Live · status OK
OW Forms · v1.1.0 · GPL-2.0

The WordPress form builder
rebuilt for 2026.

Schema-driven WordPress form builder, GDPR-native, 4-layer anti-spam. No jQuery, no forced runtime, no Pro version. Free, GPL, readable code.

v1.1.0GPL-2.0WordPress 6.0+< 8 KB runtime
Why

Why yet another forms plugin in 2026?

Contact Form 7 dates back to 2007. Its code still shows it: no schemas, no decent REST API, GDPR bolted on via a third-party plugin, and a jQuery runtime the web hasn't needed for ten years.

Gravity Forms and WPForms are more modern but cost €60 to €300/year, ship their own trackers, lock you into a single captcha, and impose a proprietary UI. On European SME sites, that's three compromises you don't want to defend in an audit.

OW Forms starts from the opposite premise: everything must be in JSON, GDPR must be on by default, anti-spam must combine several independent signals, and nothing should load until a form is actually visible on screen.

GDPR bolted on

Manual consent checkbox, plaintext IPs, no automatic purge. A data-protection audit costs at least €5,000.

Mediocre performance

jQuery + third-party frameworks + vendor captcha = 80-200 KB of JS loaded on every page, even when no form is visible.

Captcha-only anti-spam

A single signal (Google CAPTCHA) = 100% of recent bots get through. You need to stack honeypot, time-trap, IP reputation and blocklists.

Under the hood

What actually changes

No slogans. Here are the technical decisions that set this product apart.

Schema-driven

Forms are defined in JSON, not HTML post_content. 17 native field types: text, email, tel, url, number, textarea, select, radio, checkbox, checkbox-group, date, time, datetime, file, hidden, signature, rating.

4-layer anti-spam

Invisible honeypot + time-trap + multi-provider captcha (Turnstile, reCAPTCHA v3, hCaptcha, Friendly Captcha) + IP reputation. Score > 80 = silent rejection. Every signal is logged.

Native GDPR

Auto-injected consent checkbox, pseudonymised (or not stored) IPs, SHA-256 User-Agent, retention purge cron (1095 days default), DSAR by email_hash, emails salted with wp_salt() in DB.

One-click Contact Form 7 import

Parses every CF7 form on the site, generates equivalent OW Forms schemas, and rewrites the [contact-form-7 id="X"] shortcodes to [owf_form id="Y"] across all post_content. Full migration in minutes.

REST API + signed webhooks

Namespace owf/v1. Public nonce-protected endpoint for submissions, admin endpoints under manage_options. Outbound webhooks HMAC-SHA256 signed to Slack, Discord, Teams or a custom endpoint. DLQ + exponential retry.

Obsessive performance

No JavaScript loads until a form is visible on the page. No jQuery. No front-end framework. Total client runtime is under 8 KB gzipped, excluding vendor captcha if enabled.

Comparison

Against alternatives

Verifiable data. Only checking what actually exists in the competition.

CriterionOW FormsContact Form 7Gravity FormsWPForms
PriceFree (GPL)Free (GPL)€59-259/year€49-299/year
Native GDPR
Multi-layer anti-spam
JS runtime without form0 KB~30 KB~120 KB~85 KB
Public REST API
Contact Form 7 import
HMAC-signed webhooks
GPL license
Integration

Three ways to embed a form

No proprietary page builder forced on you. Pick the approach that fits your stack.

[owf_form id="42"]
Technical questions

Reasonable doubts, direct answers

How do I migrate from Contact Form 7?

The automatic import is under Settings → OW Forms → Import. The plugin parses every CF7 form on the site, generates equivalent OW Forms schemas, and rewrites the shortcodes across all post_content. Count on 2-3 minutes for 20 forms. You can fully roll back via the trash.

Is the plugin compatible with WordPress Multisite?

Yes. Network-activable, each child site has its own forms and submissions. Captcha provider and GDPR retention settings can be centralised at the network level via WP filters.

How do I integrate Brevo, Mailchimp or a CRM?

HMAC-SHA256 signed webhooks (namespace owf/v1) with Slack / Discord / Teams / Generic presets. For Brevo and Mailchimp, use the generic webhook + their official API endpoint — no third-party plugin needed. Tutorials in the docs.

Where are uploaded files stored?

By default in wp-content/uploads/owf-submissions/ with direct access disabled via a generated .htaccess. You can route to S3-compatible, R2 Cloudflare or Wasabi via the owf_file_upload_handler hook. Files follow the same GDPR retention as submissions.

Does the plugin handle multi-step forms?

Yes. Define your steps in the schema JSON with a steps[] key. The front-end runtime handles pagination, per-step validation and state in sessionStorage (zero cookies). Transitions are configurable (slide, fade, instant).

Does the author guarantee English support?

OptionWeb is based in French-speaking Belgium. Official support is in French, Dutch and English via /addons/support/. Response within 24 working hours. The plugin being GPL and free, support is best-effort — no contractual SLA but no ticket is ignored.

Free. For real.

No Pro version coming.

OW Forms is free and GPL. No paywall, no "unlock" button. That's an editorial choice, not a lack of features.

  • All features are included in the free version.
  • The complementary OptionWeb addons (OW Shield, OW Consent, OW Performance) are also free and complementary — no forced bundling.
  • No analytics tracking, no license ping, no phone-home.
  • If you want to support the project, share it or contribute on the OptionWeb repo.
Built by Julien Daniel · Châtelet, Belgium