Buy Now

How to Collect and Share Testimonials on WordPress—The Safe, Legal, and Smart Way

property cards

When someone says something nice about your work, it can mean a lot. On the internet, these kinds of compliments are called testimonials.

A testimonial is when a happy customer shares what they liked about a product or service. These brief messages may seem insignificant, but they’re remarkably powerful. People often trust honest opinions from other customers more than they trust ads.

If you use these quotes effectively—such as placing them near a “Buy Now” button or at the bottom of a service page—they can help others feel more confident about choosing you.

Testimonials can also keep people on your website longer and help your site rank higher on Google, especially if you use structured data to tell search engines exactly what the testimonial says and who wrote it.

However, before you post someone else’s words, you need to be cautious. Testimonials often include personal information. Sharing these quotes without permission can cause problems for both you and the person who provided them. In some countries, you could even be fined.

This article will guide you step by step on how to collect and post testimonials safely, legally, and in a way that helps your website grow.

Asking for Permission the Right Way (and Getting Better Quotes Too)

The best time to ask someone for a testimonial is right after they’ve had a good experience with your product or service. You can set up an automatic thank-you email using tools like WooCommerce or FluentCRM. This message should link to a short feedback form that’s easy to fill out on a phone or computer.

To make your form, use a plugin like WPForms or Gravity Forms. These tools help you build forms without needing to write code. In your form, you should do the following:

  • Tell people how their words will be used. Clearly state that their comments may appear on your website, in emails, on social media, or in printed materials. Ensure they understand that their information won’t be sold or shared with other companies.
  • Let them choose how their name is shown. Some people want their full name to appear. Others may prefer initials, a job title such as “Teacher,” or even to remain anonymous. Providing them with options helps them feel more at ease.
  • Give them a way to upload a photo. Add a checkbox where they can say if it’s okay for you to use their picture. This helps meet GDPR requirements, which require individuals to provide explicit consent for each part of their data.
  • Include a link to your privacy policy. This page explains how you handle people’s data. You should also include an email address, such as privacy@your-site.com, where people can contact you if they wish to make changes or request that their testimonials be removed.

Your form should automatically record the date and IP address of each submission. This creates a record that proves someone permitted you. By asking for feedback soon after the experience, you’re more likely to receive helpful and honest comments.

Keeping Personal Information Safe and Protecting Your Brand

Even if someone permits you, you still have a responsibility to protect their information. Never post personal details, such as home addresses, phone numbers, financial information, or children’s names. Once these are online, search engines can find and save them, and other websites may copy them without your control.

If someone wants privacy, you can still use their quote without sharing who they are. For example, you might display their initials, job title, or a general location, such as “Chicago, IL.” This maintains the testimonial’s trustworthiness while respecting their identity.

If someone sends a headshot (a photo of their face) and they’re shy about being seen, you can blur the image or crop it to their discretion. This keeps the photo real while making it harder for strangers to find more about the person.

Behind the scenes, all testimonial forms are stored in your WordPress website’s database. To protect this data, use a security plugin like Wordfence or iThemes Security. These tools scan for malware, limit login attempts, and add firewalls.

Additionally, ensure that every admin has their login and utilizes two-factor authentication, which adds an extra layer of security to the login process. This makes it harder for hackers to break in.

Backups should be encrypted and stored in secure locations, such as Backblaze, Wasabi, or Amazon S3. Grant access only to team members who require it, and avoid sharing passwords whenever possible.

Following the Fair Housing Act (For Real Estate Websites)

If your website facilitates the purchase, rental, or financing of homes in the United States, you must also comply with the Fair Housing Act. This law ensures that everyone has an equal opportunity to find housing, regardless of their race, religion, gender, family size, or disability.

You must avoid words that make a neighborhood sound better for some people than others. For example, avoid phrases like “great for young families” or “perfect for seniors.” Even if you mean well, these phrases can make others feel left out or unwelcome.

Instead, focus on what your service provides. Say things like:

“Our agent helped us finish the paperwork quickly,” or

“The office worked with our schedule during a cross-country move.”

Additionally, use images that feature people from diverse backgrounds, and adjust the order in which your testimonials appear by utilizing WP_Query or a testimonial plugin with a shuffle feature. This helps make sure that every visitor sees a mix of faces and stories.

