Re: Embedding Marketo forms on Wordpress

Ya, not allowed, though... no links to our own products or email addresses. The idea is you build reputation by solving people's probs, and that in turn can make people seek you out.

On a technical level, you should consider that your plugin (like Grazitti's, and any other server-side plugin like this that I'm aware of) consumes a REST call for each anonymous session, so anyone can trivially break it for the rest of the day -- and break all other integrations across the Marketo instance -- by trickling in at most 1/2 hour of traffic. 

In 2018, everyone must expect attacks on their corporate website; everyone is a target, not just "controversial" sites. Sure, at some scale, a DoS vulnerability will always exist. But that scale shouldn't be a single bad actor with a few minutes to spare. That's why I don't consider these approaches prime-time-ready.

This isn't to say, by the way, that your plugin isn't superior to the other REST-based solutions! But REST isn't the way to do this. Any solution must have as its baseline the same capacity as native Marketo PreFill.

Thank you! Did you happen to check out those other ones like Hoosh or Zaper? What made you go with Grazitti?

We looked at a few options, but Grazitti was cost-effective and easy to work with, and we have several other pieces of their integration active on our site. 

In addition to form-fill, we've been able to do real-time personalization on our blog for content, images and ads. The plugin also links the blog to Marketo in a way that lets us send a digest email from our own templates just by clicking the articles we want included... so in essentially three clicks I have a perfectly created digest email out the door. Their support has also been great, which has been very helpful.

Have you ever heard of (or had) any hacks or attacks when using Grazitti?

I have not, but I feel like this would be a question they would be comfortable with addressing if you asked them directly. I know I've asked some of our other vendor partners for information about their security standards.

To hone in directly on the problem area, it's not security as in "exfiltrating private data."  It's a question of uptime under load and collateral damage to other services.

There's no way (I am not exaggerating, there is no way) for an approach that consumes an API call for every anonymous request to bear up under quite minor load. It is mathematically impossible.

Think of it like this, perhaps: there's a fancy sports car, keys in the ignition, gull-wings open, in the parking lot of a high school. 1 whole gallon of gas in the tank. School's out, and cops are all on furlough. Is that a low-risk scenario, day after day?

But their solution isn't actually suitable for professional sites (a newbie hacker can break it, and all your other integrations, in half an hour).

That's the difference between something that "works" and something that should be exposed to the public.

That is extremely helpful. Thank you

Ok, thank you for the info!

Sanford Whiteman​ can you please let me know what secure solutions you provide?

Nick Weirens​, if you follow me we can DM about it (we aren't allowed to link from Nation posts).

Hi Sanford Whiteman, I'd love to get more info about this as well!

About what part?

Sanford Whiteman - the secure solutions/workarounds for adding the prefill capabilities on Marketo forms for WordPress.

Ah, that's here: Form Pre-Fill. External sites. No limits. You're welcome.

Thank you!