Kansas City Web Design, Web Hosting, Web Application and SEO

If you have a business website then you probably have a submit form as well.  Contact us, get a quote, get started now, whatever your call to action is.  A simple submit form that sends an email is standard website functionality for many years now.  Over the last 15 years since we have been in business and providing web hosting, IDP has seen a lot of changes with website submit forms.  It has been a moving target over the years as the web hosting industry and security products continue to fight spam.  The amount of spam on the Internet is overwhelming.  Unfortunately, the anti spam changes that have been made over the last 5 years has made it increasingly difficult to build a submit form, protect the submit form from spammers and make sure the client and / or customers actually receive the email.  We have put together a list of best practices we have learned over the years building submit forms for our clients.

Power the Submit Form with an SMTP Account

In the old days submit forms were powered by server generated mail programs.  Programs like sendmail and postfix ran on the server and were used to send email from your submit form. Today server generated email gets blocked by firewalls, networks and spam software. Big companies like GoDaddy started blocking all server generated email because a lot of it is spam.  Server generated email can easily be blocked, they can tell it came from a web server, not a real person.

The best practice when you build a submit form is to connect it to a real email account in order to send the email.  You can talk to your email host about setting up a special email account for submit form delivery.  You need a SMTP host, SMTP username and SMTP password to connect your web form to an email account. If you have a WordPress site this is really easy to do. You will need to install a SMTP Mail plugin.  There are tons of them available in the WordPress extensions directory, we use the SMTP Mailer plugin screenshot below.  There is a Test Email tab in order to test if the WordPress site can send email.  This is handy to determine if you have a contact form issue or a WordPress issue on a submit form that is not working.  There is also an option to disable SSL certification Verification if you have to on your server.  If you don't have an SSL on your website you might need this checked.



If you have a custom HTML site, not a WordPress site, you will need to use a PHP Mailer program.  It is pretty easy to do but you would need a PHP developer to set this up for you.

2. Carefully Select the From Address and To Address

Assuming you completed step number one and WordPress sends emails successfully.  You may have an issue where people are not receiving the email on the other end.  You need to experiment with the From address and To address on the form in order to improve your chances of it being accepted.  Normally when there is an issue like this the email is getting blocked or going to Spam.  Some general rules to follow:

FROM address needs to match the domain name.  If you are sending FROM a different domain than the website it could be seen as email spoofing
FROM address needs to be a real email address.  Some spam software will lookup the address and reject it if it doesn't exist.
We often have the issue where we host the website but we don't host the email.  In this case we have an IDP special email account we use to power our clients' submit forms. OR the client can setup a special email address on their email server and connect it.

3. Craft a Subject Line and Email Content that are Not Spammy

If your submit form email is still getting blocked after completing steps 1 and 2 then you should look at the subject line and content.  There are some really good resources on MailChimp regarding these issues

https://kb.mailchimp.com/campaigns/previews-and-tests/best-practices-for-email-subject-lines

https://kb.mailchimp.com/delivery/spam-filters/about-spam-filters

4. Protect the Web Form with Google Invisible reCaptcha

Submit forms are constantly attacked by spammers and can generate hundreds of spam emails off of your website.  This can lead to getting your server or website blacklisted which will cause more submit form email deliverability issues.  You can protect your web forms with any good captcha program or honey pot strategy.  We really like the Google Invisible reCaptcha. Users do not have to do anything or type out any kind of captcha.  The program runs on the page and detects spammers without having to type out a captcha.

In WordPress this is really easy to setup with the Google invisible reCaptcha plugin.  A huge security benefit in WordPress of using this plugin is that the same invisible reCaptcha can be enabled on all of your WordPress form pages.  You can protect your admin page, password reset page and comments page with a check of the box.  Spammers often attack these built in WordPress submit forms.  It is nice to have one plugin that can protect all forms instead of many different plugins.  The fewer plugins the better on WordPress sites.

5. Check Your Domain Reputation

Another big issue with email deliverability and submit forms are blacklists.  Your domain may be blacklisted and you don't know it.  Your IP address or your web host could be blacklisted. Web form email will be blocked by many providers if you are blacklisted.  There are 50-100 different reputable blacklist sites as well and different spam programs look at different blacklists.  We recomend MX Toolbox blacklist check.  Just type in your domain and search.  The tool will check your IP address and your domain name against 103 known blacklists.  If you are listed on a blacklist you can use MX Toolbox to help you get delisted as well. IDP has a paid account with MX Toolbox and a nice featiure of the paid account is blacklist monitoring so that you get notified if your domain or IP address gets added to any blacklist.

6. Professional Email Delivery Service

If your website is sending 50 - 1,000 emails per day you need to use a professional email delivery service.  You are asking for trouble doing it yourself thru your email account or your server.  There are too many issues to track on top of everything discussed in this post.  We recommend SendGrid.  They have a free account for less than 100 emails per day and only $9.95 for 100,000 emails a month.  The advantage of using an email service is that they focus on getting your emails delivered.  So they do all of the work for you in making sure your website emails are getting delivered to customers. There are also analytics available so that you can actually see if your emails are being delivered and if they were opened.  Email issues are often "invisible", hard to see what is going on and difficult to troubleshoot.  The email reports are really helpful to see what email is getting bounced to who and why.

