On October 20th, I gave a webinar with GoWP.
Watch the replay now:
Or read the transcript:
Emily:
I’m Emily from GoWP, if you don’t already know me. Welcome to today’s webinar with Mike Demo Demopoulos, on increasing form conversions and protecting your information. Really quick, I just want to say a couple words about GoWP in case anyone watching is not familiar with us. At GoWP we are a team that is devoted to helping agencies grow by providing exceptional outsourced WordPress services. Agencies that partner with GoWP are able to focus on the low touch/high value work that helps them grow because they can depend on GoWP to take care of the high touch/low value work that disrupts their day. That’s things like website maintenance, never-ending content edit requests that come in from clients at all times of the day and night. Our 24/7 team takes care of those for you, and it’s all white labeled, so it all appears as though everything is being done by your team.
Emily:
If you have any questions about partnering with GoWP or how our services can help your agency grow, feel free to reach out. You can email me, Emily@GoWP.com and send me a message in the chat here, send me a message on Facebook. However you prefer. Reach out. I also wanted to tell you about our Facebook group, for those of you who are watching here in the Zoom call and may not be a member yet, it is the GoWP Niche Agency Owners Facebook group. This is a community of agency professionals who either already serve a niche market or would like to niche down. We are broadcasting this webinar live in the group right now, and the webinar will also be available there afterward to watch. So, I’ll put a link to that in the chat in just a minute.
Emily:
For those of you who are already watching the Facebook group, I’m so happy to have you here. We’re excited to get started. A few notes regarding the webinar, I’m going to watch the chat both here in the Zoom room and also in the Niche Agency Owner’s Facebook group. So, if you have questions, throw them out. I’ll get them to Mike. No problem. We’ve already done a test of the chat in Zoom, if anyoneā¦ I see people are watching on Facebook, so there we go. Everything’s working. All right, so let’s get to why we’re here today. Mike, in Forms. Mike is the Lead Hand Shaker at WebVentures.io. He’s a lover of open source first specific tools later. Mike is the, as I said, the Lead Hand Shaker of WebVentures.io. And, believing there are too many Mikes in the world, he prefers to go by Demo.
Emily:
He speaks at Ignite conferences, meet ups, word camps, Joomla events, more everything, anything you can think of, Mike is speaking at it. A lot of you have probably seen him speak before, I know I have. He’s spent years building a strong client base in the financial and insurance industries. A little bonus tip here, you can ask Mike, or ask Demo I’m sorry, what his favorite tiki bar is on Twitter at @MPMike. Hey Mike, welcome.
MikeDemo:
Hey, thanks Emily. Thank you so much for that wonderful intro. Hello to everyone on the info webs. I’m going to share my screen in just a minute, but I wanted to say it’s such a pleasure to be with you today. Hopefully, if you saw my talk this weekend at Word Camp LA, I didn’t scare you off too much, so welcome back. If you haven’t heard one of my talks, it’s okay. You can leave this Zoom. I won’t be offended. It’s not that big of a deal. We’re talking about forums today. Let me share my screen. There we go.
MikeDemo:
It’s all about increasing form conversions and protecting your information. Real quick, a little bit of housekeeping before we go too far. I am Mike Demo. This is my [inaudible 00:03:46]. I am the evangelist at BoldGrid, which makes a bunch of WordPress plugins. One of them’s a page builder. We also have W3 Total Cache, is a BoldGrid plug. We acquired that recently. [inaudible 00:03:58] WordPress plugins, and I’m the lead hand shaker for web ventures. You think you have it tough in the COVID space, but I literally have my HR title as Lead Hand Shaker, and I have to pivot. So, we’re doing the best that we can. My Twitter is @MPMike. My emails are there. My LinkedIn, Facebook, and my website’s there if you wish to engage with me during the event, after the event, whatever’s going on. I’d love to connect with you.
MikeDemo:
We are going to talk about forms, but real quick I want to talk about giveaway. I love the game, Pandemic, and I find it very timely that we’re in the middle of a pandemic with COVID-19. So, if you want to play Pandemic at home, the board game, not the COVID edition, we’re going to give away a copy of Pandemic on the digital platform of your choice at the end of the webinar. You have to stay on Facebook or Zoom, and Emily will pick somebody at random to win a copy of Pandemic, the digital copy, on the platform of your choice. So please, stay connected with that.
Emily:
I’ll add on there, just if you are watching in the Facebook group, make sure you let me know by commenting, because I can’t see everybody who’s watching. So, make sure you comment and say, “Hey, I’m here. I’m watching,” and we’ll make sure you’re entered as well.
MikeDemo:
Yes, and then you can play Pandemic at home while social distancing.
