WordPress.org

Support

Support » Miscellaneous » PHP contact form security

PHP contact form security

  • I hope it isn’t out of line to ask a semi-non-WP question here…but I am posting in the Miscellaneous category, in hopes of maybe getting some advice from the php gurus here.

    I have just learned that my PHP contact form on a non-WordPress site has been compromised, and someone is using it to send spam. It was supposed to be a “secure” script, where we hardcode all the potential “to” addresses, and they are not revealed anywhere….but some hacker found a way around it, and sent plenty of messages to other people who were not hardcoded into the script!

    I have disabled the script, but now I have to figure out how to prevent this from happening again.

    My thoughts right now are to:

    1. Find a new mail form that is secure…but how will I know it’s secure? That’s why I’m asking here…what would I need to look for in a script, or does anyone have one that is reasonably “bullet proof”?

    2. Change the site over to WordPress (and use a WP contact form plugin). If a WP plugin would provide greater security than a standalone contact form, then I would be willing to take the time to create a custom theme, etc. and convert the whole thing into WP. I have a WP contact plugin running on another site, on the same server, and it has never been compromised.

    Any suggestions, warnings, or advice would be gratefully appreciated!

    TIA 🙂

Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘PHP contact form security’ is closed to new replies.
Skip to toolbar