PBJ.TECH — WordPress Plugins

PBJ Form Builder — User Guide

Version 1.2.0 · pbj.tech/wordpress-plugins

PBJ Form Builder — Install & Usage Guide

This is the user-facing guide. If you're a developer poking at the code, see pbj-form-builder-CODE-EXPLAINER.md.

1. Install

  1. In WordPress admin, go to Plugins → Add New → Upload Plugin.
  2. Upload pbj-form-builder.zip and click Install Now.
  3. Click Activate Plugin.
  4. You should now see a Form Builder menu item in the left sidebar.

2. Configure global settings

Go to Form Builder → Settings.

General

Buyer receipts

The buyer's address is taken from the first Email-type field on the form (falling back to any submitted value that looks like an email). If the form has no email field, no receipt is sent.

Anti-bot

Both CAPTCHA and Honeypot have global toggles here AND per-form toggles in the form editor. A feature has to be enabled at both levels to be active on a given form.

Behind Cloudflare or another reverse proxy? As of 1.2.0 the rate limiter only trusts the direct connection IP (REMOTE_ADDR) by default, because proxy headers are trivially spoofable. If your site sits behind Cloudflare (or a proxy you control that sets CF-Connecting-IP / X-Forwarded-For), add this one-liner to a small must-use plugin or your theme's functions.php so the limiter sees real visitor IPs instead of the proxy's:


add_filter( 'pbj_form_builder_trust_proxy_headers', '__return_true' );

Square

  1. Tick Enable Square.
  2. Pick Sandbox (for testing) or Production (for real payments).
  3. Get your three keys from the Square Developer Dashboard:
  1. Paste them in and Save.

Stripe

  1. Tick Enable Stripe.
  2. Get your two keys from the Stripe Dashboard → Developers → API keys:
  1. Paste them in and Save.

There is no environment dropdown for Stripe — test vs live mode is decided entirely by which keys you enter. Paste your pk_test_/sk_test_ pair to test, then swap in the pk_live_/sk_live_ pair to go live. Don't mix a test key with a live key.

Note: the Stripe integration charges cards directly (no redirect). Cards that require redirect-based 3-D Secure authentication are declined with a message asking the buyer to use a different card.

PayPal

  1. Tick Enable PayPal.
  2. Pick Sandbox or Production (Live).
  3. Get your credentials from the PayPal Developer Dashboard:
  1. Paste them in and Save.

3. Build a form

  1. Go to Form Builder → Add New.
  2. Set a Form title (this becomes the form's name — visitors don't see it).
  3. Set Status — Published or Draft. Only Published forms render via shortcode.
  4. Description — optional paragraph shown above the fields.
  5. Submit button label — defaults to "Submit".

Adding fields

Click Add field. For each field, set:


  Label|value
  Another label|another_value

If you skip the |value part, the value is derived from the label.

Drag the menu handle (☰) at the top of each row to reorder.

Payment

If you pick a gateway whose credentials aren't set in Settings, the form will fall back to a plain submit button (no payment) and the visitor won't be charged.

After submit

Anti-bot (per form)

Click Save form. You'll see the shortcode appear at the top of the edit page.

4. Place the form on a page

Copy the shortcode (e.g. [pbj_form id="42"]) and paste it into any post, page, widget, or block-editor Shortcode block. Save the page. That's it.

5. View submissions

Go to Form Builder → Submissions. You'll see every submission, newest first. Filter by form using the dropdown at the top.

Each row shows the date, form, a short summary of the first two non-hidden fields, the gateway used (if any), and the amount paid. Click View for the full field-by-field detail, IP address, and transaction ID.

Submissions are stored as a WordPress custom post type (pbj_form_entry). Deleting a form does NOT delete its submissions — they stick around so you can still see what came in. Deleting the plugin entirely (Plugins → Delete) wipes everything: settings, forms, submissions.

6. Test mode

All three gateways have a test mode. Use it.

For Square/PayPal, switch the environment dropdown back to Production and re-enter your live keys when you're ready to go live. For Stripe, just swap the test keys for the live ones.

Troubleshooting

"Security check failed" — the form's nonce expired. Refresh the page and submit again.

"CAPTCHA answer was incorrect" — either the answer was wrong or the form sat open for more than 30 minutes. Refresh and try again.

"Submission was too fast" — you submitted in under 2 seconds. Either your real users are unusually fast or a script is misbehaving — adjust the threshold under Settings → Anti-bot.

Square card field doesn't appear — make sure Square is enabled and the Application ID + Location ID are filled in. Open the browser console and look for errors.

Stripe card field doesn't appear — make sure Stripe is enabled and the Publishable key is filled in. Open the browser console and look for errors.

"This card requires additional authentication" — the buyer's bank demanded a redirect-based 3-D Secure challenge, which this integration deliberately disallows. The buyer should try a different card.

PayPal buttons don't appear — make sure PayPal is enabled and the Client ID is filled in. Sandbox and production use different client IDs — make sure you're using the right one for the environment you picked.

"Please complete the PayPal payment to submit this form" — you hit the submit button instead of the PayPal button. The submit button is hidden when PayPal is the gateway, but some themes restyle it back into view. The PayPal capture flow is the only way to complete a PayPal-funded submission.