Web form security best practices for property managers

Stop hackers in their tracks

As a property manager, you hold the keys (no pun intended) to your tenants’ email addresses, phone numbers, billing addresses and more the second they type it into a form on your website. This type of data — known as personally identifiable information (PII) — is in high demand among hackers, which is why it’s important to implement web form security best practices on your property management website.

What do hackers do with PII?

Hackers don’t usually have a direct interest in your tenants’ PII. Instead, they profit when they sell the data on the dark web (also known as the online black market) for a median price of $21.35 per record.

That’s right, the going rate to destroy someone’s credit or steal their identity is less than $25.


Cyber thieves then mine the information and attempt to access additional accounts since most people don’t use password best practices.

Even scarier, there are those who are surreptitiously working to piece together information about your tenants that they collect from multiple sources into whole identities — from photos to addresses to Social Security numbers and dates of birth.

In this digital age, it’s actually quite easy to gather and use this information. If a breach or cyberattack happens to your property management company, every tenant whose information passed through your web form can be at risk, which subsequently exposes you to a substantial amount of liability.

Recent cyberattacks and data breaches

Hackers target companies big and small. Recently, two global companies were hit hard.

British Airways data breach

British Airways recently confirmed a data breach that exposed the PII and credit card numbers of nearly 400,000 customers. In a statement released by British Airways in early September, customers booking flights on its website and the British Airways mobile app between late August and early September were compromised.

T-Mobile hacked

T-Mobile recently reported that it suffered a security breach on its U.S. servers in late August that may have resulted in the leak of “some” personal information of up to 2 million customers. This included customer names, billing ZIP codes, phone numbers, email addresses, account numbers and account types (prepaid or postpaid). According to a recent T-Mobile blog post, its cybersecurity team detected and shut down an “unauthorized capture of some information.”

Web Form Security TMobile
Photo: T-Mobile

These aren’t the only instances of cybersecurity threats, but it goes to show that if industry leaders can be hacked, so can your property management site. To prevent these types of cyberthreats, it’s important to put web form security safeguards in place on your site.

Related: What 2018’s data breaches can teach us about internet security

Web form security best practices

Chances are you spent a small fortune building your property management website to attract, engage and convert potential tenants. But a beautiful website is only half of the equation. You also need to ensure that your visitors’ information is safe and secure. You can do that by implementing key web form security best practices.

  1. Install an SSL certificate.

  2. Use a trusted hosting provider.

  3. Stay on top of website patches and plugin updates.

Avoid exposing your tenants’ PII with a safer website.

1. Install an SSL certificate

Installing an SSL certificate on your website is mission critical, even if you’re not collecting credit card or payment information. SSL stands for Secure Sockets Layer, which gives your website URL that “https” that you see more and more around the web. SSL certificates protect information entered into your website by building a secure and encrypted connection between the tenant’s browser and your web server.

SSL certificates are becoming increasingly necessary because search engines like Google now use SSL as a ranking signal in their search algorithms. If a website doesn’t have an SSL certificate, Google’s Chrome browser will mark it as “not secure.” With both security and SEO benefits, a GoDaddy SSL certificate can be a smart purchase for your website.

Related: Why you need a secure website right now — avoid the Chrome ‘Not Secure’ warning

2. Use a trusted hosting provider

Your website hosting provider is integral to the success (or failure) of your website’s security. When you’re looking for the best hosting company, there are seven major factors to consider:

  • Storage
  • Bandwidth
  • Scalability
  • Reliability
  • Security
  • Backups
  • 24/7 technical support

For the sake of this article, let’s look specifically at hosting provider security. Most providers list the measures they will take to safeguard your website. If they don’t, then be sure to call and ask.

GoDaddy offers a comprehensive website security program, powered by Sucuri, which includes automatic daily security scans and the removal of cyberthreats from your website. Investing in a service like this will provide peace of mind that your tenants’ PII is secure from prying eyes.

Web Form Security Prying]

3. Stay on top of website patches and plugin updates

Depending on your website’s content management system (CMS), you may need to install patches and update plugins as they become available. The term CMS refers to a software application used to create and manage digital content. One of the most common CMS platforms is WordPress, which requires updates on a near-regular basis. WordPress often releases updates to its core files containing fixes for the latest security issues and vulnerabilities.

In addition to core files, your WordPress theme and plugins will also need regular updates.


Web form security best practices also include installing a WordPress security plugin on your website. Free WordPress plugins offer a number of features including security activity auditing, remote malware scanning, blacklist monitoring, effective security hardening, post-hack security actions and security notifications.

Taking these proactive steps will help you protect your tenants’ PII and hold hackers at bay.

Related: WordPress Security Resources

A good site is a secure site

Although hackers are champing at the bit for your tenants’ personal information, there are ways to safeguard your website and protect yourself from a potential security breach. By following web form security best practices, including installing an SSL certificate, using trusted hosting providers like GoDaddy, and keeping your website CMS updated, you can ensure that information entered into your web forms won’t fall into the wrong hands.