Support » Plugin: Host Header Injection Fix » Is the plugin still useful when…

  • Resolved Lloyd Roger Spencer


    I am currently hosting my site on Cloudways where you can configure your own SMTP service on the server, and for the application you can set the from address. This means all WordPress notifications come from your chosen service/address.

    In my case I have configured my own email through a 3rd party service and entered the required settings within Cloudways (details in link).

    So, is this plugin still required or of benefit, or am I using the plugin to do something that is taken care of at the root level/server?

    My settings are currently:
    Use Email Address from General Settings (default)
    But technically I’ve already set that on Cloudways for the application (WordPress).

    Thanks for the plugin!

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Author Jeff Starr


    In the general case, yes this plugin is still useful on any server where the reported issue exists. If your server somehow has resolved the issue some other way, then the plugin is not necessary. The best way to find out for any specific case is to test it yourself. That way you will know for sure whether the vulnerability exists or has been patched some other way. Here are some docs that describe the issue so you can follow along and do some tests:

    Let me know if I can provide any further infos, glad to help however possible.

Viewing 1 replies (of 1 total)
  • The topic ‘Is the plugin still useful when…’ is closed to new replies.