One of the most popular questions we hear when building a site is, “Can we collect that information on our website?” Online forms, membership systems & shopping carts are great resources for a business. However, the more customer information and transactions that you handle on your website, the more potentially liable your business is for your customers’ data.
Here are 5 best practices for collecting data on WordPress websites:
1. Be Cautious with Online Forms
By default, WordPress websites do not store personal information other than what a user willingly decides to enter into a form. However, you need to be careful what information you request in forms. Never collect confidential information in an open form, such as a birthdays, social security numbers, medical information, etc.
2. Use Secure E-Commerce Systems
If you need to have content on your website that is restricted to certain users and that content is highly sensitive, you should use a membership system with proper security protocols. For processing any type of payment on your site, always use a secure e-commerce system with a payment processor. If you collect credit card information in a not secure form, your company could be liable for any security breaches or card theft.
3. Monitor Internal Website Users
Always monitor the internal users that you’ve set up in the WordPress dashboard for your company’s website. When helping clients with website updates, we often see numerous WordPress users in their dashboard that should have been removed, such as past employees, former SEO or marketing companies, etc. If you forget to remove users, you could be exposing all your site’s customer data.
4. Have a Privacy Policy
Every business should have a privacy policy on its website. In the US, the California Online Privacy Protection Act (CalOPPA) dictates that if you collect any personal information from any California-based users, such as email addresses, phone numbers, or mailing addresses, you are required to have a legal statement for users to review that discloses the privacy practices of your business.
5. Secure & Protect Your Website
WordPress is one of the top 3 systems targeted by hackers. Last month, it was discovered that 50,000 WordPress sites were infected with cryptocurrency mining malware. Protect your customer’s data by securing your website with 24/7 security monitoring, secure hosting, and proper website maintenance. If you notice any security issues on your site, contact our team right away for help.
