Only use WordPress Gravity Forms for Non-sensitive Information (Tier 0 or 1)!
The Gravity Forms plugin included with ITS Self-service and Enterprise WordPress offerings does not limit access to file uploads; these files are stored in a world readable directory that anyone can reach (see Security Best Practices of the Gravity Forms documentation).
Carefully consider the type of data you intend to collect and the potential for inadvertently capturing sensitive information; for instance, many college transcripts use Social Security Number as a student id. For this data type in particular, an alternate file upload/collection method is recommended.
If you do plan to use Gravity Forms to collect information, we strongly recommend posting a disclaimer that sensitive information should not be submitted through the form.
What are some supported alternatives to WordPress Gravity Forms?
Note that any process involving the collection of UNC Sensitive Information must proceed through the Data Governance and Risk Assessment process.
Assuming the information you need cannot be delivered from an existing ITS managed data stream, potential platforms for supporting sensitive file uploads include:
- Qualtrics via qualtrics.unc.edu: this provides a low/no code environment for creating web surveys and forms very similar to WordPress Gravity Forms. The platform includes a File Upload function that, by default, is configured to require authentication/prevent anonymous access to file uploads, unlike WordPress Gravity Forms. Support information is available from the ITS Service Desk.
- Microsoft Teams via office.unc.edu: this is the recommended solution for file sharing within UNC. It also supports sharing with any external email address including Office documents using IRM encryption-at-rest. Contact your departmental IT or the ITS Service Desk for assistance.
- Red Hat Openshift via cloudapps.unc.edu: refer to our Website Hosting Guidance and review the Cloudapps Service Page for additional information. Particularly for IT teams hosting web infrastructure that is outside of the UNC network perimeter, migrating or deploying sites here is a great way to automatically benefit from multiple ITS managed web security controls.
What are general recommended security practices related to file uploads?
- Manage retention and disposal of data according to the records retention schedule.
- Don’t hang on to sensitive information longer than necessary. Establish a data management plan that defines roles and responsibilities around data retention and disposal.
- To reduce the risk of exposure, it is a good practice to periodically move results out of the web directory and on to a long-term storage solution that meets the requirements of the IT Security Controls Standard, including detailed auditing for file access and network filtering to limit connections from any non-UNC source addresses (e.g., SecNAS)
- Anonymous file uploads should not be trusted; scan any files with AV before opening.
- Manage access controls appropriately based on the classification tier and governance-defined need to know of UNC information involved.
- Authenticating UNC users should occur through a centrally managed IdP such as SSO or AAD.
- Use approved encryption-in-transit technologies.
- Apply security patches in a timely manner for any software you re-use.
- Use best practices for file upload logic such as extension and content validation, size limits, etc.