Contact Form 7 (CF7) uses the WordPress REST API to process submissions. If CF7 works in Chrome but silently fails in Firefox, a security plugin is almost certainly blocking anonymous REST API access — and Firefox may be stricter about the resulting error response than Chrome.
Problem: Contact Form 7 submissions work in Chrome and Safari but silently fail in Firefox — no email is sent, no success message appears, and the form does not report an error.
Solution: The Shield Security plugin's firewall blocks REST API requests from Firefox by default. Open Shield Security → Firewall and whitelist the CF7 REST API endpoint, or disable the rule that is incorrectly flagging Firefox form submissions as malicious traffic.
Open Firefox's developer tools, go to the Network tab, and submit the form. Look for the admin-ajax.php or REST API request. You may see a response body like:
{
"code": "shield_block_anon_restapi",
"message": "Anonymous access to the WordPress Rest API has been restricted by Shield.",
"data": { "status": 401 }
}This is caused by the Shield Security plugin's "Block Anonymous REST API" option. To fix it:
Go to Shield Security → Firewall → REST API and set the Anonymous REST API Access option to Disable, or change it to Logged-In Users Only if you want to keep some protection.
If you're using a different security plugin, the setting name varies:
Wordfence: Firewall → Brute Force Protection → Block REST API requests
iThemes Security: Settings → WordPress Tweaks → REST API
All In One WP Security: Misc → Block External URL RequestsAlternatively, whitelist CF7's REST API namespace in code so the security plugin allows it through:
// Allow CF7's REST namespace to bypass the Shield REST block
add_filter( 'shield/is_rest_blocked', function( $blocked, $request ) {
$route = $request->get_route();
if ( strpos( $route, '/contact-form-7/' ) === 0 ) {
return false;
}
return $blocked;
}, 10, 2 );NOTE: Contact Form 7 version 5.0+ switched from admin-ajax.php to the REST API for form processing. If you're running an older version of CF7, update it first — the REST API approach is more reliable and better supported by modern security plugins.