Contact Form 7 : How to create a custom URL validation


In WordPress, the Contact Form 7 is one of the most popular plugins for creating contact forms. One thing that you might have noticed though is that the validation of the URL field will not fail when you expect them to fail. For example, with the URL value of http://xxxx, the plugin will consider this as a valid URL, even though, the URL value is missing top-level domain part. The solution to this problem is to have a custom validation for the URL field. This article will show you how to achieve that.

Contact Form 7 URL field

The reason why http://xxxx is considered valid is due to the PHP function filter_var and FILTER_VALIDATE_URL filter that the plugin uses for URL validation. This filter validates values according to rfc2396, so even domains with no top level domains (TLD) will be considered to be valid, which makes sense if you think about it. Example for such domain is http://localhost.

So we need to modify how validation works for URL field in CF7 plugin, but how to achieve that? One way would be to manually change the code for the plugin, but that would be just an ugly hack. Fortunately, in WordPress, we can modify the behavior of the plugin without modifying its code with the help of actions and filters.

Custom hooks in Plugins

If any plugin is designed with extensibility in mind, it will have custom hooks and filters positioned in strategic locations, so the users can easily extend or modify its behavior. Luckily for us, Contact Form 7 is one such plugin. It offers multiple custom actions and filters and one of those is a filter just for the purpose of validating the URL field. It is called wpcf7_is_url and it accepts two parameters: current result of URL validation and value of the URL field. It returns a boolean that signals the plugin if the URL is valid or not. With this filter, we can make our own custom URL validation and this is what we do next.

Adding our own URL validation using wpcf7_is_url filter

Our custom URL validation will be fairly simple. If the default URL validation of the plugin is valid, we do one additional validation using a regex expression that will try to validate a domain name. There are many regular expressions on the internet for domain name validation, the one I use in the code below seems to work pretty well. If regex validation fails, then we set $result to FALSE, which will signal the plugin to display “URL seems invalid.” error message.

In the functions.php of your theme, add the following code:

function cf7_custom_url_check( $result, $url ) 
  if ($result)
    $regex='@^(https?\://)?(www\.)?([a-z0-9]([a-z0-9]|(\-[a-z0-9]))*\.)+[a-z][email protected]';  
    if (!preg_match($regex,$url)) $result=FALSE;	  
  return $result;
add_filter( 'wpcf7_is_url', 'cf7_custom_url_check', 10, 2 );

Code explanation

Line 1: Filter has two arguments. $result contains the current validation result and $url contains the filled value of the URL field in the contact form.

Line 3: Here we check the value of $result. If it is FALSE, then the URL is already invalid and no additional check is necessary, so we simply return back $result.

Line 5: Since the value of $result is TRUE, we make additional URL validation using regular expression.

Line 6: If this regex validation fails, we set $result to FALSE.

Of course, this is just one example of custom URL validation. You can use the more sophisticated validation techniques, for example, a validation that checks if the domain has an IP assigned to it.

Note: If you add your own validation and need to debug your PHP code in the above filter, you might notice that simply printing a variable will not work as Contact Form 7 uses Ajax when submitting. One way to solve this problem is to use error_log PHP function, which will output to the web server's error log file.


When the form created by Contact Form 7 plugin contains a URL field, the value might pass the validation even when you expect it to fail but thanks to plugin filter wpcf7_is_url, we can create our own custom URL validation, one example of which is shown in this post.

If you found this article helpful, drop a comment or share it on social networks.


  1. Mehdi
    November 27, 2016
    • admin
      November 27, 2016
  2. Mehdi
    November 28, 2016

Write a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.