How Secure Are Your Lead Generation Forms?

How Secure Are Your Lead Generation Forms?
  • 26 January 2011
  • Web Design
  • This post was written exclusively for PV.M Garage by Mark Simon
  • Comments (7)»

If you have private data collected from online web forms, the security of your forms should be paramount. Failing to take the security of your forms seriously could lead to a myriad of problems, including being locked out of your own website. Any form where data is collected is a potential target for people looking to steal data. Below are some tips to keep your data secure.

Do not use revealing error messages

There is a fine line between giving a friendly error message when incorrect information is entered into the form and helping a hacker know what to do next. For example, if you say “password does not match” then you are letting potential crooks know that is the form element to keep trying because the username is most likely correct. A better message is “Username and password do not match”.

Test your forms

Make sure to test your forms by using every character on the keyboard and potentially even double byte characters. Also, test against at least the Top 10 vulnerabilities published by OWASP.

Monitor failed attempts

A great way to thwart hacking attempts is to limit failed form attempts to 3-5 tries no matter what data they collect. It is very common for attempts to be made on a lead generation form, login form and even username/password recovery forms aimed at accessing your database. Be aware that even if the form does not let them access the data directly it could leave hints in the form of errors that give insight into where the data is stored. Common examples are the server directory location, database type or web services running on the server.

Use a professional service

If you are not tech savvy at building & testing forms, then consider using a professional service such as Wufoo. Companies like Wufoo are dedicated to building forms and have teams in place for security, taking the burden off your shoulders. You should still test your forms and use the other tips in this article.

Avoid free scripts available online

Do you know exactly what that free script code you downloaded does? Are you able to read the code and say I know what is going on here? If the answer is no then you should probably avoid using the script for any type of data collection or storage. People who know how to read the script have the same access to it as you do; including the installation instructions. This may serve as a roadmap to enter your server and access the private data you collected using the form.

Don’t be afraid to generate leads using web forms; just be very careful about it and test everything.

Image Credit: CarbonNYC

Author: Mark Simon

Mark Simon is the SEO Director at Underground Elephant where he focuses on mortgage leads, insurance leads and other highly competitive lead generation verticals.

website design and development


  1. Mark Simon

    Thanks for the guest post opportunity Max!


    Finding a web designer can be a total pain….I’ve spent 5 hours searching for a decent one and ended up here!

  3. Rahul

    I would like to write posts for your website.

  4. sunglasses

    My friend told me that she bought Tiffany and sunglasses last week,they are very beautiful.I am also want to buy Tiffany and sunglasses,but my mother disagree,she said they are not to fit me.

  5. Cheap Beats By Dre

    : “simple, which is $ 100, get go.” “But I do not have small change to find you.”
    Wealthy people: “You suck one, do not look for friends!

  6. usp labs jack3d reviews

    Man I definetly adore your write-up and it is so commendable hence I am going to bookmark it. I Have to say the Wonderful research this article has is greatly remarkable !! Who does that additional research these days? Hats off to You . Just another tip to you is that you shouldintroduce any Translator Application for your Global Readers .

Leave your comment

You must be logged in to post a comment.


This website is proudly powered by WordPress, hosted by Suite48. Icons by WeFunction, KomodoMedia and DezinerFolio.
Contents and resources released under Creative Commons License.
Design and code by PVM Garage - Copyright © 2010 PV.M Garage Theme - All Rights Reserved.