Form Checklist

We use formidable forms to build forms in WordPress. They’re generally very easy to set up, but finding the right balance between functionality and security can be tricky sometimes. We’ve developed the following checklist to help our site admins determine which options should or shouldn’t be enabled for a particular form.

Answer the following questions and appropriate guidelines for your form will be generated.

Form Checklist

Form Checklist

Yes

Here’s a list of things that will prevent off-campus access to a form- if you absolutely need them, work with Denise, Rex & TJ to get this working

  • Page restrict
  • file uploads
  • Entry views
  • Required WP/dixieID logins

No

Great! You can add any and all of the formidable features we have installed.

Yes

Use the "Page Restrict" plugin to force users to login with their dixieID before viewing the page. You can attach their login info to the form if you need to track who's filled it out.

Remember that this will limit access to users on campus only.

No

Hooray! You do not need to set up or configure anything

Yes

We have the following restrictions on forms with file uploads:

  • Must be behind a login page. (either page password or page restrict)
    • Page restrict is best option, but limits access to DSU members & to on-campus network only
    • Page password is another option - but requires department to give password to approved users before they can login.
    • If neither of these options work for the form, no file uploads are allowed.
  • Must check settings field for: “protect files uploaded to this form.”
  • Do not put files into a view without reviewing before publishing

No

Great! no need to worry about spam being uploaded!

Yes

Use the following guidelines:

  • Ideally all views should be behind a login. (either page password or page restrict)
    • Page restrict is best option, but limits access to DSU members & to on-campus network only
    • Page password is another option - but requires department to give password to approved users before they can login.
    • If view needs to public(eg: job board), review each entry before publishing. Do not publish personal info.
  • Do not allow indexing of views.

No

Whew! Good thing you don't have set up a view!

Yes

Review our data security guidelines and follow these rules:

  • be responsible with what happens to the information after it has been submitted.
  • Do not put it in a view.

No

Good! You don't have to take any special precautions with non-sensitive data.