MikeDemo:
Cool, so let’s talk about forms. Everybody loves forms, right? It’s one of the probably the most popular WordPress plugin types that gets installed across all of the WordPress sites out there. There are so many different ways that we use forms. You’ve got conditional logic forms, you have contact forms. Let’s go over some of the use cases on all of the different ways people are using forms on their WordPress site, or on their CMS site in general.
MikeDemo:
They use them for documents, onboarding, legal things. I’ve seen forms for contracts. I’ve seen conditional logic forms done for contracts. I don’t mean necessarily things like e-sign, or any of those e-signing tools that exist. I’ve seen WordPress forms be used for insurance applications with conditional logic, with affiliate agreements. Whatever that happens to be, people are using WordPress forms for that. They’re using it for contact forms, just basic contact forms. “Hey, find out more about our company. Contact us. Inquire about our service.”
MikeDemo:
[inaudible 00:06:36] sales forms, all the different ways that people communicate. That usually happens through a form when people are reaching out and communicate on a WordPress site. It’s very rare that you’ll click a link and it opens up an email client. It’s usually through a form. You have forms for support. People need help with support. A lot of that doesn’t happen with the support center sometimes. Sometimes it happens just with a form, and sometimes the form might connect to something like Help Scout or Zendesk, or something like that, but they’re collecting the information on “Hey, you’re having trouble with our product or service. We want to help you. How do we find out more information about your problem? Please fill out this form.”
MikeDemo:
And there is job applications, so many job applications I’ve seen on WordPress forms. Upload your resume. Upload your documents. I’ve seen onboarding employment forms which are asking people to upload their driver’s license or their passport, or their social security card that are being done in WordPress forms. All of this data is happening on WordPress because forms are amazing. You can allow them to create basically mini applications, and a lot of them are drag and drop. You don’t have to be a developer to create multi-step conditional logic forms. I’ve made forms for insurance applications, mutual funds, dental insurance companies. I’ve had to deal with the negative side of forms, which is what we’re here to talk about today.
MikeDemo:
Last but not least, transactional. Mini shopping carts, purchase a product. Maybe you don’t need a full shopping cart, something like WooCommerce or whatever. A lot of forms have payment gateways that you can use: PayPal, or any of the other payment providers that happen to exist, anything, just connect that with your form provider and have mini calculation form, maybe say a T-shirt order form, or maybe a donation form, or whatever you happen to do, there are a lot of transactions also happening on forms.
MikeDemo:
Let’s talk about PPI. This is a legal definition for the US, and to be clear, I am not an attorney. Please talk to your own counsel. But according to Law Insider, protected personal information means specific individual facts that unless segregated would otherwise be in a submitted document to identify a person submitting that document or another person beyond that person’s name, or to identify the financial activities of either, which the court is allowed or required by law to keep confidential. That’s a really long phrase. Basically, if it’s a piece of data that could be used to identify someone, it’s basically considered PPI.
MikeDemo:
I first came across PPI when I was working in the banking sector. I made hundreds and hundreds of bank websites on Joomla. Yes, Joomla, don’t leave yet. It’s a CMS like everything else. I’m not married to a CMS. I’m in an open source relationship, and yes Robert, I did still that from Jessica at Dunbar, but with commission. I forked it. We had a deal with all the PPI there, and then the insurance space, a lot of PPI there. I did a lot of healthcare documents and WordPress work. I’ve built hundreds of hospital intranets on WordPress. There’s a lot of PPI there. You’re just thinking, “Well that’s fine for you, but I don’t build bank websites, and I don’t deal with a hospital. I don’t deal with any of that. Plus, my forms are secure.” Well, maybe, but let’s talk about it.
MikeDemo:
Let’s first talk about databases and how WordPress works. WordPress works on a LAMP stack, which stands for Linux, Apache, mySQL, PHP. All of the three major open source CMSs run of PHP, and by definition, they use a LAMP stack. Yes, you can also use MicrosoftSQL instead of mySQL, but 99% of all WordPress sites use mySQL. So, mySQL is the database. Linux is the operating system. PHP is the programming language, and mySQL is the database. The database is where everything gets stored that isn’t a file. There is two pieces to a WordPress set. You’ve got the files: things like the images, CSS, JavaScript, and then you’ve got the database which is really where the content management comes into play. You’ve got your users, you’ve got your pages, you’ve got your posts, you’ve got your comments. All of the data that you’re interacting with when you’re using WordPress lives in your mySQL database.
MikeDemo:
We’re going to talk about how that happens to look in the form world. Fun fact about databases is they are used on tons of applications, and not just for web applications. In fact, the first modern database was used on the Apollo project to track all components on the Saturn-5 Rocket. After the Apollo 13 disaster, they queried the database and saw that the oxygen tank that ruptured was dropped on the floor, but later passed inspection. So, databases have been in use for a very long time. That’s just a fun little database fact. Now, that database wasn’t SQL, but the databases had been around for a long time. We know how databases work.
