There are several WordPress plugins to force the site to be accessible only over SSL (https with the lock icon on the toolbar.) Here's one, although I have no experience with it.
You need an SSL certificate, then you would use a plugin like that to force access to the site over https rather than http. That will take care of submissions.
The data that is input with a form is stored in the database, and accessible to the site administrator in the wp-admin section. The database is not directly accessible to anyone (normally.) If you use an SSL cert and manage the site that way, this data is secure in transit as well.
You can opt not to have email sent, so there won't be any plain text entries floating around.
By default, WordPress is only as secure as your server. The SSL cert will protect data in transit, but if someone gets a hold of an administrator password, or exploits a flaw on the server, or in WordPress, the SSL cert will not matter.
None of this is specific to Gravity Forms. It's all in how you set up your environment.
Posted 11 years ago on Friday September 9, 2011 | Permalink