Update Oct 2017.  This is an area that Infusionsoft are still tightening.  Talk with us if you need up-to-date advice. 

Infusionsoft recently rolled out a small change – so small you might not have noticed it.


But your customers might.


In case you haven’t seen the notes on the change, this is the story:

Lately, not-so-nice people have been trying to attack systems by submitting entries into their webforms – those forms where people fill in their name and email so you can send them your gizmo, and those forms where people apply for your consulting or courses and so on.  (This isn’t new, but it’s happening more lately.)

The non-tech version is that you might have seen “people” with some really weird names coming in those forms.  Those people were submitted by bots – programs written to wander over the web and attack any form they can find.  If they get inside they don’t behave nicely.

To help minimise the damage these critters can do, Infusionsoft have added “CAPTCHA” codes on webforms.  (They’re those questions where you prove you’re not a robot by adding 3+5 or pointing out which picture has a house in it.)

You can turn these off from the settings area on your forms, but I wouldn’t recommend it unless you have a very good reason. Which isn’t “my customers don’t like it” – it’s more like “it’s breaking my HTTPS post”.

So if your customers comment that they’re suddenly being asked to fill in a CAPTCHA, that’s why.


Note: If you’re linking these forms to another tool – like LeadPages, or a pop-up tool, make sure this setting is turned off on the Infusionsoft form.  And make sure to do the validation in that tool.  Simple version – whatever page your customer sees is the one that checks that it is a person, and that they’ve filled in the important stuff.