Contact and other type of web forms on websites are typically used to capture leads and build a mailing list for your business’ email marketing strategy. Web forms are also the most commonly exploited attack surface on websites, since they allow users to input data that is then stored into a database or some other type of data store, and later viewed by the website owner.
If you are developing your own web form, or evaluating a WordPress plugin to create web forms on your website or blog, read this article for more information on what to look for and what properties a web form must have to be secure.
What Makes a Web Form Secure?
Input validation is the checking of data submitted by the user through the web form, and ensuring it conforms to what is expected. For example, if an input field in a form requires the user to enter a phone number, it should only accept numbers and other signs that are used in phone numbers such as the plus sign, hyphen and brackets.
If the input field in a web form requires the user to enter an email address, the form should check that the email address format is valid. For example at least it should check that there is the @ sign, a FQDN etc. If you are developing your own web form there are several freely available scripts that can use in your code to validate email addresses and other types of data.
Without input validation a malicious hacker can submit arbitrary rouge data through the web form which exploits a vulnerability in the website or its backend software, should there be any. For example in a database driven website without basic input validation in a login form, an attacker can bypass the login page.
A web form, especially a Contact Us form should have a CAPTCHA or some other type of Challenge-Response system to stop the automated traversing of the web form.
Without a challenge-response system malicious hackers can use tools to automatically submit data through the web form, which could result in a mail bomb, which means flooding the recipient’s inbox with thousands of emails. It can also lead to a denial of service on the server. If your website is on shared hosting, such problem will impact the performance of your and other websites, and your hosting provider can suspend your website.
Other Security Best Practices Related to Web Forms
Web Forms Should Be Available Over SSL (TLS)
Web forms should be made available over an encrypted channel (TLS/SSL), which is typically known as HTTPS. In the old days it was recommended to use HTTPS only when visitors were submitting sensitive and confidential data such as passwords, account numbers via a web form, but nowadays it is recommended to have all the website running on HTTPS. Mainly because HTTPS is not just about encryption, but also about authenticity and integrity.
If you are new to HTTPS refer to our guide to WordPress and HTTPS for WordPress admins.
Use Double Opt-In for Your Mailing List
This best practice is not something that can be applied to the web form, but to a process related to web forms thus worth mentioning. When building a mailing list for your newsletter, make sure the email marketing service or WordPress plugin that you use supports Double Opt-In, which means the subscriber has to confirm the subscription twice.
With Double Opt-In, the first time a visitor subscribes to the newsletter he or she receives an email with a verification link. To verify the subscription the visitor has to click the verification link, so if the link is not clicked the visitor is not added to the newsletter. Without double opt-in anybody can use someone else’s email to register to the newsletter. This can lead to people receiving your newsletters without subscribing to it, who might report you to SPAM blacklists and tarnish your business’ reputation.
Properly Configured and Secure SMTP Server (Email Server)
This does not apply to you if you are on shared hosting. If you have your own server (either VPS or dedicated) you have to configure your SMTP sever, the server that is receives and sends emails. Make sure it is not open to relay and if it is being used by your website only, only allow connections from the web server itself.
An insecure form and an open / misconfigured SMTP Server are a gold mine for spammers since it can be used to send as much emails as they want to anyone!
Secure Contact Forms for Your WordPress Website
As highlighted above it does not take much to have a secure web form and email server for your WordPress website. And if you need a form just for people to subscribe to your newsletter, most probably you’d be better off if you choose an email marketing provider that can host such form for you rather than doing one on your own website.