MikeDemo:
How do databases work with form data? We have all these form entries, and where do they live? How do people access their form entries? Well, most of the form entries you can access in a couple of different ways. Maybe you’ll get emailed when a form is submitted to you. Maybe you’ll just go to an entries tab on your plugin and you can just download them to Excel, or CSV, or whatever you want, or you can just view them inside your browser inside of the WP Admin. But what, lives in the database for the most popular form plugins? We’re going to go through quite a few of them, and then I’m just show you some quick examples.
MikeDemo:
Caldera forms, which is made by the wonderful Josh [Pollock 00:12:51], which is now part of the Ninja Forms family, they store their stuff in the database in plain text. You’re going to see a theme here, by the way, and it uses a form entry values table. You can see I have a John Doe test here, so that’s how Caldera forms looks in the database. If you have access to that database, if you have PHP, MyAdmin or maybe you were a bad actor and you had access to the database in a way that wasn’t intended for you to have access, maybe you accidentally made the database open to the rest of the Internet. Maybe somebody hacked your site and downloaded the database.
MikeDemo:
But there’s a reason why the passwords are salted and hashed in WordPress, so that even if the database is exposed, that confidential information is not exposed. But, all the form information on most every WordPress form is just stored in plain text in the database. Caldera forms, this is one example how that looks. Contact Form 7 actually doesn’t store anything in the database. It relies on email to send that data. Now, this has good and bad parts of it. Email is inherently insecure in itself, but Contact Form 7 does recommend another plugin called Flamingo if you would like to be able to access your entries for later retrieval inside your WPAdmin, and Flamingo stores it in the post-meta table, not with their own table, and again, it is in plain text as you can see here with my John Doe example from my Contact Form 7 test.
MikeDemo:
WS Forms, another new form. They use their own table. It’s a submit meta table. As you can see here, the email is there. I did kind of blur it out, because I actually had to use my own email because they have a protection that you can’t use any fake emails when your users are submitting their forms as a spam protection, which is a great feature. Again, plain text available.
MikeDemo:
Ninja Forms, very popular. They use the post meta table inside of WordPress. Same thing. Fields available here. Formidable, they use their own item meta table, and plain text available as well. You’re starting to see a theme here. Gravity Forms, they use their own entry meta table. In this case, I had a one field form with just the name just to test it out. Plain text as well. And weForms, one of our products. We do the same thing. We have our own table called entry meta and the stuff is there in plain text. So, if I’m [inaudible 00:15:39] on ours and saying “We are the same as everyone else,” there must be a reason for that.
MikeDemo:
First of all, don’t blame the form plugins. We’re just using them wrong. We’re all using these form plugins wrong. Yeah, and I know what you’re thinking, “Well in my day, I don’t collect anything that that’s special.” Go back to PPI. If that information was leaked, would that a good thing or a bad thing, when you have to go to a client and be embarrassed that their entries got exposed? Would the client be upset about that? You’re just saying, “Well it’s not technically PPI,” is that really going to make them happier? They’re going to be like, “Well, I expected you as my developer to make sure my site was safe, and my customers they know it’s safe.” Now, some of these form plugins, they are smart enough to know “Hey if you’re taking payment we’re not going to store any of that payment data because that’s definitely something that we don’t want even want in the WordPress database,” and they’ll do a direct connection to Stripe, or PayPal, or whatever the case may be and just send back the API calls.
MikeDemo:
What about all the other stuff? What about all the fields that we’re making? What about all these complex form applications that we’re doing beyond just a contact form? I would even argue a contact form is for you to have an email and a phone number, or even just a phone number. That phone number can get tied to a person, and I don’t want my data being exposed if I’m interacting with you. I know your clients don’t want their customers’ data being exposed. But don’t take my word for it. Ninja Forms has a wonderful article about this. These are some quotes that I pulled out of it: “Security is your responsibility. Email is extremely insecure and your form data is only as secure as your server.”
MikeDemo:
This is their fantasy way of saying “Not my circus. Not my monkeys.” Now, Ninja Forms has a great plugin. A lot of people use it, millions of sites while on Ninja Forms. This isn’t any one specific form problem. It’s the way that WordPress databases are inherently designed, and the way that the plugins work with them. Let’s talk about security, because security on your server is important, so let’s talk about that.
