A contact form is the single most valuable piece of functionality on most UK small-business websites. It turns passive visitors into enquiries, captures the right information up front, cuts spam compared to publishing an email address, and makes your site look professional. WordPress does not include a built-in contact form, so you add one through a plugin — and the choice of plugin shapes everything that follows: how easy forms are to build, how reliably notification emails arrive, how well you handle UK GDPR consent, and how well the form defends against spam. This guide walks through every stage, with UK-specific notes on data protection and the email-deliverability trap that catches most new WordPress sites.
Why every UK site needs a contact form · Choosing a contact form plugin · Installing WPForms Lite step by step · Essential and optional form fields · Embedding a form on a page · Fixing email delivery problems · Anti-spam protection · UK GDPR compliance for contact forms · Advanced patterns: routing, integrations, analytics · Frequently asked questions
Publishing an email address on a contact page seems simple, but it causes three recurring problems:
mailto: link looks amateurish.A form asks for exactly the fields you need (name, email, phone, subject, message), routes the submission to the right inbox, stores a copy in your WordPress database for audit, and can trigger automations (auto-reply, Slack notification, HubSpot entry) downstream.
Several strong options. For most UK small businesses the decision is between WPForms Lite and Contact Form 7.
Drag-and-drop visual builder, pre-built templates, clean interface. The free Lite version covers everything a standard contact form needs: name, email, subject, message, dropdowns, notifications, confirmations. The paid Pro version adds conditional logic, file uploads, payment fields, user registration, multi-page forms.
Best choice for non-technical owners. 15 minutes from install to a working form.
5+ million active installations. Template-based — you edit simple markup to define the form. More powerful in some respects but noticeably less friendly than WPForms Lite. Works well if you are comfortable editing small snippets of markup and want maximum flexibility without licence fees.
Newer, fast, generous free tier, includes advanced features like conditional logic and multiple conditional confirmations without paywall. Growing quickly in the UK community.
Developer-friendly, feature-rich, extensive add-ons for payments (Stripe, PayPal, GoCardless), CRM integration (HubSpot, Salesforce, Zoho) and advanced workflows. Licence starts GBP 59/year. Right choice for complex requirements.
Strong for form types that go beyond contact — surveys, quizzes, calculators, application forms.
For the rest of this guide we focus on WPForms Lite as the typical starting point.
Plugins > Add New Plugin, search for WPForms, find WPForms Lite (by WPForms), click Install Now, then Activate.
A WPForms menu appears in the sidebar. WPForms > Add New. You land on the form template library.
Click Simple Contact Form. WPForms generates a form pre-populated with Name, Email and Message — the essentials. Name the form (e.g. "Main Contact Form") so you recognise it later.
The drag-and-drop builder opens. Left panel lists available fields (single line text, multi-line text, dropdown, checkbox, radio, email, phone, number, date, URL, address, GDPR agreement and more). Drag to add; click any field on the canvas to edit its label, placeholder, required/optional state and validation rules. Reorder by dragging; remove via the bin icon.
Settings > Notifications in the form builder. By default, submission notifications go to the site's admin email. You can:
Settings > Confirmations. Choose what the visitor sees after submission:
Click Save top-right. Form ready to embed.
A good contact form asks just enough to handle the enquiry without scaring the visitor off. Every additional field reduces completion rate by 4–8% (Baymard Institute benchmarks).
WPForms > All Forms, note the shortcode for your form (e.g. [wpforms id="123"]). Paste into any page, post, text widget or custom HTML block.
Always submit a test entry after publishing. Check that:
By far the most common issue with WordPress contact forms: notification emails not arriving.
Root cause: WordPress sends email using the PHP wp_mail() function, which by default relies on the server's sendmail binary. Messages sent this way often fail SPF, DKIM and DMARC checks because the From address looks like [email protected] but the actual server sending it is the hosting server, not an authenticated SMTP relay. Gmail, Outlook and other major providers reject or spam-filter these messages aggressively.
The fix is to route WordPress email through a real authenticated SMTP server. The industry standard is the free WP Mail SMTP plugin.
mail.yourdomain.co.uk)smartxhosting.uk business email runs on the Axigen mail server with SPF, DKIM and DMARC pre-configured for your domain. Form emails sent through your smartxhosting.uk mailbox are properly authenticated end-to-end — far less likely to be filtered as spam than emails from a typical low-cost shared host.
If you do not yet have business email on smartxhosting.uk, a mailbox is included with every WordPress plan. Create one through Plesk, then point WP Mail SMTP at it.
For deeper email troubleshooting see our WordPress Email Not Sending guide.
An unprotected contact form receives dozens to hundreds of spam submissions per day within weeks of launch. Four protection layers — ideally stacked.
A hidden field that only bots fill in. Built into WPForms by default and effective against basic bots. Invisible to real visitors.
Invisible v3 reCAPTCHA or hCaptcha check user behaviour in the background and flag suspicious submissions. Free for typical volumes. Add under WPForms > Settings > CAPTCHA.
