Due to the security risks associated with collecting and storing user data, website business owners should carefully consider how they use web forms. This page explains the options available to content editors using WordPress, the content management system used for most public University of Maine System websites, and how they fit into a recommended security approach.
Detailed Information
University policies related to protecting data of different types - both Compliant (covered by FERPA, HIPAA, GLB, etc.) and Business Sensitive (private data but not covered by those regulations) - can be found in the UMS Administrative Practice Letter "Employee Protection of Data."
Further information is available in the employee training modules about Information Security and FERPA in UMS Academy.
Third-party WordPress plugins
The most commonly used tool for creating forms on UMS WordPress sites is Formidable Forms. This third-party plugin allows form data to be submitted to designated addresses by email and/or stored as entries viewable by site administrators in the WordPress Dashboard. The more secure of these options is to send the data by email to the person who needs it.
Allowing the data to be stored within WordPress increases the risk that it may be accessed by someone who doesn't have a business need to do so. For example, staff in campus Marketing departments often have access to all sites in their campus WordPress instance, meaning they can view all of the submitted form data. Some IT staff have access to view all form data on sites for several campuses. A key principle of data security is to allow access only to those who need it, so storing form entries within the WordPress system increases risk.
We recommend the following steps to limit the security risks inherent in collecting and storing form data in WordPress:
- Campus site administrators should know what forms exist on their sites, what types of data they collect, and whether that data is being stored within WordPress.
- Editors should disable the option to save entries on forms where it is not needed. When using Formidable, you can do this by going to the Forms section of the Dashboard, selecting a form, going to the Settings tab, and clicking the checkbox “Do not store entries submitted from this form.”
- In most circumstances, the Formidable "File Upload" field should not be used, as even when the form is set to send data by email, the file upload remains on the server and is accessible in a web browser.
- For forms where data needs to be stored, consider more secure alternatives to WordPress forms, such as Google Forms (more information below).
- For forms where data is going to be stored in WordPress, the entries should be exported to another system and removed from WordPress periodically, to prevent them from being stored longer needed there or potentially forgotten. When using Formidable, you can go to the Forms section of the Dashboard, select a form, go to the Entries tab, and click Download CSV to get a file that can be imported into other programs like Google Sheets or Excel. You can also delete data from the Entries tab.
- WordPress forms plugins other than Formidable, such as Gravity Forms, may offer different options, but these general recommendations would also apply for those plugins.
Google Forms
For forms where content editors want to retain submitted data or include file uploads, it is better to link from the WordPress page to a Google Form or embed it using an iframe. A Google Form can be configured to save form submissions in a Google Sheet, it can provide options to allow file uploads, and the resulting Google Sheet can be configured to send email notifications when new entries are submitted.
Support requests for Google Forms should be directed to IT Support.
When to Use WordPress vs Google Forms
Depending on the type of data, one form may be more suitable than another, or in some cases, WordPress and Google Forms may both be unsuitable. For details, please review this spreadsheet of guidelines for which form to use.
Other Form Options
Additional web form options are available, provided by systems outside of WordPress but that can be included in a WordPress page as an embed or link. The data collection and storage agreements with those outside systems would govern how they should be used, and support for them would be provided by whichever IT or outside group supports that system. Examples of these outside systems would be TargetX or Salesforce.
For Additional Support
Existing campus site administrators can contact Web Technologies for additional support, while campus content editors should direct questions to their campus site administrators.
Environment
When leaving feedback below, please leave your contact information if you would like a response.