I have seen the code for some phish kits in the past. Many of them actually send an email on each submission rather than saving to a file (more resilient if the hacked WordPress site is taken down). They often also record the IP so it may be easier to filter out "phish-feeding" attempts like this.