I hope it isn't out of line to ask a semi-non-WP question here...but I am posting in the Miscellaneous category, in hopes of maybe getting some advice from the php gurus here.
I have just learned that my PHP contact form on a non-WordPress site has been compromised, and someone is using it to send spam. It was supposed to be a "secure" script, where we hardcode all the potential "to" addresses, and they are not revealed anywhere....but some hacker found a way around it, and sent plenty of messages to other people who were not hardcoded into the script!
I have disabled the script, but now I have to figure out how to prevent this from happening again.
My thoughts right now are to:
1. Find a new mail form that is secure...but how will I know it's secure? That's why I'm asking here...what would I need to look for in a script, or does anyone have one that is reasonably "bullet proof"?
2. Change the site over to WordPress (and use a WP contact form plugin). If a WP plugin would provide greater security than a standalone contact form, then I would be willing to take the time to create a custom theme, etc. and convert the whole thing into WP. I have a WP contact plugin running on another site, on the same server, and it has never been compromised.
Any suggestions, warnings, or advice would be gratefully appreciated!