How secure is your contact form?

A potential customer visits your website. They’re convinced. They fill in your contact form: name, email address, phone number, a short question. They click “Submit.”

And then?

For most websites, the answer is unsettling: those details end up in a database. A database that’s online 24 hours a day. A database that can be attacked. A database you might not even know exists.

Where do your form submissions go?

With a typical WordPress site using a contact form plugin (Contact Form 7, WPForms, Gravity Forms), here’s what happens:

1. The visitor fills in the form
2. The data is stored in the WordPress database
3. An email is (hopefully) sent to you
4. The data remains in the database — indefinitely

That last point is the problem. That database now contains personal information from your customers: names, email addresses, phone numbers, sometimes even addresses or medical information. And that database is accessible via the internet.

It’s like having a safe where you store all your clients’ business cards — but the safe is on the street, with the lock facing outward.

The risks aren’t theoretical

In 2026, a vulnerability was discovered in a popular WordPress form plugin that allowed unauthorised users to download all submitted form data without login credentials. (SentinelOne/CVE-2026-0825) Names, email addresses, phone numbers — everything was exposed.

This isn’t an incident. It’s a pattern:

• Form plugins store data in plaintext (unencrypted) by default
• The database is accessible via the WordPress admin panel — and that panel is a known target for hackers
• Many business owners don’t even know their form data is being stored — they assume it only sends an email

What the GDPR says about this

Under the GDPR, you are required to:

• Only retain personal data for as long as necessary. — A contact form submission you answered three years ago has no business still being in your database.
• Secure it adequately. — Plaintext storage in a WordPress database accessible via the internet doesn’t meet that standard.
• Delete it on request. — If a customer asks you to erase their data, you need to know where it is and actually be able to remove it.

With a standard WordPress form plugin, none of these three points are handled automatically. You have to do it yourself — if you even know you’re supposed to.

The alternative: forms without a database

A contact form doesn’t need a database. It can work differently:

1. The visitor fills in the form
2. The data is sent directly to your email address via a secure connection (HTTPS/TLS)
3. Nothing is stored on the server

Done. No database. No storage. No target for hackers. The data goes from your visitor to your inbox — and nowhere else.

It’s the difference between a customer whispering their phone number directly in your ear, or shouting it across a crowded room and hoping only you hear it.

What this means for you as a business owner

With a form without a database:

• No risk of data breaches via your website. — What doesn’t exist can’t be stolen.
• No GDPR obligations around storage. — You don’t retain personal data on your server — so there’s nothing to secure, delete, or report.
• No maintenance. — No plugin that needs updating, no database that needs cleaning.
• Full control. — The data only exists in your professional email environment (such as Outlook or Gmail). There, it’s protected by your mail provider’s robust security, rather than sitting around on a publicly accessible web server.

The question you need to ask

Ask yourself: if someone hacks your website tomorrow, what customer data is exposed?

If the answer is more than “nothing” — you have a problem you can solve today.

Curious how your website performs? Try the free website check.