This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Safe Signup Form


To stop automated attacks, Safe Signup Form leverages Elliot Back’s WP Hashcash — an elegant anti-spam engine that uses javascript to determine if the form is submitted by a robot or a web browser.

An administration page provides three options for handling submissions identified as spam:

  • Delete spam submissions.
  • Flag spam submissions (and forward them anyway).
  • Forward without flagging.

The basic plugin offers a simple name and email form, but the php can be easily modified to incorporate any number of fields.

Safe Signup Form uses XHTML compliant code and has been tested in WordPress 2.7 through 3.3.1, MSIE 7, 8, and 9, Chrome, Firefox, and Safari.


  1. Upload the safe-signup-form directory to the wp-content/plugins directory of your WordPress install.
  2. Activate the plugin through the Plugins menu in WordPress.
  3. View the Safe Signup Form options page under Settings to set options for presentation, spam handling, validation, and other options. The Safe Signup Form options page also provides statistics on the number of spam vs. total submissions.
  4. To add a form to a page either create a template with the php function: <?php ddfs(); ?> or enter the shortcode [ddfs] in any post or page content.

IMPORTANT: If you are using a caching plugin, changes you make using the Safe Signup Form options page may not appear. If this happens, edit and republish the page that presents the form.


Q. I can’t get the form to send me an email.

A. The form should pick up the default admin email associated with your install of WordPress. To change it go to the Safe Signup Form options page under Settings in the WordPress Admin tool (you may need to log in as “admin”). You can then change the “forwarding email” value.

Since the forwarding email is generated by a script it may be blocked by your email server or filtered as junk mail by your email program. Check any spam or junk mail folders at the local and server level.

Q. Can I automatically forward an email confirmation to the user?

A. Not yet. I did not include automatic email confirmation because of the security implications — it allows a form to become a conduit for spamming third party addresses. The HashCash technology stops most robotic spam attacks, but human spammers could take advantage. I may add email confirmation as a option to a future version.

Q. Can I add additional fields?

A. The only way to add fields is to directly edit the plug-in PHP. If you know HTML and a little PHP this isn’t too difficult.

There are three places in the code where a new form field is defined or processed. First, in the ddfs_install() function its validation rule should be entered in the $options['error-rules'] array. Second, also in the ddfs_install() function, its label, if any, should be entered in the $options['forward-labels'] array. Finally, in the ddfs_form_display() function, the form markup must be entered in the $form array where the key matches that entered in ddfs_install().

Q. How do I change the appearance of the labels, fields and messages?

A. You can create the formatting you want by editing the “Custom Styles” option at the bottom of the Secure Form – Signup page. The default CSS is:

div.ddf label { padding-right: 0.5em; }
p.intro { font-style: italic; }
p.error { color: #ff0000; }
p.success { font-weight: bold; }

To stack labels over the fields, change div.ddf label to:

div.ddf label { display: block; }

To align fields to the right of the labels, you can try something like:

div.ddf label { display: block; float: left; width: 12em; }

Experiment with CSS and you should be able to get the format you like.

Contributors & Developers

“Safe Signup Form” is open source software. The following people have contributed to this plugin.


Translate “Safe Signup Form” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Updated code to use localization (translation) functions for both admin options and output.
  • Corrected the “Error-spam flag” and “Error-spam cancel” entries to pass through HTML tags.
  • Added a “Compliant XHTML” admin option that will place the plugin javascript and CSS into the header of each page rather than into the body of the local page.
  • Corrected a bug with the form action value that caused problems with calling the plugin from a template outside of The Loop


  • Made the Safe Signup Form options page a submenu of Settings to match common practice.