Sensitive information in a WordPress installation

  • Hi, I’m designing a WordPress site for local law company. The site has a valid SSL.

    They want to move from their clients downloading PDF forms from their website, to having online forms instead. I would probably use Contact Form 7 for this purpose.

    How secure and safe is this if a client is inputting sensitive information – personal information like their age, and also financial information?

    Is this recommended or not in today’s online space?

    Thanks

Viewing 8 replies - 1 through 8 (of 8 total)

  • This is legal matter. Please consult your ‘lawyer company’ to review that. Regardless, insure they are the site admin as noted in a DNS lookup. They own the site, it’s their responsibility.

    Thread Starter redspot

    (@redspot)

    Thanks, yes I understand it’s their responsibility.

    I’ll rephrase:
    My question is around WordPress and contact form security. Other than installing an SSL, how else can I make the website as safe and secure as possible?

    Please describe your customer base.

    Thread Starter redspot

    (@redspot)

    Well, anyone who requires law services. There’s no specific demographic – any adult who requires legal guidance.

    Unfortunately, I need to back out of this now. As noted: It’s a legal matter.

    Thread Starter redspot

    (@redspot)

    Sounds good. It’s not a legal matter in the way you are referring to. I am asking about obtaining information online from a user, and the safest way to do this.

    Can anyone else advise please?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    If it’s sensitive in the sense that someone might sue your *** off, I would not store the information on site. It’s certainly as secure as your site is, and a bunch of that depends on your clients maintaining good security practices after you hand the site over to them. So, turn the question around and ask them if they’re going to be keeping things up to date, monitoring security plugins like WordFence and insisting on very strong passwords for all users.

    As described, ‘sensitive information’, is exceedingly vague. I am lost on why a mod is responding, The change is EU based (GDPR), which is why I asked about the customer base. If you do not do business in the EU, their laws do not apply. Simple.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Sensitive information in a WordPress installation’ is closed to new replies.