Understanding GDPR: Three Important Things to Remember

The General Data Protection Regulation (GDPR) is a European Union law that protects individuals’ personal data online. Even if your business is not based in Europe, it’s a good idea to follow these rules to demonstrate your respect for people’s data. Here are three things you must do:

  1. Make your privacy policy easy to find. Every form should include a clear link to your privacy policy so people know how long their data will be stored, what you’re using it for, and how they can delete it.
  2. Create a data retention schedule. For example, you might decide to delete testimonial entries every two years unless you get new permission. Write this policy down so you can show it to anyone who asks.
  3. Respond to data requests quickly. If someone wishes to view or delete their testimonial, they must reply within 30 days. Ensure that you remove all copies, including those in your backups.

By doing these things, you’ll follow the law and demonstrate to your clients that you take their privacy seriously.

A Simple Plan for Collecting and Sharing Testimonials in WordPress

If you want to keep your testimonials organized and safe, follow this easy five-step plan:

  1. Collect – After a sale or finished project, send an automatic email using WooCommerce, FluentCRM, or your invoicing tool. Include a link to your feedback form. When you ask at the right moment, people are more likely to give strong, positive answers.
  2. Review – Have someone on your team read each submission. It’s best if this person doesn’t work on the project, as they’ll catch spelling mistakes or private information more easily. Use a plugin like PublishPress Checklists to ensure that no testimonial is published without being reviewed.
  3. Approve – Only certain people—like your boss, lawyer, or privacy officer—should be allowed to post testimonials. You can control this by assigning permissions with User Role Editor so only trusted users can publish quotes.
  4. Post – Place the approved testimonials where they’ll have the most significant impact—such as on your homepage, landing pages, or within detailed case studies. Strong Testimonials works well with page builders like Gutenberg, Elementor, or Beaver Builder.
  5. Log – Every week, save new testimonials to a secure cloud storage service, such as Backblaze, Wasabi, or Amazon S3, and record when each one was collected so you can update or remove it after two years.

Write this process down in a guide or standard operating procedure (SOP). This helps your team follow the steps and shows auditors that you’re following a clear, professional system.

How to Display Testimonials That Are Easy to Read and Trusted

Most visitors won’t read every word on your website. They scan quickly, especially on phones or tablets. So keep each testimonial short—about 30 to 50 words—and easy to understand. Add a short attribution line, such as a name or title, to indicate its authenticity.

Use fonts that are easy to read, and ensure the colors have good contrast so that everyone can see clearly. Don’t forget to add alt text to any images so that people using screen readers can understand them as well.

If you prefer using small animations (such as a soft fade-in), that’s fine—but only load them on the pages where testimonials appear. This helps your site stay fast. Plugins like Asset CleanUp can help you control where scripts load.

For search engine optimization (SEO), tools like Rank Math or Schema Pro add special code (structured data) that tells Google your testimonials are reviews. This can help them appear as rich snippets in search results, even if you don’t use star ratings.

Keep Testimonials Fresh and Up-to-Date

Just like news, testimonials can become outdated. A quote from 2019 might not sound as impressive in 2025. That’s why you should review your testimonials at least twice a year to ensure they remain current and accurate.

Use a table or spreadsheet to track:

  • The date each testimonial was posted
  • Who gave it
  • What they said
  • Whether they’ve permitted to keep it up

Every two years, email the person who gave the testimonial. Ask if they want to update it or keep it the same. Many will be happy to provide a new version with more details.

If someone asks you to remove their quote, do so immediately. Delete it from your site, remove any related pictures, and clear your backups and cache. Then, email them to confirm that it’s been entirely removed. You can schedule reminders for this process using WP Control or EasyCron so you never forget.

Testimonials can be one of the most powerful tools for your website. When real people share their experiences, it builds trust and helps others feel confident about working with you.

However, obtaining testimonials isn’t just about asking for quotes—it’s about protecting people’s privacy, adhering to the law, and maintaining your content’s integrity and authenticity.

If you follow the steps in this article—asking at the right time, protecting personal information, reviewing and approving quotes carefully, and updating your testimonials regularly—you’ll demonstrate that your business is professional, trustworthy, and respectful.

Let your happy customers tell your story. Their words might be your best marketing tool of all.

Latest Posts

Read next

Envato Power Elite Author

Build the website you've always wanted with the WpResidence theme

Buy WPResidence Now
$ 79 one timE
  • Life Time Updates
  • All Pre-Built Demos Included
  • Awesome Customer Support
  • Best Selling Real Estate Theme
Buy WpResidence
NO HIDDEN FEES
Best Seller
WpResidence - Real Estate Theme Logo

Contact us​

Documentation

Our Premium Portofolio

Copyright WPResidence by WP Estate. All Rights Reserved ©