![](https://ps.w.org/crozap-forms/assets/banner-772x250.png?rev=3597354)

![](https://ps.w.org/crozap-forms/assets/icon-256x256.png?rev=3597354)

# CROzap Forms

 By [gyaner](https://profiles.wordpress.org/gyaner/)

[Download](https://downloads.wordpress.org/plugin/crozap-forms.1.1.4.zip)

 * [Details](https://wordpress.org/plugins/crozap-forms/#description)
 * [Reviews](https://wordpress.org/plugins/crozap-forms/#reviews)
 *  [Installation](https://wordpress.org/plugins/crozap-forms/#installation)
 * [Development](https://wordpress.org/plugins/crozap-forms/#developers)

 [Support](https://wordpress.org/support/plugin/crozap-forms/)

## Description

CROzap Forms connects your WordPress site to [CROzap](https://crozap.com), a lead
management and ad attribution platform. Every lead a connected form captures is 
sent to your CROzap account, together with the ad click identifiers that let CROzap
fire conversion signals back to Google Ads and Meta when the lead qualifies.

**Two integrations:**

 * **Contact Form 7** – connect any CF7 form. The plugin hooks the successful submission,
   maps the fields you choose (or auto-detects common ones), and forwards the lead.
   Your CF7 form keeps working exactly as before.
 * **WPForms** – connect any WPForms form the same way.

Contact Form 7 and WPForms are third-party plugins owned by their respective authors;
this plugin is not affiliated with or endorsed by either project. A built-in lead
form (shortcode + block) is planned for a future version.

**Ad attribution built in (the reason this plugin exists):**

 * Captures `gclid` (Google Ads) and `fbclid` (Meta) from the landing page URL and
   persists them in first-party cookies for 90 days, so a visitor who lands on one
   page and submits a form on another still carries the click id.
 * Captures UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term)
   the same way, for 30 days.
 * Reads the Meta pixel `_fbc` / `_fbp` cookie values when your site’s own Meta 
   pixel has set them (the plugin loads nothing from Meta).
 * Forwards the visitor’s real IP address so attribution and consent records in 
   CROzap reflect the visitor, not your hosting server.

With those click ids stored on the lead, CROzap fires the matching conversion signal(
Google offline conversion or Meta CAPI event) back to the originating ad network
when your team qualifies the lead – closing the ad optimization loop for leads captured
on your WordPress site.

**Resilient by design:** if CROzap is temporarily unreachable, the visitor’s form
submission completes normally and the lead is queued and retried automatically. 
Nothing external is ever loaded in the browser; the only outbound connection is 
the server-side API call to CROzap.

### External Services

This plugin connects to the CROzap API, an external service operated by WebMonx 
Solutions LLP. You need a CROzap account and API key to use it.

**What is sent, and when:** when a visitor submits a connected form (a connected
Contact Form 7 form or a connected WPForms form), the plugin sends the submitted
data to the CROzap API (https://app.crozap.com): name, email, phone, message and
any other submitted form fields (sent as custom fields), the campaign name you configured,
UTM parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term), ad
click identifiers (gclid, fbclid, and the Meta pixel _fbc / _fbp cookie values when
present), the URL of the page the form was submitted from, the consent status, the
visitor’s IP address, and a site platform label (source_detail, default “wordpress”).
The “Test connection” button on the settings page sends an empty authentication 
check to the same API. No data is sent to CROzap on any other page view.

**Why:** CROzap is a lead management and ad attribution platform; this data is required
to create the lead in your CROzap account and attribute it to the ad click that 
produced it.

 * CROzap Terms of Service: https://crozap.com/terms/
 * CROzap Privacy Policy: https://crozap.com/privacy/

Disclose this data flow in your own site’s privacy policy, and use the per-form 
consent option where your jurisdiction requires consent.

## Screenshots

[⌊Settings page: API key with saved-key fingerprint, and the Contact Form 7 / WPForms
mapping tables.⌉⌊Settings page: API key with saved-key fingerprint, and the Contact
Form 7 / WPForms mapping tables.⌉[

Settings page: API key with saved-key fingerprint, and the Contact Form 7 / WPForms
mapping tables.

## Installation

 1. Upload the plugin files to `/wp-content/plugins/crozap-forms/`, or install through
    the WordPress plugins screen.
 2. Activate the plugin.
 3. Go to Settings, CROzap Forms.
 4. Paste your CROzap API key (in CROzap: Settings, Ad Connections, API Key) and save;
    the connection test runs automatically.
 5. Connect your Contact Form 7 and/or WPForms forms in the mapping tables and save.