MikeDemo:
This is what I call the Responsible Web Ownership Pyramid. It starts at the bottom with a reliable WordPress host. So, find a good WordPress host, maybe if you have a local Word Camp check out their sponsors, talk to their hosts. We all know the big names like InMotion Hosting, Bluehost, WP Engine, FlyWheel, Kinsta, Convesio, Stratic, et cetera, Pantheon. Find a good host that you trust. Maybe a managed WordPress host offering, which does some of the stuff on this pyramid for you, would be appropriate. Now managed WordPress hosting [inaudible 00:18:34] than shared hosting.
MikeDemo:
Maybe you want to run your own server. If you want to run your own server, definitely make sure you know how to manage the updates on the servers, that you make sure your server’s secure. You’ve got your good hosting. Good. Check. Done. You want to have backups. You want to have offsite backups. Use an offsite backup tool such as Total Upkeep, [Akiba 00:18:53], BackupBuddy, whatever you want to use. Make sure it lives somewhere not on the web server, either on your local computer or OneDrive, or whatever the case may happen to be. Make sure it lives offsite.
MikeDemo:
Then, test your backups. Make sure you test your backups. An untested backup is basically useless, because if that site were to get deleted today, and I’ve seen hosting companies go belly up and all of their stable of websites disappear overnight, you want to make sure that backup will work. Have an SSL certificate. You can get a lot of freeā¦ Most hosts offer a free SSL, Let’s Encrypt. I am personally not a fan of Let’s Encrypt.
MikeDemo:
Now, it’s not for any security reason of the Let’s Encrypt certificate itself. An SSL certificate, for the most part, is an SSL certificate. I like the service that you get with a paid SSL. I like how it lasts for a year versus six months. Then certain circumstances, especially if it’s a nonpublic-facing website, Let’s Encrypt might not be able to communicate with the server to validate the ownership, and then that website might have that certificate expire. I’ve seen hundreds of Internet sites suddenly give you Let’s Encrypt errors because their sites were no longer exposed to the Internet.
MikeDemo:
Now again, the developer should have known better, but I prefer paying $25.00, having a certificate that I pick, plus in general older browsers do recognize the paid SSLs better than Let’s Encrypt. We’re talking about less than 3% or 5% of the people, but if you have a high traffic site it might make the difference of your conversion. Excuse me, apparently my Alexa is beeping at me. Next, you want to have a web application firewall. Now, this can come in basically two flavors: something that runs on the [DeenaSlayer 00:20:52] such as secular site lock, which all the traffic flows through it and blocks all the bad stuff before hitting your web server, or you can use a plugin such as Wordfence, which lives on your WordPress site, which doesn’t allow people to do any back doors that you might be able to do with a DNS provider, although you can fix that with HTAccess rules.
MikeDemo:
I really recommend everyone have some sort of security application on their site. Don’t say, “The site’s not going to happen to me. I’m not going to get hacked. I make a puppy blog. Nobody doesn’t like puppies.” Well, it can happen, trust me on that. So a lot of these tools have free tiers. So, check them out. For any email that you’re doing, like confirmations on the form submissions, maybe getting notified when a form is submitted, I really recommend you use a hosted SMTP service. There’s an amazing plugin called WPMountSMTP, which makes this easy to connect to your SMTP provider of choice. They have one click configuration with like a dozen of them. This makes the deliverability higher, which is good if you are using mission critical forms, and to also make sure that you’re not relying on PHP mail, which is even more insecure and it doesn’t have the [inaudible 00:22:07] and the other email DNS signatures that tell the receiver “This is mail is who I say this mail is from,” which if you’re doing a confirmation, if somebody fills out an order form or something, we want to make sure that mail gets there.
MikeDemo:
Then you want to have encryption. You want to make sure encryption on any protected information is there. In this case, we’re talking about forms. You want to make sure the form submission data is encrypted. We’re going to get there. We’ll talk about that in just a second. There are three ways you can do that with either a SaaS solution, manually, or with plugins. You also want to make sure your WordPress and all the themes and plugins are up to date. Maybe your host will do this automatically, if you have a managed host. Or you can use a tool like Watchful, MySitesGuru, or ManagedWP to automatically backup and update your sites on a nightly, weekly, monthly basis, whatever the schedule you have for your clients. Or of course, use a service like GoWP, which can do this on your behalf.
MikeDemo:
Last, but certainly not least, I recommend two factor authentication for all your WordPress sites just to make sure that only the people that are interacting with the WPAdmin are people that are supposed to. You’re going to use a thing like Google Authenticator or Text Message Authentication, but I prefer UB keys, which is a physical hardware token that you have to have to be able to gain access to that site. Now, I know you’re thinking, because I’ve heard it all, I’ve had hundreds of banks on UB keys, and they all say, “Well what happens if my UB key gets lost, stolen, broken?” Well, you might want to have a couple of people in the organization with the key, and you both have access, so you kind of let the other one in. But you could always print out some emergency keys, that I recommend, keep in a safe deposit box or fireproof box that’s locked that’s unidentified, so that if for some reason you lose your physical key, you can still get access.
