🎉 Free WordPress fix for our first 50 sites — in exchange for an honest review. Claim a spot →

Errors

WordPress Contact Form Submissions Lost: Where They Go

Jul 6, 2026 · 8 min read · By the Mend engineering team

Your contact form shows a success message, the visitor thinks they've reached you — but the submission never arrives. This is one of the most insidious WordPress problems because there's no visible error: the form appears to work perfectly, and leads silently disappear. The root causes fall into three buckets: broken email delivery, form-plugin misconfiguration, and server- or host-level interference — and each one has a reliable fix.

What You're Actually Seeing

The symptoms vary slightly depending on where the pipeline breaks:

  • The form submits, shows a success message, but no email arrives in your inbox.
  • Emails arrive sporadically — some submissions come through, others vanish.
  • You find submissions in the form plugin's database log but they never hit your inbox.
  • Submissions go straight to your spam or junk folder.
  • The form occasionally shows an error on submission, but only on certain devices or connections.

Each symptom points to a different layer of the stack, so the order you troubleshoot matters.

Step 1: Check Your Form Plugin's Submission Log

Before touching anything, confirm whether the form is actually capturing the data at all. Most modern form plugins — Contact Form 7 with the Flamingo add-on, WPForms, Gravity Forms, Fluent Forms — store submissions in the WordPress database independently of email delivery.

  1. In your WordPress dashboard, go to your form plugin's entries or submissions section.
  2. Look for the submission you know was sent (send a test from a personal device).
  3. If the entry exists in the database but never arrived by email, the form itself is fine — the email pipeline is broken. Skip to Step 3.
  4. If no entry exists at all, the form submission is failing before it even saves. That points to a JavaScript conflict, a caching problem, or a server-side validation error. Continue with Step 2.

If your plugin doesn't have a built-in log, install Flamingo (for CF7) or switch to a plugin that does. Logging submissions to the database is non-negotiable — it's your safety net when email fails.

Step 2: Diagnose a Submission That Never Saves

If the form submits but no entry appears anywhere, the problem is usually one of these:

JavaScript conflict

Most WordPress contact forms rely on AJAX to submit without a page reload. If another plugin or your theme has a JavaScript error, the AJAX call silently fails. Open your browser's developer tools (F12 → Console tab), reload the page, fill out the form, and submit. Any red error lines are your clue. A common culprit is jQuery being loaded twice — once by WordPress and once by a third-party script.

Aggressive page caching

If a caching plugin is serving a fully static copy of your page, the nonce WordPress embeds in the form can expire before the visitor submits. The form looks fine but the security check fails server-side. Fix: exclude your contact page from caching in your cache plugin's settings, then clear all caches and test again.

Cloudflare or server-side firewall blocking the POST request

Web application firewalls (WAFs) — including Cloudflare's free plan — can block form POST requests that contain words their rules flag as suspicious (phone numbers, links, certain phrases). Check your Cloudflare Firewall Events log or your host's WAF log for blocked requests matching your form's URL. You may need to create a firewall rule that allows POST requests to your contact page.

Step 3: Fix Broken Email Delivery (The Most Common Cause)

This is where the majority of "submissions lost" problems live. WordPress sends email using the PHP mail() function by default. Most shared hosts either restrict or outright disable mail(), and even when it works, emails sent this way are routinely rejected by receiving mail servers because they arrive with no proper authentication — no SPF, no DKIM, no DMARC alignment. The receiving server sees an unauthenticated message and bins it.

The fix: SMTP authentication

Replace mail() with a proper SMTP connection. Here's how to do it safely:

  1. Back up your site first. Even configuration changes can have unintended side effects.
  2. Install a reputable SMTP plugin. WP Mail SMTP (by WPForms), FluentSMTP, and Post SMTP are all well-maintained options with free tiers adequate for contact forms.
  3. Choose an email sending service. For low-volume contact forms, Brevo (formerly Sendinblue), Mailgun, and Gmail/Google Workspace via OAuth all work well. Avoid using your personal Gmail with a plain username/password — Google's security restrictions will break it.
  4. In the SMTP plugin, enter the credentials from your chosen service and set the "From" address to a real address on your domain (e.g., [email protected]), not a generic WordPress default.
  5. Use the plugin's built-in "Send Test Email" feature to confirm delivery before assuming it works.
  6. Check that your domain has a valid SPF record that includes your sending service, and ideally a DKIM record too. Your sending service will walk you through the DNS entries required.

