This article is archived and may not be up to date.
This month at WordPress Norwich Meetup, we discussed how most of us have some kind of form on our websites – everything from a simple contact form to a complicated application with multiple conditional statements. We will also discussed:
- Form plugins (free and paid)
- External form services
- Form security
- GDPR! Where does you form data go?
WordPress Form Plugins (free and paid)
First we discussed free and paid WordPress Form Plugins. The free forms discussed included:
- Contact Form 7
- Roll your own
Contact Form 7 was a very popular choice here. It is extremely easy to set up multiple forms and customise as required. No coding knowledge is really needed. I actually use Contact Form 7 for this website.
The ability to roll your own form is also an alternative, the only real downsides to this is 1) You will need coding experience, 2) You will need to have knowledge about security including sanitisation. 3) You will need to put in place anti-spam techniques.
The paid forms discussed included:
Gravity Forms is ideal when you need something more advanced, such as a quote builder. This is a paid plugin but very much worth the cost when you take into account the amount of time you will save. You are able to integrate Gravity Forms with many different services including PayPal, MailChimp, Trello, Fresh Books, Slack, Stripe and more.
Ninja Forms is a direct alternative for Gravity Forms, and is also a premium plugin.
External Form Plugins
A couple of examples of external forms that could be used, for example to add as an iframe to a WordPress post were:
Google Forms was a popular choice at the WordPress Norwich meetup, however I do have reservations about the GDPR compliance when it comes to anything related to Google. If you went the Google Forms route you would need to make sure that you are in compliance with GDPR and Google Forms is added to your Privacy Policy.
Wufoo forms was mentioned as an alternative to Google Forms and so the same issues arise with potential GDPR considerations and a requirement for you to add it to your Privacy Policy.
Form Security and GDPR
Next we discussed WordPress form security and GDPR. For GDPR we discussed about storing data from forms on your website and how unless strictly required it is much better to not store this data. We discussed various ways to stop Gravity Forms from storing data, you can find these ways by clicking here. You also should take into account storing of any files users send via a form making sure they’re not publicly accessible, or not stored at all which is ideal.
- Gravity Forms GDPR policy
- Ninja Forms GDPR policy
- Contact Form 7 GDPR notes
- Google Forms GDPR policy
- Wufoo Forms GDPR policy
- You will need to check privacy policies of any additional service you integrate with the form you use.
In regards to form security all forms include basic techniques to combat spam and cross-site scripting attacks, although you should always do more. Some ideas regarding an additional layer of anti-spam include:
- Using a honeypot technique (Contact Form 7)
- A captcha such as Google reCaptcha
- Using a service such as Akismet
- Cloudflare Free to stop bots before they visit
- Cloudflare Pro for Web Application Firewall
- Comment Blacklist for WordPress
Personally I use a mixture of the above depending on the project. Contact me today to discuss your WordPress website requirements.