MikeDemo:
My wife and I had access to each other’s resources on our UB keys, so if one of our keys get stolen, the other one can gain the access to it and then authorize the new key on that as well. That is the responsible web ownership pyramid, and we’re going to dive into the encryption thing specifically how it relates to forms.
MikeDemo:
Ways to encrypt your form data. You can do a SaaS. You can use a SaaS form provider just as JotForm or FormStack. This is what I use when I did all the banking work. It is automatically HIPAA compliant, it meets banking standards, PCI compliant. It has all the certifications that you need, but the costs are really high, medium to very high cost. But you can usually get a single form online in about an hour, but you do have to build the form from scratch again, and then you embed it in with the WordPress plugin. You can a professional’s help. Well, maybe you have very specific use case, and you just want to be able to encrypt your data from your form, and maybe other parts of your WordPress site a very specific way. Find a professional that can help you.
MikeDemo:
Maybe go to Codeable. Maybe check at the GoWP email resident developer program product that they just launched. The problem with this is, if the project’s public then it at least take a couple of weeks, probably closer to a month, and you have to do a lot of testing. The cost is going to be very high in comparison to the rest of these problems. Or you can use a plugin. Let’s say I already got my form provider that I want to use. I know a plugin I want to use, and I just want my stuff to be secure because I don’t want that data to be out there if or, just think about it, when that database gets exposed. You don’t want to have to have that call to your client, and you definitely don’t want that client to have to make the call to their customers.
MikeDemo:
That does all of the work for you to make sure the data’s safe. Ease of use, you can usually get online in under 30 minutes, and the cost is free to low. So, we’re going to take a closer look at some of these plugins.
MikeDemo:
There are four options that I found that’s being decently used right now in the WordPress space. The first one is FortressDB, which is an official partner of weForms. They also have Forminator support, and they have developer docs going and connected to a custom application to a different form provider. They are GBPR compliant because they allow you to choose your data center location, like US, Europe, et cetera, Canada. And they have Gutenberg support. If you wanted to take your form data and display it on the front end with charts and graphs, they do some of that stuff for you. It’s been tested on over a dataset that has millions of rows, and it’s super fast.
MikeDemo:
If you use Gravity Forms, you can use PluginOwl. They have a third party tool called Encrypted Fields by PluginOwl. It’s not recommended by Gravity. It’s not officially supported by Gravity Forms, but they are recommended on their website. It just encrypts it locally, but it’s one of those Code Kenny things where you have to pay extra for support, and kind of hope for the best.
MikeDemo:
Ninja Forms has a Virtru Ninja Forms plugin extension. It’s for Ninja Forms only. This complex is meant for developers. You need to have your own server where the data is going to live, and you have to have the hand shakes. It’s not officially supported by Ninja Forms, but they are linked from their website. It is probably the most complex form setup I’ve seen that is available. The second most complicated I would say is the HIPAA Compliant Web Forms plugin, which is its own Web Forms plugin already. They have Caldera form support if that’s the form provider you use. They’re primarily focused on US HIPAA compliance, which is a medical privacy law, and they have a US data center because that’s what they’re focused on.
MikeDemo:
The helper actually lives in Baldwin, like 20 minutes from where I live. They’re not a formal partner of Caldera. They are recommended by Josh [Epp 00:28:04], Caldera Forms. To give an example of how this kind of looks, is we’re going to go through the install path of weForms with FortressDB so you can see how this is kind of set up and how you interact with your data.
MikeDemo:
So, FortressDataBase demo with weForms, is not a live demo because I am not silly. There’s just going to be some screenshots. First, you install your weForms. There will be a link to receive a special discount, because we’re a partner, to get your account at FortressDB. FortressDB is free and paid plans. If you use our link if you decide to upgrade to paid in the future, you still get the discount. Again, you can still use our link to get the discount even if you use a different form provider that FortressDB supports. Then you get that, then you install FortressDB. You log in, or you sign into your data center, to use your data center location like US, EU, et cetera. Inside of the form, and inside of weForms, you just activate it under integrations. Just toggle it on, and then it is active. My last slide, you might have saw the Post-It note didn’t make it in there, but I saved that last night. Sorry about that.
