Quick jump menu:

DSA Media News and Information

WordPress Plugin Upgrades

Further to our posts on keeping the WordPress core files updated, please note that this also includes plugin files. Plugins from the WordPress repository are not moderated and therefore you need to trust which ones to use to ensure the security of your website.

We have recently found a number of sites under attack from spammers who were exploiting the contact form 7 plugin. From our investigations we could easily see the version of the plugin in use, as it inserts it as a hidden form field, which means it’s easy for any spammer to determine whether the plugin is up to date and if it can be exploited. One such exploit resulted in 40,000 emails being sent via our server and over 9000 bounced emails received back which eventually crashed the server.

Whilst we can appreciate that scripts and plugins are required to help a website’s functionality, and exploit attempts will always be made and can happen on up to date versions of these scripts, if there are steps to reduce the likelihood of this happening, such as upgrading a plugin or looking into a more secure method, then we request that you do so. This is not a recommendation, this is a requirement.

As per our Hosting Terms & Conditions:

4a. Clients are solely responsible for ensuring that all scripts installed by them (including any available within your account control panel) are patched and kept up to date.