A major exploit was recently found within the “Contact Form 7” WordPress plugin that allows for unrestricted file uploads. While an update was instantly applied by the developers, this can potentially allow an attacker to upload malware to any website using this plugin, which can then spread to other websites within a cPanel account if left unchecked. This exploit was reported by WordFence and other major security organizations.
GreenGeeks is constantly striving to improve our quality of service and increase our overall security as much as possible. With our real-time malware scanning and other methods we deploy, we can attempt to neutralize threats that may arise before they become a bigger problem.
To help prevent a possible compromise, GreenGeeks has automatically updated any Contact Form 7 plugin hosted within our EcoSite, reseller and Managed VPS network. This was done in an effort to help secure this one known vector from being exploited to harm any websites hosted on our network.
While GreenGeeks strives to do what we can to prevent such issues, website owners should always take proactive steps to secure their account. We strongly recommend taking the time to audit all websites you host on your account, and update all WordPress themes, plugins and core versions even if they are not in use. We also strongly suggest updating all passwords regularly. If you haven’t already, we suggest you check out our WordPress Security Webinar.
Doing this in conjunction with the complimentary update we’ve applied for Contact Form 7 will help secure customer websites hosted on our network and start the new year off with secured websites.
As always, feel free to reach out to GreenGeeks support or comment below.