Gravity Forms – Data Risk Mitigation and Best Practices

Website compromises and data breaches are a constant and growing threat.

Wharton CMS Editors can do their part to help mitigate risk by remaining diligent with timely housekeeping of Gravity Forms data and implementing CAPTCHA on all active forms. Gravity Forms without CAPTCHA will be subject to deactivation when bot activity is detected. Gravity Forms should be audited regularly, with effort made to minimize risk in accordance with the University’s data risk policies. Gravity Forms found to be inactive for over 12 months will be deactivated, and are subject to removal to mitigate potential data exposure. Gravity Forms that are no longer needed should be deactivated and removed. Form data should be exported to local storage, adhering to your data retention policies.

Please review the following Help Center documents for additional information:

• Gravity Forms – Data Risk Mitigation >>
• How to add CAPTCHA to active or new Gravity Forms >>

Note this information only applies to Wharton CMS sites using Gravity Forms.