Privacy-friendlier alternative to reCAPTCHA — no Google tracking, no "click all traffic lights" puzzles. Free. Usable via plugins like Simple Cloudflare Turnstile.
The spam filter that comes bundled with WordPress. Checks submissions against a global spam database. Free for personal use; commercial use needs a paid plan (from GBP 8/month). Integrates with WPForms via the premium add-on; works out-of-the-box with Contact Form 7.
smartxhosting.uk's Imunify360 catches the most aggressive bots at the web-application firewall level before they ever reach the form. A free belt-and-braces layer on top of in-plugin protections.
Contact forms collect personal data (name, email, message content) and therefore fall under UK GDPR and the Data Protection Act 2018. Compliance is straightforward but not optional.
Below the form, link to your Privacy Policy. Visitors need to know what happens to their data. The policy should cover:
WPForms includes a built-in GDPR Agreement field. Add it to the form with label text like "I agree to Yourcompany processing my enquiry in accordance with the Privacy Policy". Mark required.
For a contact form replying to an enquiry, the lawful basis under UK GDPR is usually legitimate interests or consent. Do not conflate contact form submission with marketing consent — the visitor has consented to your reply, not to your newsletter. If you also want to add them to a mailing list, use a separate optional checkbox that is unticked by default.
Delete old form entries after you have actioned the enquiry. WPForms entries live in the database indefinitely by default. Set up a retention policy: delete entries older than 12 months (or shorter if you reply-and-move-on). ICO guidance supports "only as long as you need it".
WordPress includes UK GDPR request tooling under Tools > Export Personal Data and Tools > Erase Personal Data. Plugins can register their data stores with this tool; WPForms does support it.
Multi-notification setups — if the visitor chooses "Technical support" in the dropdown, route to support@; if "Quote request", route to sales@. Set up in WPForms Pro under Settings > Notifications with conditional logic; free alternatives like Fluent Forms include this on the free tier.
If you set the confirmation to redirect to a thank-you page, Google Analytics 4 can fire a conversion event on that page view. Add the same to Google Ads if you run paid campaigns — the form becomes a measurable conversion goal rather than an untracked interaction.
Configure a second notification sent to the visitor, acknowledging receipt and telling them when to expect a response. Improves perceived responsiveness and reduces duplicate "did you get my message?" emails.
Is WPForms Lite really enough, or do I need to pay?
For a standard contact form on a UK small business site, WPForms Lite is genuinely sufficient. Upgrade to Pro only when you need specific features: file uploads, conditional logic, multi-page forms, Stripe payments, user registration.
Why are my form emails going to spam?
Almost always email deliverability, not a form plugin issue. Install WP Mail SMTP, point it at an authenticated mailbox (smartxhosting.uk Axigen mailbox works out of the box with SPF, DKIM and DMARC), send a test, confirm delivery. If still spam-filtered, ask the recipient to whitelist your domain.
Do I need reCAPTCHA or a honeypot?
Both, ideally. Honeypot catches basic bots; reCAPTCHA / Turnstile / hCaptcha catches more sophisticated ones. For a lightly-trafficked site, honeypot alone may suffice. For higher-profile sites, layer both.
Can I require a GDPR checkbox on my form?
Yes, and for most UK sites you should. WPForms has a built-in GDPR Agreement field; mark it required, link to your Privacy Policy. Without a consent record you cannot demonstrate lawful basis under UK GDPR if the ICO ever asks.
How do I stop spam without reCAPTCHA?
Layer honeypot + Cloudflare Turnstile + Akismet. All three are free for typical small-site volumes and together block 99% of automated spam without user-facing puzzles.
What happens to form submissions — are they stored?
WPForms saves every submission to the WordPress database under WPForms > Entries. Useful as a backup if email fails. Contact Form 7 does not save submissions by default (the Flamingo companion plugin adds this capability).
Can I embed the same form on multiple pages?
Yes. The WPForms block or shortcode works on any page, post or widget area. Track submissions by tagging the form with the page name via a hidden field if you want to know which page drove each enquiry.
How long should I keep form submissions?
ICO guidance under UK GDPR is "no longer than you need". For commercial enquiries, 12 months is a reasonable default. For sensitive requests (health, financial, legal), shorter. Document your retention policy in your Privacy Policy and enforce it.
Can I style the form to match my theme?
Yes. WPForms Lite inherits basic theme styles; for deeper customisation, add CSS via Appearance > Customise > Additional CSS. WPForms Pro includes a styling interface.
My form visitor claims they submitted but I never got the message — now what?
Check WPForms > Entries first. If the submission is there but no email arrived, it is an email delivery issue — fix SMTP. If the submission is not there, either the visitor did not actually submit, or a spam filter on their side rejected their submission attempt. Ask them to try again and watch the Entries list in real time.
Launch your WordPress site on smartxhosting.uk
UK hosting with the Plesk WordPress Toolkit, LiteSpeed Cache, Redis object caching, free Let’s Encrypt SSL, free CDN and daily backups — from £2/month.
View WordPress hosting plans →