Contact Form 7 Now Safe To Use
After the security vulnerability kerfuffle that I reported on the other day regarding my beloved contact form 7 plugin, the plugin author has released an update which contains the necessary security fixes. Based on the changes, we can see that the security problem lied within the fact that the previous version did not apply default restrictions for file types and file sizes.
This version applies default restrictions for file type and file size when you do not set the filetypes and limit (file size) options explicitly. Default acceptable file types (extensions) are: jpg, jpeg, png, gif, pdf, doc, docx, ppt, pptx, odt, avi, ogg, m4a, mov, mp3, mp4, mpg, wav, and wmv. Default acceptable file size is 1 MB (1048576 bytes).
You can grab the new version from the plugin homepage or from the WordPress plugin repository.
Donations:
Last night, I donated $20.00 to the author of Contact Form 7 to bring his total up to $100.00 Not only is it a great plugin, but I wanted to send a token of appreciation for fixing the plugin so quickly. I noticed that many other people use this plugin as well and if you can spare a dollar or two as a donation, I highly encourage it. This marks the third donation I’ve given to a plugin author. If WPTavern can ever pay the bills while having cash left over, I’d use that to donate to plugin authors of the plugins I use on this site.
3 Comments
Jeffro, thanks so much for this post and donation for Contact Form 7. I appreciate the concern :)
Report
@Takayuki Miyoshi – No problem. I enjoy using this plugin quite a bit so I thought it was worthy to give you some cash as a token of gratitude as well as a thanks for fixing it so quickly.
Report
Yes i agree-great post and great plugin. Would you perhaps know where i can find documentation on how to setup the ‘message body’ of contact form 7? I have been struggling to get the radio button information to display when i form is received in my mail box? Thanks for the great article.
Report
Comments are closed.