MikeDemo:
Then all you basically need to do is you go down to FortressDB and then that’s where your form data is going to live, because what happens is instead of the form data being saved in your mySQL database and WordPress, it is saved in the FortressDB data center of the location that you choose. A lot of countries require that their clients’ data is stored in certain locales, and this helps you become compliant depending on what countries you can do business with. Then you can view it just from inside the FortressDB page here, export the CSV or whatever you want to do, instead of looking at the entries page inside of weForms. You can still use all the other features of the form provider such as email notification, et cetera, but it will live in there. I just wanted to talkā¦ That’s just a quick example of how you can easily get on board with encryption on some of the most popular form providers out there.
MikeDemo:
I’m going to give some quick tips on some formā¦ I increase some form conversions, and then we’ll get into some questions. Some quick form tips. First of all, have a privacy policy that’s up-to-date. Use a service like Termageddon. Donata this weekend gave it a wonderful talked called “The Three Things All Web Professionals Need to Know About Privacy”. There’s a lot of links in this stack. The very last page, I’ll give you a URL where you can download the deck with all the links so that you don’t have to remember all of this. I recommend Termageddon, or use your own if you have your own attorney. Just make sure it’s up-to-date.
MikeDemo:
All things being equal, customers when they see a privacy policy, will do business with the company that focuses on privacy first. That also is true for encryption. You can say that all data in here is secured, and you’re not just hoping that nobody gets wrong access into the database. Think about this, also everybody at your web host has access to the database. They can get access. We’ve seen companies, none certainly in the WordPress space, be bad actors and download private data. We’ve read lots of stories about companies accessing data that they’re not supposed to. So if your data’s encrypted, then you’ll make sure that even if they get access to it, they won’t be able to read any of the data, which is why I just think it’s so important that all form data for the most part should honestly be encrypted and not just left at chance.
MikeDemo:
Conversational forms, it’s a new way to display form data. You’ve probably seen those forms where it’s asking you one question at a time, it’s very big, good UI, [inaudible 00:31:59] press the keyboard shortcuts for the answers. Those are making it easy for people to engage. Space10 says conversational forms turn web forms into conversations, making it easy for developers and designers to engage with users in a more compelling and conversational way. A lot of form providers already have conversational add-ons or plugins, or you can just do it with multi page forms manually, depending on your tool that you’re using.
MikeDemo:
Validate email. Before you put data onto your MailChimp list, or your Constant Contact list, or whatever it is, test your email. If it’s something like Validity, or ZeroBounce, Validity is what I use on these we call bright verify. First of all, it’s going to save you money. The average email list has a 2% loss rate every month because emails die, they change, people move, leave companies or whatever. You don’t want to be sending mail that might bounce back. It’s going to help your reputation because you, depending on what provider you’re using, need to keep your bounce rate below a certain amount and your spam rate below a certain amount. The best way to do that is to take out all the junk. If you have a list that you haven’t emailed in a while, even if it’s a customer list, run it through the tool. Sometimes the cost is one tenth of a penny per email.
MikeDemo:
We don’t add anything to any of our lists without running it through one of these tools. Even if it’s a real person, it’s not going to be on our marketing list just because we want to make sure that we’re having a very high good reputation list. Then ask less. Only put the fields that you really think you need. AB test different form lengths, and I gave a link to one of my talks about AB testing, for optimal conversion. Think about what data you really need to collect. I know it’s tempting to put lots of questions into a form, but the more fields you put the less likely people are going to finish it.
MikeDemo:
Now while these forms have add-ons and the provision that allow you to capture the data before they submit it so you can at least see partly completely forms and see people when they leave, do you really need to know their phone number? If that is critical for your business, great. If it’s not, leave off. I know, you can say, “Well, I can make it optional.” Yeah, but if you’re not using the data, and you’re likely not going to use it, don’t ask it up front. Ask for the data that is important for them to complete the action. Now, the more invested that they are in your business, let’s say it’s a support form, asking more questions at the beginning is a little more forgiving because the user’s looking for help. But if it’s a pre-sales form, or they’re not a customer yet and they haven’t converted, and they’re giving you their money, you want to make that experience as easy for possible for you to be able to engage with them, however that works for your user journey.
MikeDemo:
I’m going to leave this last slide up when we do some questions, and some discounts here that’s available for you. If you want to save 20% off all pro plans of weForms, you can use Code: GOWP. If you want to save 33% off paid plans on FortressDB, no matter which form provider you’re using that they support, you can use the Code: WEFORMS33PER. Elegant Marketplace has thousands of products not just [inaudible 00:35:19] related. You can save 30% off all the products that you can add to your cart there with the Code: GOWP. Sprout Invoices is one of our plugins. It allows you to send invoices to your clients and collect payments securely. You can get a 55% discount off that. It’s kind of similar to QuickBooks online, or Sprout Invoice, or Fresh Books with Code: GOWP.
MikeDemo:
We have a podcast that’s free, Tools Are Tools, available where all your favorite podcasts are sold: iTunes, Amazon, Google Podcast, Spotify, whatever. Every week we talk about a different WordPress plugin, and then we interview that founder. At weFormsPro.com/GoWP, the bottom right square is where you can download these slides, links to all the discounts, links to all my socials, as well as some additional bonus resources and talks with some other community members about this topic, and related topics that you might find interesting.
MikeDemo:
With that, we’ve got about 15 minutes left for questions. Emily do you just want to read them? Is that best?
Emily:
Yeah, I haven’t seen any come in, actually. We’ve had some comments of people enjoying the presentation, giving some great ideas for folks to use with their clients. So, some comments like that. Jamie Hill over on Facebook was excited to get started. He said, “Hi.” Ashish over on Facebook also says when he sees GoWP go live on Facebook, he says, “I’m in.” So, we’ve had a quite a few positive comments, but not a lot of questions. So, if anyone has questions, now is the time. Demo, I thought that was a fantastic presentation. Lots of technical stuff in there packed with information, and somehow I was laughing multiple times throughout it. So that was-
MikeDemo:
Well, you know-
Emily:
That was fun.
MikeDemo:
Looks aren’t everything. I do my best.
Emily:
You did a great job. I really enjoyed it. I learned a lot. So, it was really informative for me.
MikeDemo:
Yeah, and what’s cool is people can go to the link, weFormsPro.com/GoWP, download the slides. If they wanted to dig into any of the database locations a little bit more closely for their form provider of choice. I know I didn’t hit every WordPress form, but I hit the most popular ones by a wide margin just to kind of show it’s not a specific tool [inaudible 00:37:46], it’s just the right databases work in WordPress, because I didn’t want anyone feeling like I was shaming any one form plugin because they all do great things, but a little bit differently. At the end of the day, they all have the same Achilles’s Heel, which we’re hoping to fix with our partnership with FortressDB, and obviously some of them have other partnerships with some other third party encryption tools as well.
Emily:
Yeah, absolutely. I thought that was great to kind of see behind the scenes on each of them and how they all have great benefits, but also yes, some things to keep an eye out for. We’ve got a question from Kevin, “Are there any options for encrypting data on our own server that work with WordPress?”
MikeDemo:
Sure. There is a couple. The one forā¦ Let me find it. Yeah, here we go. Gravity, PluginOwl does work on your own server. I am 95% sure. I haven’t tested PluginOwl, Gravity Form’s encrypted fields. I was just reading about it. This does work on your own server where the rest of these do work on separate servers. The reason for that is twofold. Usually, most of these solutions work off of third party servers because it all has to do with where the data needs to legally live. Depending on what country you live in, the data might need to live in a certain jurisdiction. So, that might not be the same as your web server, especially if you’re doing something with internalization. I know people are using FortressDB with us and weForms, and there’s a US version that they might show their clients, and an EU version so that their clients’ data lives in each of the jurisdictions correctly.
MikeDemo:
Also, they usually are connected to something like AWS or Microsoft Azure, which have all of these, I didn’t know this from the banking world, they’re very specific types of tests and certifications that different types of data need to have. We’ve all heard of PCI certification, and HIPAA compliance, but there’s all these different types. There’s different compliance with social security numbers, a different compliance for addresses, phone numbers, kids’ information, and now that all of these very different, very, very heavy legally binding documents. What’s nice is those really, really large providers check all those boxes where your local web host probably doesn’t, because that’s not their business. Their business is to provide WordPress websites. So, you can always use your own developer and roll your own solution, but you’ll be playing Cat and Mouse. As the plugin gets updated, you might need to update your solution that you’ve built in-house, et cetera, such as your own developer product offering, or something like Codeable or however you want to figure it out. Depending on how that’s built, it might be a game of Cat and Mouse.
MikeDemo:
You’re also hoping that whoever you’re working with knows all the applicable security laws in their jurisdictions, and these all have different focuses like if you only do health data you might want to probably look at HIPAA compliant web forms plugin, because that’s their focus. Their focus is HIPAA. Full stop. Then all these different providers have different focuses, and different jurisdictions and countries that they focus on too. Although for the most part, if you cover the UK, EU and US, you’re covering most of the laws in the world. But again, check with your own counsel because I’m not an attorney.
Emily:
Yeah. Good disclaimer there at the end. That’s really interesting stuff though, and I think it just drives home like it’s probably in most people’s best interest and also easiest to go with one of these plugins that’s able to kind of cover all the bases for you I suppose. We did get one comment from Ashish over on Facebook. He said that he liked that you raised the important point about people who have access to the hosting server also have access to form data. That’s something important for people to keep in mind there. Yeah, Kevin said excellent summary of options and issues to consider. So, great answer there Demo. Another question from Shonta, “Does the encryption interfere with accessibility? Or does that just live on the back end?” I think is what she’s asking.
