Re: Anyone using a WordPress integration?

Valerie_Armstro · ‎01-11-2016

Hi Community - curious to know if anyone is currently utilizing a Wordpress integration. There are a few listed over on LaunchPoint but I'm curious to hear what other Wordpress users are using, what the drawbacks are, and if it is necessary to have an integration/connector or if the integration is possible in-house.

Thanks in advance for any feedback!

Casey_Grimes · ‎01-14-2016

So, I've done several major ways of handling Marketo forms as they relate to WordPress: using free plugins, using a few LaunchPoint partners' plugins (which I won't really comment on due to conflict of interest—and something to keep in mind if/when those plugins' developers reply to this thread), using API integrations from plugins, writing an in-house plugin, using responsive iframes and just dumping the Forms 1.0 HTML/Forms 2.0 JS code on a page. To kind of break down the pros and cons:

Free plugins: For most small/medium installations (of both WP and Marketo), I really think Hutchhouse's Marketo Forms and Tracking is the way to go. It does the two things you need most: adds Munchkin out of the box and adds basic Forms 2.0 functionality with API prefill. If you're wanting to do anything advanced, either with the Forms API or with your own PHP, you're out of luck. There are other plugins out there with similar functionality to Hutchhouse's but I don't really think they're worth the time of day.

API integrations (aka "the Gravity Forms option"): I don't necessarily see Gravity Forms + Marketo API as an issue and I think it has its place for companies with a stronger web team than Marketo team, if you need to do some tricks that Gravity Forms handles better like adding payment gateways to your form, or if you need to send data to multiple locations. If you're not using Zack Katz's Gravity Form connector and developing your own connection in-house, you'll need someone who specifically knows GF's quirks for associating data.

In-house plugins: Sometimes you need to do really complex things with forms beyond their traditional scope and simultaneously need to let frontend users build and place forms; custom plugin work is usually the best way to solve these challenges. In the cases where I've built custom work, though, there's a few issues to address around both plugin development (hello error code 613, my old friend, I've come to yell at you again) and user training (setting up campaigns to interface with the in-house plugin.)

Responsive iframes: This is actually my preferred way of handling forms for quick dev times—build a faux LP hosting a form and use the NPR responsive iframe method to get cleanly hosted forms on your site. Getting the initial LP and scripting (so both parent and child page can interact together) can be a bit of a pain, though. If you're using both WordPress and another type of site concurrently it can make the process of deploying forms more streamlined.

Forms 1.0 HTML: I appreciate the control that Forms 1.0 offers in terms of being able to do anything you would with any non-Marketo form, because I romanticize Ye Olde Marketo. I also appreciate that I am very much in the minority on this view. Most people avoid this with good reason.

Forms 2.0 JS: While this method has the single fastest deployment (just paste and go!), you're going to wind up missing form pre-fill without some API workarounds. On the other hand, you have complete flexibility to use the Forms 2.0 API to create a lot of custom actions easily.

Like most things, the right choice for you and your site depends on what your outcomes are.

Anonymous · ‎03-31-2016

Hey there Courtney, we finished deploying the Free Plugin: Hutchhouse's Marketo Forms and Tracking on our WordPress site we're developing. Is there a way you can tell the plugin to redirect to a specified "Thank you" page?

We love everything else about the plug-in, including form pre-fill, but cannot find a way to have it redirect to a thank you page upon completion. We plan on using one form for multiple landing pages, and this would be the way to tell Marketo to run it's smart campaign off of.

Any help would be appreciated!

Edward_Masson · ‎01-14-2016

In the past, when my company had acquired other companies I've had to integrate (to an extent) place an iframe marketo landing page with Form 1.0. Now with Forms 2.0 as Grégoire Michel points out, its far easier to embed the form in Wordpress.

Grégoire_Miche2 · ‎01-11-2016

Hi Valerie,

We use wordpress for our blog and it does integrate totally seamlessly and easily with Marketo. Just pay attention to some so-called Wordpress Modules intended to "ease" the integration and that in fact use the server API on the client side. They are very dangerous as they expose Marketo connection info and would enable anyone to run a DoS attack on your Marketo instance.

As stated by Jamie, start with integrating the munchkin code on your pages. This is done adding the code to the page templates.

