PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

Security of form data

  1. JenHinds

    Hi there. I'd like to add a long form to a website. Some of the questions are very sensitive and when people complete it and submit their answers, it needs to be secure. Please can you advise if Gravity Forms on Wordpress are secure and how this works?

    Also please can you explain how the data that someone inputs into a form is transferred to the site owner (i,e is it emailed or stored in a database) - and how secure is this?

    Many thanks,

    Posted 12 years ago on Thursday September 8, 2011 | Permalink
  2. There are several WordPress plugins to force the site to be accessible only over SSL (https with the lock icon on the toolbar.) Here's one, although I have no experience with it.

    You need an SSL certificate, then you would use a plugin like that to force access to the site over https rather than http. That will take care of submissions.

    The data that is input with a form is stored in the database, and accessible to the site administrator in the wp-admin section. The database is not directly accessible to anyone (normally.) If you use an SSL cert and manage the site that way, this data is secure in transit as well.

    You can opt not to have email sent, so there won't be any plain text entries floating around.

    By default, WordPress is only as secure as your server. The SSL cert will protect data in transit, but if someone gets a hold of an administrator password, or exploits a flaw on the server, or in WordPress, the SSL cert will not matter.

    None of this is specific to Gravity Forms. It's all in how you set up your environment.

    Posted 12 years ago on Friday September 9, 2011 | Permalink