Super Forms
  • Drag & Drop Form Builder for WordPress
  • Quick start
    • Installation
    • Registration
    • Starting your 15 day trial
    • Purchasing a license
    • Activating a license
    • First time setup
    • Secure file uploads
    • Creating a form
    • Adding form elements
    • Editing elements
    • Publishing your form
    • FAQ
  • Account
    • Dashboard
      • Your Invoices
      • Billing details
      • Your Licenses
      • E-mail Notification
      • Password reset
      • Cancel subscription
  • Common problems
    • Common problems
      • Email delivery problems
        • Why is my form not sending emails?
        • Why are emails going into spam folder/inbox?
      • File upload problems
      • Session expired
      • reCaptcha Troubleshooting – Fix “Not Loading” & Verification Errors
  • Elements
    • Layout elements
      • Column/Grid
      • Multi-part / step
    • Form elements
      • Calculator
      • Signature
      • File upload
      • Datepicker
      • Variable field
      • Dropdown
      • Text field
      • Autosuggest
      • Keywords
      • Radio button
      • Keyword Field
      • Button
      • Audio Recording (microphone)
    • HTML elements
      • Heading
      • HTML (raw)
      • Image
      • TinyMCE
      • Divider
      • Spacer
      • PDF page break
      • Google map element WordPress form
  • Features
    • Basic
      • Confirmations emails
      • Save Form Progression (continue later)
      • Build In Translation System
      • Populate form
      • Popups
      • Import & Export
      • Hide form after submitting
      • Hide or lock out user from your forms
      • Validation
    • Advanced
      • WordPress form with Google sheets dropdown
      • Custom registration form for WordPress
      • Custom login form for WordPress
      • Custom lost password form for WordPress
      • Update current logged in user
      • Secrets
      • Prevent duplicate entries
      • Lock & hide form
      • Password protect
      • Conditional Logic
      • Tags system
      • Address lookup/auto complete
      • Analytics Tracking
      • Conversion Tracking
      • Distance & Duration Calculation
      • If statements
      • Foreach loops
      • E-mail Reminders
      • Variable Fields
      • Form templates - Include elements into other forms - WordPress
      • Transferring data from one form to another
    • Integrations
      • PDF Generator
      • Listings
      • WooCommerce Checkout
        • Fixed price checkout
        • Dynamic price checkout
        • Variable product checkout (variations)
        • Replacing the "Add to cart" on a product page with a form
        • Hiding product from shop and order via custom form
      • PayPal
      • MailChimp
      • Mailster
      • Zapier
      • Stripe (BETA)
      • WooCommerce Instant Order (in progress)
  • Tutorials
    • WordPress Form to Google Sheet Integration
    • GDPR Consent / Terms agreement
    • How to update the plugin
    • Sending emails to specific department for WordPress contact forms
  • Example Forms for WordPress
    • Booking 24 hours ahead of time
  • Developers
    • Code Examples
      • Lookup City by Zipcode for your WordPress form
      • Audio Recording Field
      • Custom API Phone Number Validation for Your WordPress Form
      • Updating WordPress user meta data after login
      • Automatically redirecting to next step after displaying text or a progress bar
      • Dropdown with groups (categories)
      • Prevent form submission based on entered field values
      • Track form submissions with GTM (Google Tag Manager)
      • Tracking Multi-part steps with Google Analytics
      • Tracking Multi-part steps with GTM data layer (dataLayer.push)
      • Track form submissions with third party
      • Compare input field value with database value
      • Insert form data into a custom database table
      • Delete database row after contact entry is deleted in WordPress
      • Limited date availability (slots) for your WordPress booking form
      • Send submitted form data to another site
      • Exclude empty fields from emails
      • Execute custom JS when a column becomes conditionally visible
      • Toolset Plugin: Update comma separated string to Array for meta data saved via Front-end Posting
      • Toolset Plugin: Update file ID to file URL for meta data saved via Front-end Posting
      • Delete uploaded files after email has been send
      • Increase Cookie lifetime for client data such as [Form Progression]
      • Altering cookie secure and httponly parameters
      • Define fake cronjob to clear old client data if cronjob is disabled on your server
      • Define page language attribute based on page ID or URL
      • Define custom headers when doing a POST request
      • Change checkbox/radio layout to vertical on mobile devices
      • Show remaining available form submission allowed
      • Global fields / elements
      • Trim values of fields
      • Re-sending E-mails after editing entries via Listings for WordPress
      • Combine multiple field values into one column on Contact Entries page
      • Altering the attachments for E-mails via PHP code for WordPress
      • Generate dynamic columns with dates based on user selected date from Datepicker element
      • Hide `eye` icon from Listings row based on user role
    • Data storage
    • BETA version
  • Changelog
  • Support
Powered by GitBook
On this page
  • What are secrets?
  • When to use secrets?
  • Difference between local and global secrets
  • How to use secrets?
  1. Features
  2. Advanced

