Security is a huge deal these days. If Amazon and Google can be hacked, anyone can. Hackers can always get at you. But there is no reason to make it easy for them.
Quite often, clients will ask me why we put a contact form on a website rather than an email address. I also often get asked if a Captcha code is necessary. This post answers those questions.
Why no email addresses or links on the site?
There are two main reasons you don’t want your email address openly visible on your website: First is SPAM.
In HTML, your email looks like this to a bot, even if you just put a link without the actual email written out:
The bot can identify copy and use your email address and send you lots of nice SPAM. And we all need more of that, right? Maybe you don’t even notice an increase in SPAM. So why should you care?
The second reason has to do with the security of your contacts. Have you ever gotten an email from someone that they did not send? Their email has been hacked. This is an easy way for hackers with malicious intent to send you a lovely little virus or Trojan horse. You get an email from someone you trust and open a link or attachment and BAM! You have been infected. Maybe the infection messes up your computer, maybe it just takes information from it, you know, like all your contacts so they can infect them too. Either way it’s a bad situation.
Occasionally there is a good reason email links are wanted on a site. In this site, we use a scrambler to try to keep the bots from reading the email addresses. So,
would be changed to this and still work:
However, never underestimate the ingenuity of a determined hacker. The more secure you can make your information, the better.
So how do people contact you?
Before I started using WordPress, a contact form in PHP (so much more secure than an HTML contact form or email because trolling hackers and bots cant “read” PHP) cost clients about $500 additional. Since with WordPress a contact form is a (fairly) simple plugin, I put it on all my clients’ websites. Even so, the amount of hacking that is happening has caused email servers to keep tightening security, so the contact form plugin authors need to keep updating the plugins so the forms can get to the clients and not get caught in SPAM filters. This means a fair amount more vigilance on the part of the web developer to be sure they have entered all the correct information and checked to be sure the forms work (send the information submitted to the client).
This is still the best and easiest want to ensure you get the information from a potential client who wants to be in contact with you.
CAPTCHA, why CAPTCHA?
Occasionally I have clients who really don’t want CAPTCHA on their site. They just don’t see the point of it. Again, security is the point.
CAPTCHA, incidentally, is the box at the bottom that asks you to prove you are a human. That is the point of it. CAPTCHA stands for “Completely Automated Public Turing test to tell Computers and Humans Apart”. It asks you to do something a bot can’t do (a bot can fill out a form, but it cant think – yet). Again, the point of it is to keep you from getting SPAM from your website. Sure, you can take your chances without it, but those of us who love the web want it to get more secure, not less so. Why leave your site open. Your time is valuable, don’t waste it following up with fake contacts.