Generate a contact form plugin with secure file upload
Every form plugin technically "supports" file uploads, but the secure and boring parts — mime sniffing, size enforcement, virus scan hook, storing outside the web root — are where most implementations leak vulnerabilities or clog the uploads folder.
A custom plugin handles files the way you actually want: attach to the notification email, store in a private folder (or push to S3/Spaces), delete after N days, and reject obvious junk before it touches disk.
Why generate it instead of installing an existing plugin?
Contact Form 7 plus an uploads add-on stores files in /wp-content/uploads which is public by default. Gravity Forms does it better but the Advanced File Upload field is part of a paid plan. WPForms gates file uploads behind Pro.
The generated plugin saves uploads in wp-content/uploads-private/ with .htaccess denying direct access, validates by both extension and finfo mime, caps per-field and total size, and optionally pushes to DigitalOcean Spaces with a signed URL included in the notification email.
This pattern adds maybe 120 lines of PHP. What you avoid: a public /uploads URL leaking signed NDAs, or a 200MB zip filling the disk because a visitor got creative.
Example prompt
This is the kind of description that generates this plugin. You can start from it and tweak whatever you need before hitting generate.
Plugin name: Acme Secure Contact
Form fields:
- Name, email, subject, message
- Attachments: up to 3 files, each <= 10MB, total <= 20MB.
- Allowed types: pdf, jpg, jpeg, png, webp, zip (validated by finfo mime, not just extension).
Storage:
- Move uploads to wp-content/uploads-private/acme-contact/YYYY/MM/<uuid>.<ext>.
- Drop an .htaccess with "Deny from all" and a web.config equivalent.
- Optionally push to DO Spaces if DO_SPACES_KEY is set; store just the key in DB.
On submit:
- Save row to wp_acme_messages: name, email, subject, message, file paths, timestamp, IP.
- Send admin an email with links to signed download URLs (24h expiry) or inline attach if <5MB.
Retention: daily cron deletes messages + files older than 30 days (configurable).
Admin list page: inbox with filters, mark-read, bulk delete.
reCAPTCHA v3 on submit.What the generated plugin typically includes
- Form renders via shortcode; posts to REST endpoint
- Double-layer mime validation (extension whitelist + finfo_file)
- Per-file and total size caps enforced server-side
- Private uploads folder with Apache/IIS denial rules
- Optional S3/Spaces offload with signed URLs in email
- Admin inbox with search, signed download links, bulk delete
- Daily cron for retention cleanup including orphaned files
Mime whitelist, size caps, retention period, storage backend (local vs Spaces), and notification template are all yours to define in the prompt.
Frequently asked questions
What stops someone uploading a PHP file renamed to .jpg?
The generated code stores outside the web root by default and denies execution via .htaccess/web.config. Even if the file got in, it cannot be fetched and executed.
Can I integrate virus scanning?
Yes. Describe an endpoint (ClamAV daemon, VirusTotal API) and the plugin will call it after upload and quarantine on positive hits.
How do I comply with GDPR erasure requests?
The admin inbox has a per-row delete that removes the DB row and the files on disk/Spaces atomically. Cron cleanup also wipes expired files.