One option that I've done before is to just add the Marketo form to the Wordpress page via an iframe. It's not an ideal solution, but it allows you to still leverage the prefill functionality without any of the security concerns.
The Iframe is indeed much more secure since all the important code is included in a Marketo LP. The issues with iframe are different:
- double page visit in Marketo activity logs (in case you use page visits in scoring, pay attention)
If you disable Munchkin on the inner LP (which is the right way to embed) this won't happen.
- slower page load
Not really. A standard Marketo embedded form loads the form descriptor asynchronously, and if you're using an out-of-band Pre-Fill service, the additional info is also loaded asynchronously (not to mention waiting for the Marketo API, which can take a few seconds in its own right even when it isn't overwhelmed). All this must complete before the form can be used.
In contrast, while the IFRAME itself loads asynchronously, everything inside it (Pre-Fill and form descriptor) is inline.
There is actually less network overhead with an IFRAME, surprisingly.
The enduring problem with embedding a form in an IFRAME is styling/responsiveness.
Question : If you disable munchkin on the inner LP, will you still benefit from the prefill and/or the Progressive Profiling ?
Yes, you're disabling the Munchkin library so you don't log a duplicate Visit Web Page.
You're not disabling the existing Munchkin cookie, which will still be sent to Marketo.