Eatransform FormLeak

Description

Eatransform FormLeak shows you exactly where visitors hesitate and leave your contact or booking forms, so you know what to fix.

  • Personal data (name, phone number, etc.) is never collected or stored.
  • Only behavior is measured: time spent on each field, backspace count, and error count.
  • Uses navigator.sendBeacon so abandonment data is captured reliably even when the visitor closes the tab.
  • Automatically scans input fields inside <form> elements, including Contact Form 7, MW WP Form, WooCommerce, and forms rendered dynamically via JavaScript (detected with MutationObserver).
  • The dashboard shows a “drop-off risk score” for each field, so you can see at a glance which field is the biggest obstacle.

Privacy

FormLeak never collects the content typed into form fields. It only stores behavioral statistics: time spent per field, backspace count, and error count.

Data Collection Security

The data collection endpoint only accepts requests originating from the same site and applies a per-IP rate limit.

Installation

  1. Upload the plugin to wp-content/plugins/ and activate it.
  2. Visitor interactions on pages with forms are recorded automatically.
  3. Check the drop-off risk score for each form under “FormLeak > Dashboard” in the admin menu.
  4. (Optional) If you need to track a JavaScript form that doesn’t use a <form> tag, specify its CSS selector under “Settings”.

FAQ

Does this collect any personal information?

No. FormLeak only measures behavior (time on field, backspaces, errors). The text a visitor types is never sent to the server or stored.

Why is my dashboard empty even though the plugin is active?

Three common reasons:

  1. You are logged in. Interactions by logged-in users with editing permission are intentionally excluded so your own testing does not pollute the data. Test in an incognito/private window.
  2. Data is sent only on submit or page leave. Fill in a field, then either submit the form or close the tab; nothing is sent while you stay on the page.
  3. A server-side firewall (WAF) is blocking the REST endpoint. Some hosts block JSON POST requests to the REST API. Use the “Connection test” button under FormLeak > Settings to check: an HTTP 403 with an HTML response indicates WAF blocking, and you should add an exception for the REST API in your hosting panel.

Does it work with page builders or custom JavaScript forms?

Yes. Standard <form> elements are detected automatically. For JavaScript-rendered forms without a <form> tag, you can specify a CSS selector in Settings.

Reviews

There are no reviews for this plugin.

Contributors & Developers

“Eatransform FormLeak” is open source software. The following people have contributed to this plugin.

Contributors

Translate “Eatransform FormLeak” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.4.0

  • Fixed table creation failing on some environments: the dbDelta schema now follows the documented format (two spaces after PRIMARY KEY), with a direct CREATE TABLE IF NOT EXISTS fallback when dbDelta does not create the table.
  • Self-healing storage: if saving a log fails because the table is missing, the plugin now recreates the table on the spot and retries once.
  • The dashboard shows a clear error notice when the log table is missing.

1.3.9

  • Connection test now also verifies that the test record was actually saved to the database (an HTTP 200 alone does not guarantee storage). If saving fails, it suggests deactivating/reactivating the plugin to recreate the log table.

1.3.8

  • Added a “Connection test” button to the Settings page to diagnose WAF/REST blocking issues in one click.
  • The dashboard now explains why data may not appear (logged-in users are excluded, data is sent on submit/leave, WAF blocking).
  • Fixed an outdated code comment (retention period is 30 days, not 90).

1.3.7

  • Applied a unique prefix (eatrfo_ / EATRFO_ / Eatrfo_) to all classes, constants, options, transients, cron hooks, REST namespace and script globals to prevent naming collisions, per WordPress.org review feedback.

1.3.6

  • Fixed WordPress.org automated scan warning: unified Text Domain to match the plugin slug (eatransform-formleak).

1.3.5

  • Fixed WordPress.org submission error: Plugin URI and Author URI were identical. Plugin URI now points to the announcement article.

1.3.4

  • Renamed plugin to “Eatransform FormLeak” and updated slug to eatransform-formleak for the WordPress.org submission.

1.3.3

  • Fixed a UI typo (“人ぶん” -> “人分”).
  • Fixed remaining misplaced phpcs:ignore comments for multi-line SQL strings; added missing NoCaching code to one ignore comment (Plugin Check: 0 errors, 0 warnings).

1.3.2

  • Fixed misplaced phpcs:ignore comments so suppressions correctly target the flagged line (Plugin Check now reports 0 errors, 0 warnings).

1.3.1

  • Renamed main file (formleak-ai.php formleak.php) and unified text domain to ‘formleak’.
  • Fixed unescaped output, missing input unslashing, and added justified phpcs:ignore comments for safe table-name SQL interpolation (WordPress.org Plugin Check clean-up).
  • Rewrote readme.txt in English; updated “Tested up to” to 7.0.

1.3.0

  • Changed data retention period from 90 days to 30 days (auto-deleted after 30 days).
  • Added a “last 30 days” daily trend chart to the dashboard (submitted vs. abandoned, SVG line chart).
  • Added a per-session drop-off risk card with timestamp.

1.1.0

  • Removed the AI report and estimated-loss display; the plugin now focuses solely on behavior tracking and drop-off risk visualization.
  • Added same-origin validation and per-IP rate limiting to the data collection endpoint.

1.0.0

  • Initial release.