Haych/dev Forms

Haychdev Forms — Support & Docs

A short guide to setting up and running Haychdev Forms. Everything here applies to the free plugin.

Getting started

  1. Install and activate Haychdev Forms (Plugins → Add New → Upload, or from your WordPress.org search once listed).
  2. Edit any post or page, add the Haychdev Form block, and drop in the fields you need — text, email, phone, textarea, dropdown, checkbox, file upload, and a submit button.
  3. Publish. Submissions are saved to your own database the moment a visitor submits.

Where submissions go

Open Haychdev → Forms in the admin. Each entry shows its date, form, and status. Click one to read it; status flips from new to read automatically. You can delete entries singly or in bulk.

Encryption key (recommended)

Field values are encrypted at rest with AES-256-GCM when an encryption key is defined. Add this to wp-config.php:

define( 'HCFORMS_ENCRYPTION_KEY', '«base64 of 32 random bytes»' );

Generate a key with base64_encode( random_bytes( 32 ) ) (or any 32-byte base64 string). Without a key the plugin still works, but values are stored as plain text. Keep the key safe — if it changes, previously stored values can no longer be decrypted (the admin shows "decryption failed").

File uploads

The file field is free. Set the MIME types you accept and a maximum size on the field. Uploaded files attach to the entry and download from the admin behind a private, nonce-protected link. Deleting an entry also deletes its uploaded files.

Spam protection

Every form ships with a honeypot field and an HMAC-signed time-trap — no configuration needed. Spammy submissions are silently rejected without creating an entry.

Email notifications

Notifications are sent via WordPress's own mailer (wp_mail) to your site admin address by default. Change the address under Haychdev → Forms Settings. If emails don't arrive, install an SMTP plugin — wp_mail depends on your server's mail configuration.

Data & privacy

  • Submissions stay in your database. The plugin makes no outbound HTTP calls and uses no third-party services.
  • Only a hashed (non-reversible) IP and user agent are stored, for spam protection.
  • Export / erase: form submissions are wired into WordPress core's Tools → Export Personal Data and Tools → Erase Personal Data, so you can fulfil GDPR/CCPA requests per person (matched by email-type fields).
  • Retention: set "Auto-delete entries after N days" in settings to prune old entries automatically; leave it at 0 to keep them indefinitely.

Troubleshooting

  • Emails not arrivingwp_mail relies on your host's mail setup; add an SMTP plugin.
  • "Decryption failed" in the admin — the HCFORMS_ENCRYPTION_KEY changed or was removed; restore the original key.
  • Submissions not saving — confirm the form block is published on a live page and that no security plugin is blocking the REST endpoint.

Getting help

Check this page first. For anything else, reach out through the support channel on haychdev.com, or — once the plugin is listed — its WordPress.org support forum.