## FAQ

### Where do I get an API key?

Log in to your CROzap account and open Settings, Ad Connections, API Key. The key
is stored on your server via the WordPress Options API and is never exposed to visitors’
browsers. The settings page shows a short fingerprint (first and last characters)
of the saved key so you can verify the right key is stored, and rejects values that
are not CROzap-shaped keys.

### Does the plugin load anything from CROzap or other external servers in the browser?

No. All scripts and styles are bundled locally. The only external communication 
is the server-side API call that delivers the lead.

### What cookies does it set?

When a visitor lands on a URL containing ad parameters, the plugin sets first-party
cookies to preserve attribution: `crozap_gclid` and `crozap_fbclid` (90 days) and`
crozap_utm_*` (30 days). It also reads (never sets) the `_fbc` / `_fbp` cookies 
if your own Meta pixel created them.

### What happens if CROzap is down when a form is submitted?

The visitor’s Contact Form 7 or WPForms submission completes normally. The lead 
is queued locally and retried automatically (up to 3 attempts, deduplicated on the
CROzap side), and a notice is shown on the settings page if delivery keeps failing.

### Do phone numbers need a country code?

Yes, ideally (for example +91 98765 43210). CROzap normalizes numbers to E.164; 
a bare 10-digit number is assumed to be Indian (+91).

### Does it work with caching plugins?

Yes. The integrations hook the server-side form processing of Contact Form 7 and
WPForms, which page caching does not affect.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“CROzap Forms” is open source software. The following people have contributed to
this plugin.

Contributors

 *   [ gyaner ](https://profiles.wordpress.org/gyaner/)

[Translate “CROzap Forms” into your language.](https://translate.wordpress.org/projects/wp-plugins/crozap-forms)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/crozap-forms/), check
out the [SVN repository](https://plugins.svn.wordpress.org/crozap-forms/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/crozap-forms/) by
[RSS](https://plugins.trac.wordpress.org/log/crozap-forms/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.1.4

 * Brand display name standardized to CROzap; add Plugin URI; update Author URI 
   to webmonx.com.

#### 1.1.3

 * Bump tested-up-to to WordPress 7.0; remove manual textdomain loading (WP.org 
   auto-loads translations).

#### 1.1.2

 * Filter out reCAPTCHA tokens and form-system fields from lead custom fields (g-
   recaptcha-response, hCaptcha, Cloudflare Turnstile, Contact Form 7 _wpcf7* internals).
   The exclusion list is filterable via crozap_excluded_fields.

#### 1.1.1

 * Fix: add concatenation guard to frontend script so it is safe when a JS optimizer
   combines scripts (prevents a theme/reCAPTCHA conflict on sites using Combine 
   JS).

#### 1.1.0

 * Focus on Contact Form 7 and WPForms integrations; the built-in lead form (shortcode
   + block) is deferred to a future version.
 * API key safety: values that are not CROzap-shaped keys (UUIDs) are rejected on
   save and the previous key is kept, so browser password-manager autofill can no
   longer silently replace a working key.
 * Saved-key fingerprint on the settings page (first and last characters only) so
   you can verify which key is stored.
 * The API key field defeats aggressive browser autofill (readonly until focused).
 * The connection test runs automatically after saving a new key.

#### 1.0.0

 * Initial release: built-in lead form (shortcode + block), Contact Form 7 and WPForms
   integrations, click-id capture (gclid, fbclid, _fbc, _fbp), UTM capture, visitor
   IP forwarding, retry queue, Test connection.

## Meta

 *  Version **1.1.4**
 *  Last updated **12 hours ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.8 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 7.4 or higher **
 * Tags
 * [attribution](https://wordpress.org/plugins/tags/attribution/)[contact form 7](https://wordpress.org/plugins/tags/contact-form-7/)
   [crm](https://wordpress.org/plugins/tags/crm/)[lead capture](https://wordpress.org/plugins/tags/lead-capture/)
   [WPForms](https://wordpress.org/plugins/tags/wpforms/)
 *  [Advanced View](https://wordpress.org/plugins/crozap-forms/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/crozap-forms/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/crozap-forms/reviews/)

## Contributors

 *   [ gyaner ](https://profiles.wordpress.org/gyaner/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/crozap-forms/)