Do WordPress contact forms store my data securely?

by | Sep 3, 2022

Many popular (and premium) WordPress form builders like to boast about their security. You can probably google the name of a form builder and find an article or page they’ve posted discussing their amazing security.

So, do they store data securely?

How can data be stored securely?

Encryption. And I’m not talking about using SSL certificates and HTTPS, which I assume you use on your sites (SSL encrypts data in transit between the browser and the site).

To store data securely, we can encrypt it with a key. In a nutshell, you can use an encryption algorithm to obscure data. Encrypted data won’t make sense to humans or computers unless it’s decrypted with the key.

There are hundreds of guides explaining encryption – I’m referring to symmetric encryption, which means the data can be encrypted and decrypted using the same key.

Do form builder plugins encrypt the submissions they store?

From the handful I’ve looked at, the answer is sadly a resounding no. Some might offer it as a feature, and some might have compatible plugins which add encryption.

This means that data gets stored in plain text in your website database. This means your host, other plugins, themes and anything else that can access your database can read the submisisons.

As a result, I’d recommend collecting as little information in forms as possible.