Contact Form System — Overview
Architecture
The contact form is a custom PHP implementation managed via WPCodeBox2 snippet (ID 1: "Opshell Contact Form Shortcode"). It handles the full lifecycle: form rendering, spam prevention, email verification, data storage, and email notification.
Data Flow
Visitor submits form
→ Honeypot check (anti-spam)
→ Cloudflare Turnstile verification
→ Field validation
→ Reoon email verification (power mode)
→ CSV storage (messages.csv)
→ Email notification to site owner
Security Layers
| Layer | Type | Purpose |
|---|---|---|
| Honeypot | Hidden field | Catches automated bots |
| Turnstile | Cloudflare CAPTCHA | Prevents scripted submissions |
| Reoon | Email verification | Validates deliverable email |
| Nonce | WordPress | CSRF protection |
| Input sanitization | PHP functions | Prevents XSS and injection |
Storage
- Successful submissions:
/opshell-contact-submissions/messages.csv - Failed verifications:
/opshell-contact-submissions/failed-verifications.csv - Directory created at
dirname(ABSPATH, 2) . "/opshell-contact-submissions" - Index.php added to prevent directory listing