That's it folks thanks for reading! If you need help with web forms and submit form development please contact IDP web design!  Happy to help!

By default the answer is no. Wordpress is not secure.  In fact no CMS platform for websites is secure by default.  All websites are under constant attack by spammers, hackers, malware injection, bot programs.  It is pretty sad.  When you inspect server log files and network traffic you will find that most of the Internet is garbage.  The bad guys have taken over the WWW (Wild Wild West).  All websites no matter what they run on are under constant attack 24 hours a day.  Malicious programs and bots run all day long trying to access files and penetrate websites.  It is really important to setup your website to be more secure.  If you setup your WordPress site properly you will be safe from hackers and malicious code injection.
Top 10 WordPress Security Tips

WordPress Updates - Start with the obvious.  Everyone knows by now you must update your WordPress software and plugins constantly.  Always keep your software up to date.  The greatest thing about WordPress software is how easy the updates are to install.  If your WordPress site is built correctly then updates should not break your website.  It is quick and easy to keep your software up to date.
Plugin Usage - Stop using so many plugins!  You don't need 25 plugins installed.  Each plugin could be an entry point or security vulnerability.  We use the same 5-10 WordPress plugins on every site we build.  That way we are consistent and know what is running on every site.  Only install supported plugins that are actively being updated.  Old plugins that are not supported are security vulnerabilities.
Good Web Hosting - You get what you pay for.  Choose a web host that is experienced at hosting WordPress.  Choose a web host that will help you secure your WordPress site.  We offer full service WordPress hosting.  We take care of the updates and security for you.
Firewall Protection - If you have a good web host you may already be behind a firewall.  You need some kind of protection behind a firewall to stop some of the obvious Internet garbage out there.  Another option is to purchase a firewall service for your website.  Sucuri offers a paid firewall protection solution that is pretty good.
WordPress Hardening - By default the files and folders on your website could be open for hacking.  A lot of times developers open up file permissions with 777 in order to install and setup WordPress themes and plugins.  Sometimes these permissions are left open when the site goes live.  Make sure you harden your file permissions on your site.  At the command line you can run these two commands - Files 640 and Folders 750.  When you are done you will have to open up permissions on the uploads folder.
find . -type f -print0 | xargs -0 chmod 640
find . -type d -print0 | xargs -0 chmod 750
Security Plugin - Every WordPress site has to have a security plugin installed to help protect the site.  There are a lot of good ones out there.  We prefer the Sucuri WordPress security program.  It is free and it offers a lot of protection and a scanner.
Security Plugin Configuration - Installing the plugin doesn't make your website secure! You need to set it up and go thru all of the configuration.  You may need some help from an expert.  Or you may need to read some documentation on the plugin website.  The security plugins are not generally just a click of a button setup.
wp-admin - Everyone knows the login page for WordPress is /wp-admin/.  Change the WordPress admin URL to a different URL to help hide the login page from bad people.  The plugin we use for this is WPS Hide Login
 User Accounts and Passwords - Make sure your admin user accounts are using very secure passwords.  Bad guys are trying to use automated programs to guess your admin password 24 hours a day.  Also delete any user accounts you don't need.  Do not create a user account called admin.  Never use admin as your username.
Add Google ReCaptcha - Protect all of your submit forms with Google reCaptcha or invisible reCaptcha.  You can also protect your admin login page from malicious bot scripts by installing Google reCaptcha on your admin login page.  We like to use the invisible one for WordPress.

Is WordPress Secure?
YES! Absolutely WordPress is as secure as any CMS software solution.  If you configure it properly and setup security it is definitely a very secure website platform.

IDP recently completed a new Magento Web Design project for Hanna's Handiworks in Lee's Summit, Missouri.  The e-commerce website is a B to B site where retailers can login to the site in order to view products and pricing.  You have to be logged in to see the product pricing and in order to see the shopping cart / checkout options.  Retailers are able to order new products for their stores thru the website.  Extensive integration with the client MOM POS system was completed by a third party MOM developer.  IDP worked with the MOM programmer and with the client to finish the project and get it launched.  IDP is also hosting the new Magento web design. We are very pleased to be working with this great company right here in Lee's Summit, MO!

The Magento web design project included graphic design mockups, Magento skin development, home page layout, category gridview layout, product detail page layout, checkout page layout, customization of templates, WordPress blog setup and web hosting.  The retailer registration process and login to view pricing was handled by a couple of Magento modules.  The client requires a fairly lengthy registration / application form to become a retailer and the client needs to approve the account before they gain access to products.  A lot of custom fields were added to the Magento registration.  Check out the new website at www.hannashandiworks.com.


Magento Web Design Company in Lee's Summit, MO
IDP has been developing PHP websites and open source software driven websites since our inception in May of 2003.  We are PHP and open source software experts. Over the years we have setup many different open source software solutions.  Our main go to applications are WordPress and Magento.  If you need a Magento Web Design please contact IDP for a free quote