Contact forms…. they’re built in!

I’m so used to the Spiffy Stores features, that I kind of take some of them as granted, and forget that some of our competitors seem to ignore basic customer needs.

Take for example the Contact Us form. Practically every online store needs one. Customers aren’t going to be very impressed if there’s no way to contact the store owners.

So with this in mind, Spiffy Stores includes a Contact Us form automatically. When you set up an online store with Spiffy Stores, we automatically create two pages called “Contact Us” and “Contact Us Thanks”.

If you’ve accidentally deleted your contact form, just create two pages called “Contact Us” (your contact from will automatically appear on the “Contact Us” page) and “Contact Us Thanks”. You then add the Contact Us page to a menu, and you’re done. You can add some customization and additional text and rename the pages, if you like (keeping the page handles the same).

Another great way to add other forms to your site is by using Wufoo. The folks over at Wufoo have built a fantastic form builder that integrates with a load of other systems. To get a Wufoo form to work in your Spiffy Store, you just create the form and copy and paste the code from Wufoo into a page. Wufoo allows you to create a form in just a few minutes!

Spammers Begone

We recently enabled a small security enhancement to the Spiffy Stores software to prevent a security attack called Cross Site Request Forgery (CSRF).

Basically, now an encrypted token is generated and inserted into every form on the store web pages. This prevents a hacker from copying a form from the site and tricking you into executing the form from a fake site, thus giving the hacker access to your account.

Whilst it was extremely unlikely that this sort of attack would work because of the way in which the Spiffy Stores software is designed, it never hurts to improve security wherever possible.

However, it turns out to have an unintended bonus effect!

Spiffy Stores is one of the few ecommerce solutions that has a “Contact Us” form built into your store. This form is generated for you automatically and you don’t need to use a third-party online form service to get something as essential as a contact form.

Now that we have added the Cross Site Request Forgery code, we are seeing instances of spammers who have “copied” the contact forms from various sites and have built them into scripts to try to spam our store owners with fake contact form submissions. All of these attempts are now failing because they are all detected as forgeries, and this means that your inbox will contain less of the spam generated by these pests.