Your Contact Form 7 dashboard says 412 form views and 71 submissions this month. The other 341 visitors started typing, then vanished. You don't know which field they got stuck on, whether the phone validation rejected them, or whether the submit button silently failed on Safari.
WordPress won't tell you that. Neither will Google Analytics — it sees the page view and the thank-you redirect and nothing in between.
You can fix this in about 20 minutes without installing yet another plugin. The trick is to skip the plugin directory entirely and drop a small script in the theme header. That keeps your wp-content/plugins folder lean, avoids the typical "this plugin hasn't been updated in 8 months" warnings, and gives you a proper session capture layer with form draft recovery on top.
Why skip the plugin route
Most WordPress session replay plugins do one of three things you don't want:
- Inject the tracker through PHP filters, which adds a request to every page load even for logged-in admins.
- Store auth tokens in the WordPress database, which means a compromised
wp_optionstable leaks your analytics credentials too. - Require a Business-tier WordPress.com plan (true on .com hosts) before any third-party JavaScript runs at all.
A header snippet sidesteps all three. You paste four lines into header.php or use a code-snippet manager like WPCode, and the tracker behaves like any other tag — same load order, same async behavior, same caching.
For self-hosted WordPress.org installs this works on every host. For WordPress.com you'll need a paid plan that allows custom code, same as you would for any third-party tag.
Install CloseTrace on WordPress
Sign in, create a site, and copy your site ID. You'll get a snippet that looks roughly like this:
<script async src="https://cdn.closetrace.com/t.js"
data-site="ct_xxxxxxxxxxxxxxxx"
data-capture="forms,replay,heatmap"></script>
Now pick one of these install paths.
Path A: WPCode (recommended for non-developers)
- Install the WPCode plugin — the lightweight successor to "Insert Headers and Footers".
- Code Snippets → Header & Footer → paste the snippet into the Header box.
- Save. The tracker is live across the site immediately.
This is still technically a plugin, but it's a generic snippet manager — not a session-replay plugin that needs its own auth, dashboard, or update cycle.
Path B: Theme header (no plugin at all)
- Appearance → Theme File Editor →
header.php. - Paste the snippet immediately before
</head>. - Save.
The catch: if your theme is updated by the author, your edit will be wiped. Use a child theme, or run this in WPCode.
Path C: functions.php hook
If you maintain a child theme, this is the cleanest option:
add_action('wp_head', function () {
echo '<script async src="https://cdn.closetrace.com/t.js" '
. 'data-site="ct_xxxxxxxxxxxxxxxx" '
. 'data-capture="forms,replay,heatmap"></script>';
});
Turn on form draft capture
The default install records session replay and heatmap data. To recover abandoned forms, you need the form-drafts module enabled — that's what the forms flag in data-capture does.
The tracker listens for input and change events on every form on the page, debounces, and stores partial data against the visitor's session ID. If a visitor types an email, picks a service, and leaves before clicking submit, you can see the draft in lead recovery the next morning.
A few WordPress-specific notes:
- Contact Form 7 works out of the box. The plugin uses standard HTML inputs and gets picked up by field name (
your-email,your-message, etc.). There's a deeper walkthrough in the Contact Form 7 abandonment guide if you want field-by-field detail. - WPForms submits via AJAX, so make sure your thank-you redirect doesn't fire from a hidden iframe — otherwise the tracker can't tell abandon from success. Use the standard same-page confirmation.
- Gravity Forms multi-step forms need
data-capture-multistep="1"on the script tag so each step's partial data is logged separately.
By default, password fields and any input with autocomplete="cc-number" are masked at the SDK level, which keeps you sane on the GDPR side.
Verify the install in five minutes
Open your contact page in an incognito window. Type into the email field, half-write a message, then close the tab without submitting.
In your dashboard, go to Sessions → Filter → Has form draft = true. Your session should appear within 60 seconds. Click into it and you'll see the draft fields stored against the session, plus the replay timeline showing the exact moment you bailed.
If the session shows up but no draft is attached, you've likely got a caching plugin (WP Rocket, W3 Total Cache) stripping query parameters or deferring third-party scripts. Add cdn.closetrace.com to the script-defer exclusion list and re-test.
The honest limitation
Header injection means the tracker initializes on every page, including /wp-admin. The SDK ignores admin paths by default, but if you've customized your admin URL via a security plugin, you'll need to add the path to the SDK's ignorePaths config. It's a 30-second fix, but it's the kind of thing the auto-installers handle for you.
The other tradeoff: a static snippet won't know about logged-in user roles unless you pass them. To exclude editors and admins from session capture, swap the static snippet for a small PHP block:
add_action('wp_head', function () {
$role = wp_get_current_user()->roles[0] ?? 'guest';
echo '<script async src="https://cdn.closetrace.com/t.js" '
. 'data-site="ct_xxxxxxxxxxxxxxxx" '
. 'data-capture="forms,replay,heatmap" '
. 'data-user-role="' . esc_attr($role) . '"></script>';
});
Then filter user_role != administrator in the dashboard so internal QA sessions stop polluting your recordings.
Next step
Once the snippet is live, build a saved view in Sessions called "Form drafts with email captured" — filter on has_email = true AND submitted = false. That's your daily recovery queue. Run it for one week before you decide whether the volume justifies wiring the drafts into your CRM or a follow-up email sequence — that's the call most teams get wrong by automating too early.