Contact Form 7 Now Safe To Use

After the security vulnerability kerfuffle that I reported on the other day regarding my beloved contact form 7 plugin, the plugin author has released an update which contains the necessary security fixes. Based on the changes, we can see that the security problem lied within the fact that the previous version did not apply default restrictions for file types and file sizes.

This version applies default restrictions for file type and file size when you do not set the filetypes and limit (file size) options explicitly. Default acceptable file types (extensions) are: jpg, jpeg, png, gif, pdf, doc, docx, ppt, pptx, odt, avi, ogg, m4a, mov, mp3, mp4, mpg, wav, and wmv. Default acceptable file size is 1 MB (1048576 bytes).

You can grab the new version from the plugin homepage or from the WordPress plugin repository.


Last night, I donated $20.00 to the author of Contact Form 7 to bring his total up to $100.00 Not only is it a great plugin, but I wanted to send a token of appreciation for fixing the plugin so quickly. I noticed that many other people use this plugin as well and if you can spare a dollar or two as a donation, I highly encourage it. This marks the third donation I’ve given to a plugin author. If WPTavern can ever pay the bills while having cash left over, I’d use that to donate to plugin authors of the plugins I use on this site.


3 responses to “Contact Form 7 Now Safe To Use”

  1. Yes i agree-great post and great plugin. Would you perhaps know where i can find documentation on how to setup the ‘message body’ of contact form 7? I have been struggling to get the radio button information to display when i form is received in my mail box? Thanks for the great article.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: