Securing Gravity Forms

Hi all! I already went over the Security Best Practices but I have a pending concern. We’re hosting with wpengine and use GravityForms to process payments. Our site uses over 20 other plugins. I am concerned that a plugin update could install some malicious code that intercepts the payment info, since the plugin’s code resides on the same server. It’s impossible for me to read all the code of all those other plugin updates. Does anyone have any guidance on that?

Understandably, you are concerned about the potential for a plugin update to introduce malicious code that could intercept payment information on your website. To protect your site from this risk, it is important to only install plugins from reputable sources, such as the official WordPress plugin repository, and to keep them updated to the latest version. You can also use a security plugin such as Wordfence or Sucuri to scan your site for malware and vulnerabilities.

Furthermore, you can use a Payment Gateway service that does not store any credit card information on your server but redirects the user to the payment gateway’s website for the payment process, such as PayPal, Stripe, and authorize.net. This will help to ensure that your customers’ payment information is secure.

It is also a good practice to keep regular backups of your site in case you need to restore it in the event of a compromise. Additionally, it would be beneficial to consult with your hosting provider and the plugin developer to get a better understanding of their security practices and to see if they have any recommendations for securing your site. By taking these steps, you can help to ensure that your website is secure and your customers’ payment information is protected.