Secrets

With WordPress secrets you can define values inside your form without disclosing the value itself to the client. Instead the value will be retrieved only upon form submission on the client side.

PreviousUpdate current logged in userNextPrevent duplicate entries

Last updated 2 years ago

What are secrets?

Secrets are values (or data) which you can store locally or globally. The value will only be rendered on the server side and won't be visible inside the HTML source code on the client side.

You can retrieve these secrets inside your form settings with the use of tags prefixed with a @ sign e.g. {@secret_email} or {@my_secret_name}.

It's also possible to use these secrets inside your fields. The difference with normal {tags} () being that they will not be replaced with their underlaying value upon page load. This prevents it's value from being exposed to the client via the source code.

When to use secrets?

A good use case on when to use secrets is when you wish to conditionally () send an email to a specific email address based on what the user selected/choose in the form.

For instance: your company might have different departments support@domain.com, sales@domain.com.

Normally you could do this by inserting these email addresses directly inside a , or perhaps via the use of a hidden field or .

This would however expose the email address inside the HTML source code (client side). This would allow bots to crawl/scrape the email address from the source code and ending up sending SPAM to the email address.

By using Secrets you can prevent this. The value of a secret is not retrieved upon page load, and will never be visible to the client.

A secret tag e.g. {@sales_email} will only be replaced with it's underlaying value upon form submission on the server side. This way Super Forms can still retrieve this value inside the form settings so that you can have a dynamic value for your settings.

Difference between local and global secrets

There are two types of secrets: local and global.

The difference between the two are that local secrets can only be used on the form you are working on while global secrets are site wide and are available inside all other forms.

Note: Keep in mind that it's best practice to use local secrets unless you have a good usecase that requires the use of global secrets. This is because if you change one of your global secrets it can possibly cause issues on forms that also use this global secret.

How to use secrets?

There are a couple of ways to implement secrets into your forms. The most common situation would be when you need to conditionally retrieve sensitive value based on some user selection.

A good example would be sending the form submission to a specific department conditionally.

First you will want to define your secrets. You can do so by editing your form and navigating to the TAB Secrets at the top left of the builder page. In this example we will define the following secrets:

  • sales_email - sales@domain.com

  • support_email - support@domain.com

You can add multiple secrets by clicking the + icon as shown below:

Once you defined your secrets you can copy the tags {@sales_email} and {@support_email}.

Label: Sales department, Value: {@sales_email} Label: Support department, Value: {@support_email}

Rename the dropdown to department and update the element. Now open up your Form Settings and choose Admin E-mail from the dropdown. Now enable the sending of Admin emails for the form and update the Send email to: setting so that it retrieves the secret tag from the dropdown field. Since the dropdown field is named department we can use the tag:{department}.

You are also allowed to use the secret tags {@secret_tag}directly in your form settings if you don't require to retrieve it dynamically based on user input.

Note: When configuring your Email settings, make sure to double check that your Send email from: is correctly set to send emails from your actual domain name e.g. no-reply@mydomain.com.

Now create a and define the items of your dropdown. We will set a Label and Value for each dropdown item where the Value will contain the secret tag like so:

Tags system
Conditional Logic
Dropdown element
Variable field
Dropdown element
Define secrets to securely retrieve values server side
Define secret tags for your dropdown items.
Retrieve the department dropdown (secret) value in your Email settings
Define secrets to securely retrieve values server side inside your WordPress forms
Define secret tags for your dropdown items
Retrieve the department dropdown (secret) value in your Email settings