Check where the email is going

Once SMTP is configured, if email still doesn't arrive in your inbox, check your spam folder. Then check whether your form plugin is sending to the right address — it's surprisingly common for the notification email address to be set to a former employee's inbox or a staging address that was never updated after launch.

Step 4: Verify Your Form's Notification Settings

Open your form plugin's notification or email settings and audit every field:

  • Send To: Is this actually your current inbox? Test with a Gmail address to rule out corporate spam filtering.
  • From Address: This must be a real address on your domain, or a sending-service address. Using a visitor's email address in the "From" field is a common misconfiguration that causes SPF failures.
  • Reply-To: Set this to the visitor's email field if you want replies to go directly to them — but don't use it in the "From" field.
  • Subject line: Some spam filters flag generic subjects like "Contact Form Submission." Make it specific to your business.
  • Conditional logic: If you have conditional logic enabled, confirm the conditions are met — some notifications are accidentally set to only fire for specific entries.

Step 5: Test End-to-End and Set Up Ongoing Monitoring

After making any changes, always do a full end-to-end test:

  1. Submit the form as a real visitor would, using a message that contains a phone number, a URL, and a question mark — these are commonly flagged by spam filters.
  2. Confirm the entry appears in your plugin's submission log.
  3. Confirm the email arrives in your inbox (check spam too).
  4. Reply to the email and confirm the reply goes to the visitor's address via the Reply-To field.

Going forward, always use a form plugin that logs submissions to the database. Email delivery will fail again at some point — a host configuration change, an expired API key, a DNS update that breaks DKIM — and a database log means you never lose a lead because of it. Set a calendar reminder to test your form monthly.

How to Prevent This From Happening Again

The single biggest preventive measure is moving away from PHP mail() permanently and keeping your SMTP credentials up to date. Beyond that:

  • Enable submission logging in your form plugin so the database is always a fallback.
  • Add your sending domain to your email service's verified senders list and keep SPF/DKIM DNS records accurate, especially after changing hosts. See our guide on moving WordPress to a new host — DNS is where form email most often breaks post-migration.
  • Consider setting up a simple email notification to yourself from a third-party uptime monitor that also pings your form endpoint — some services can test form submission as part of their check.
  • Keep your form plugin updated. Plugin updates frequently include fixes for AJAX handling and compatibility with newer PHP and WordPress versions. Following a pre-update checklist helps you catch conflicts before they hit production.

When to Call a Professional

Most contact form issues are fixable in under an hour once you know what to look for. But some situations are worth handing off:

  • Your host has disabled mail() and is unresponsive about enabling SMTP on your plan.
  • A WAF or security plugin is blocking submissions and you can't identify the specific rule without risking opening a security gap.
  • Submissions are intermittently lost and you've already checked email delivery, logs, and caching — intermittent failures are often the hardest to trace without server log access.
  • The form was working and broke after an update, and rolling back the plugin hasn't resolved it.

If you've worked through these steps and submissions are still going missing, request a free Mend diagnosis. A senior engineer will triage the issue, identify the exact break point — whether it's SMTP credentials, a firewall rule, a plugin conflict, or something at the server level — and give you a flat-price quote before touching anything. Most contact form issues qualify as a Quick Fix and are resolved the same day.

Frequently asked questions

My form shows "Message sent successfully" but I get nothing. Is the form broken or is it email?

The success message fires as soon as WordPress accepts the submission — it doesn't confirm email delivery. Check your form plugin's submission log first: if the entry is there, email delivery is the problem, not the form itself.

Why does SMTP fix contact form email problems when the form was working before?

PHP's built-in mail() function doesn't authenticate with receiving mail servers, so emails often get rejected silently or go to spam. SMTP sends through an authenticated relay with proper SPF/DKIM signing, which receiving servers trust.

Can Cloudflare block WordPress contact form submissions?

Yes. Cloudflare's WAF rules can block POST requests containing content that matches threat signatures — phone numbers, URLs in message bodies, and certain keywords are common triggers. Check your Cloudflare Firewall Events log for blocked requests and create a bypass rule for your contact page's URL if needed.

Contact Form 7 says "Failed to send your message" — what does that mean specifically?

CF7's "failed" message usually means WordPress's mail() function returned false — either it's disabled on your host, the "From" address failed server-side validation, or an SMTP plugin configuration is incorrect. Installing Flamingo to log the attempt and then checking your SMTP plugin's email log will show the exact error code.