Then you can easily integrate Marketo forms. Various possibilities here : embed code, iframe or redirect to Marketo Landing pages.

What would be harder to do is to integrate wordpress user management with Marketo forms. This would require some in house work as, AFAIK, there is no wordpress module that can do this. The best and simplest way to do it if to use Marketo Webform 2.0 API and run Marketo forms in the background each time someone opens an account or logs in.

-Greg

Casey_Grimes · ‎01-14-2016

Grégoire Michel wrote:
Just pay attention to some so-called Wordpress Modules intended to "ease" the integration and that in fact use the server API on the client side. They are very dangerous as they expose Marketo connection info and would enable anyone to run a DoS attack on your Marketo instance.

Awww, Greg, that's what your WAF is for!

In all seriousness though, while I have seen this happen for other MAPs (InfusionSoft in particular) I've yet to see or hear any DoS attacks on a Marketo instance and would be interested in this beyond a "what if" scenario.

SanfordWhiteman · ‎01-14-2016

In all seriousness though, while I have seen this happen for other MAPs (InfusionSoft in particular) I've yet to see or hear any DoS attacks on a Marketo instance and would be interested in this beyond a "what if" scenario.

We could never recommend an architecture that can handle 10,000 legitimate uses per day (assuming zero other integrations are in use) even before you take malice into account. And since any DoS cascades to an attack on your website's core functionality, I have always found this a seriously horrifying proposition. (Heck, I feel that way about SFDC API forms integrations that max out at 100K+ legit uses when sites get millions of hits per day.)

To me, it's a perpetual 0day vulnerability, it isn't only whether an attack has been seen against a particular customer, but about the risk (and, in regulated industries, risk paperwork) involved. With so many major companies using Marketo, I'd have hoped this stuff would be off the table.

And besides, there are other ways to get prefill on 3rd-party forms....

Casey_Grimes · ‎01-14-2016

Honestly, I feel once you get into regulated industries you're almost better off just utilizing local storage for prefill, sending data to a PCI-compliant storage and setting up your own connection to any SaaS product, but that's just me and definitely off-topic here.

The conversation did prompt me to take a look specifically at Hutchhouse though (since it does use SOAP) and while not horrifying in terms of exposed data could probably go for a RESTful rewrite.

SanfordWhiteman · ‎01-14-2016

Honestly, I feel once you get into regulated industries you're almost better off just utilizing local storage for prefill, sending data to a PCI-compliant storage and setting up your own connection to any SaaS product, but that's just me and definitely off-topic here.

And that's if your legal team approves of prefill at all!

But there are a lot of places (like SaaS and/or security tech vendors) who are mostly self-regulating but who don't pay attention to stuff like this even though it contradicts their mission statement, if nothing else. Drives me crazy.

The conversation did prompt me to take a look specifically at Hutchhouse though (since it does use SOAP) and while not horrifying in terms of exposed data could probably go for a RESTful rewrite.

If I were in a constructive mood, I'd say

switch to REST with a Read Lead permission
set a maximum # of calls per day (as much to allow cooperation between legit users of different integrations as to prevent abuse)
better exception handling, specifically for rate limit exceeded

Grégoire_Miche2 · ‎01-14-2016

Hi Courtney,

Neither do I, but some of my customers (WW scale financial institutions with all the regulatory arsenal and the IT Security Office) are adamant about the idea of some even suggesting exposing Marketo Client ID or Client secret in a client-side code...

Furthermore, in these matters, better safe than sorry, IMHO

-Greg

SanfordWhiteman · ‎01-14-2016

... and if they're only worried about the SOAP API credentials they seem to be missing some other trees in the forest, no?

SanfordWhiteman · ‎01-14-2016

Neither do I, but some of my customers (WW scale financial institutions with all the regulatory arsenal and the IT Security Office) are adamant about the idea of some even suggesting exposing Marketo Client ID or Client secret in a client-side code...

Yes, when an integration uses the world-writing SOAP API instead of the permission-managed REST API it's even more worrisome.

Anonymous · ‎01-11-2016

You can definitely do this with out of the box technology. Simply add the javascript tracking code to your wordpress header file and then use embedded Marketo forms and you are good to go. If you have Marketo social, all of those widgets are embed-able as well.