Taking Control of My Blog's Contact Form: A Developer's Journey from Third-Party to Custom Solution

Share & showcase
1

Hey Ghost users!

I recently published a detailed write-up about migrating my blog’s contact form from a third-party service (Web3Forms) to a custom-built three-tier architecture using Cloudflare Workers and n8n workflow automation.

As someone who values both security and control, I felt uncomfortable having my contact form submissions going through a service I couldn’t fully monitor or customize. My solution gives me:

  • Complete visibility into how user data is handled
  • Multiple layers of security (client-side validation, server-side hCaptcha verification, rate limiting, content filtering)
  • Independence from third-party service availability
  • Flexibility to implement custom logic at any stage

In the post, I dive into the technical implementation details including:

  • Frontend code with robust hCaptcha integration for SPA environments
  • Middleware layer using Cloudflare Workers with rate limiting via KV namespace
  • Backend processing with n8n workflows

While it might seem like overkill for a contact form, the peace of mind and control are worth it - plus I learned a ton in the process!

If you’re curious about taking more ownership of your blog’s components or interested in the technical architecture, check out the full write-up here: Building a Secure Contact Form: From Third-Party Services to Custom Implementation - Fanyang Meng’s Blog

What aspects of your blog have you decided to bring in-house rather than relying on third-party services?

3 Likes
2

Wow! What a wild journey you have been on. :exploding_head:

I am just learning ghost and am surprised there is no out of the box contact form available that is also digitally sovereign, like you see in wordpress and other commonly used content management systems. Seems to me a simple on-site contact form is the most basic requirement.

But I also understand the risks involved.. essentially by putting a form like this up on your site that can send email you are opening yourself up to abuse by spammers. I remember this from back in the days of formmail.pl! That is still available, believe it or not.

I think it should be permissible to use the same transactional SMTP server that is used for handling email notifications about new memberships and the like. Has anyone found a self-hosted solution more straightforward than this?

3

I was able to get a digitally sovereign, self-hosted contact form going for my Ghost site, by installing GitHub - styxlab/ghost-contact-form: Contact Forms in Ghost — Without External Services · GitHub in a docker container on the same server. It has its own subdomain and uses a dedicated account on my mailcow SMTP server to send the message.

The code is easy even for a non-programmer like me to follow, and I was able to change it so the email is delivered straight to me as though it had been sent from the sender’s mailbox. This is going to be great for responding and having a conversation!

Contact Form idea and management via the Ghost Dashboard