MikeDemo:
It usually just lives on the back end because it’s not visible to the front end. If your form is accessible and if your third party form provider’s already accessible, the encryption’s not going to affect that. What I don’t know the answer of, the accessibility of the back end tools, like on the WPAdmin side I would have to do some testing on that. But on the front end, there is no change to accessibility because they’re just interfacing with the same exact piece of content. It’s just where that data’s saving, and if it’s being encrypted or non encrypted is what’s changing. There’s not any change to the front end user experience at all.
Emily:
Cool, I think we answered her question, so great. Fantastic. I don’t see any other questions, but there’s still time, if you have them, to put them out there. Let’s go ahead and do the giveaway while we’re waiting-
MikeDemo:
Yeah, let’s do it.
Emily:
To see if anyone has anymore questions. We’re going to double down on this. Demo’s giving away a game to anyone who’s here watching right now. Then GoWP will also give away a game for anyone who has registered. So, we may be giving away a game to somebody’s who’s not here yet, but we do appreciate that you all registered for the event too. Let’s see here. Let me just double check my list here, cross check. Doors are closed. Cabin secure. All right. Now I think I can share my screen. I’m going to take down this here.
MikeDemo:
Yep.
Emily:
I will be sending a follow up email, so if you did not get any of those links there, we’ll be sure to include that in the follow up. I’ve got my screen up, and let’s go ahead and see who the winner is.
MikeDemo:
Jamie.
Emily:
All right, so that’s Jamie Hill, who’s watching with us on Facebook. Congratulations, Jamie. We’ll be reaching out to you to get your address and all that, and get your copy of Pandemic that you can play the fun version of instead of just the real life version that we’re all stuck in. Okay, now let’s do the second giveaway here. Let me share my screen again.
MikeDemo:
Yeah, in Pandemic, instead of fighting diseases, you’re fighting colored cubes.
Emily:
It’s much more fun. I played it last weekend with my family here and we love it. It’s a lot of fun.
MikeDemo:
There’s a lot of versions of Pandemic. There’s like 45 versions of Pandemic.
Emily:
Yeah, I found that out when I was putting this together and getting a link to it. [crosstalk 00:45:16]-
MikeDemo:
There’s even one that you can play as the disease if you’re so inclined.
Emily:
Yeah, I’m going to have to check that one out. Okay, so these are all of our registrants. Maybe someone who’s watching now, maybe not.
MikeDemo:
Hopefully.
MikeDemo:
Mark. Awesome.
Emily:
I don’t think this person is on the call at the moment. Markā¦ No, he’s not, but I will reach out to him and let him know that he won.
MikeDemo:
Awesome.
Emily:
Thank you everybody. It looks like I got few more comments. Ed said, “Awesome job, Demo. Very interesting stuff. Super useful.” Let’s see, “Congratulations, Jamie.” [inaudible 00:45:53] Jamie went twice. I don’t know, I thought about that when I was putting these two prize wheels together that that wasā¦ I was just hoping that wouldn’t happen, and it didn’t, so we’re all safe. So there we go.
MikeDemo:
I once, at the Joomla World Conference, I at the very end was giving away two prizes. So, one was with everybody there, and then one was just people that visited a sponsor’s booth. The same person won the PlayStation VR, which was the everyone group, and a TV from GoDaddy-
Emily:
Oh my gosh.
MikeDemo:
Back to back. Everyone thought I was paid off. I’m like, “I swear I was not paid off.” So yeah, and hundreds of people were at that conference. Ironically, it was four years ago. It was over the election in Vancouver. I remember because we were in the same complex as the Department of Immigration of Canada, and after the election they had a sign on the door that said, “Office closed. Please go to our website more information.”
Emily:
Oh my gosh, wow. Okay, yeah it’s amazing that those things can happen. And there are professional giveaway players too, out there.
MikeDemo:
Yeah, they’re called “Sweepers”.
Emily:
Sweepers.
MikeDemo:
About 15 years ago, when I used to work at a hotel, we would always have a National Sweepers Convention. Yeah, the systems and processes for all of thatā¦ It’s a hobby that people like.
Emily:
There we go. Cool. Well, thank you so much Demo. This is really an awesome webinar. I learned a lot. I know that everyone watching has said that they’ve learned a lot as well. I’ll be sending out the follow up email with the recording, and all that information shortly, so everyone can look forward to that. Once again, if you’re not in our Facebook group already you can go check it out over there, and this recording’s always there immediately after we’re done here. So, thank you so much and I’ll see you all in the Facebook group.
MikeDemo:
Thanks. Bye.