Click4Assistance glyph Flower shape graphic Rectangle shape
18 July 2019 | 4918 views

Click4Assistance Live Chat WordPress Plugin is Completely Secure

Click4Assistance Live Chat WordPress Plugin is Completely Secure

Over 50,000 businesses are using the ‘WP Live Chat Support’ plugin to provide customer service and chat with their website visitors.

If your are looking for a list of Wordpress live chat plugins, please visit this link wordpress live chat plugin

A warning about a critical vulnerability, identified as CVE-2019-12498, has been shared from security researchers regarding the WordPress live chat website plugin. The flaw was discovered by cybersecurity researchers at Alert Logic. It exists due to an improper validation check for authentications that could allow unauthorised access to the restricted REST API endpoints.

If the vulnerability is abused, unauthorised remote users can gain access to steal all chat logs, modify or delete the chat history, manipulate live chat sessions by injecting messages and imposing as the customer support agent and forcefully end an active session as part of a denial of service (DoS) attack.

Not To Be Confused

Click4Assistance have our own live chat website plugin for the WordPress platform. It is our own software that allows users with a WordPress website to easily implement the communication channel.

There is no association what so ever between our solution’s plugin and the ‘WP Live Chat Support’ Plugin. Think Hoover, Dyson, Shark as a comparison, they are the same type of product but they are separate companies.

Data Security

Click4Assistance live chat website plugin is completely secure.

Security is one of our main priorities when redesigning the solution from the ground up and when making enhancements. Our developers are up to date with security trends and best practices to ensure the software remains resilient and secure.

Security protocols are embedded into all operations from product development, infrastructure and the physical environment. Security aware software development with agile methodologies occurs under strict change control processes which require rigorous testing regimes and multiple sign off to OWASP standards before release.

We have many procedures in place when it comes to data security. Some are more account level specific such as:

  • Login policies with forced password strength and expiry,
  • Password  lockout,
  • IP/Time lockdown,
  • AD integration,
  • Full audit reporting.

Whereas others are at transmitting and storing level:

  • Data only ever resides within the UK,
  • Encrypted in transit using TLS 256bit SHA2 algorithms,
  • Passwords and any personally identifiable data include chat transcripts are encrypted at rest using the latest AES256 (Advanced Encryption Standard),
  • No script can be injected during a chat. This ensures that the JavaScript cannot be manipulated and unauthorised changes can be made to the system.

Hosting

We use Equinix to host our servers. They are a global leader in co-location and connectivity. Their accreditations include ISO9001, ISO27001, and ISO14001 amongst many others.  Access to the data centre and our servers is heavily restricted with only key members of staff allowed entry. Even then they are rigorously checked with ID, retina scans and controlled entry points etc. 

New servers were recently introduced following a lot of research into the best type for our requirements. They were built from scratch and include a large number of encrypted back up hard drives. This ensures connectivity should the hardware experience an issue.

They are situated in a more powerful dedicated rack than previous to ensure that the system uptime maintains our minimum of at least 99%. We have never had a data security breach.

Takeaway

Sometimes the free or built in options might be great for convenience; however there are risks with security and lack of functionality/usability. When looking for a live chat website plugin provider, ensure you research into their data/cyber security information and find a supplier that can meet your requirements.

Click4Assistance has been providing website live chat for over 15 years. Our clientele includes police forces, NHS organisations and local government etc. therefore we have a legal obligation to ensure our security is of the highest possible standards. For more information about our WordPress plugin, security or our services contact our team on 01268 524628 or email theteam@click4assistance.co.uk.

Popular Blogs

The Ultimate Guide To Live Chat Software 4 Sep 2018

The Ultimate Guide To Live Chat Software

Everything You Need To Know About Live Chat Software Integration And Why You Need It

Read more
Click4Assistance UK Software Provider Partners with Largest UK Furniture Retailer 4 Oct 2013

Click4Assistance UK Software Provider Partners with Largest UK Furniture Retailer

Click4Assistance is proud to announce it has recently integrated its innovative live chat software into the existing website of largest UK home retailer Harveys Furniture.

Read more
How to Add Live Chat to my Website? Use a Live Chat Plug-in 5 Aug 2016

How to Add Live Chat to my Website? Use a Live Chat Plug-in

This article is part of a series that explains the various aspects when you are considering live chat for your website.  Whether your website has been built by your own developers, an outsourced development company, or you’re using a 3rd party solution such as WordPress at some point you will need to add a chat window plug-in.If your looking to add live support chat to your website, visit this link add live support chat to your website

Read more

Find out more

Live chat dashboard with chat window example

Live chat

Learn how live chat can help empower your organisation.

Find out more
Coni chatbot live chat support Arti AI for live chat business support

Chatbots & AI

Learn how chatbots and AI can help you engage with your audience.

Find out more
integrated omnichannel communications

Omnichannel

Connect with your audience using multiple omnichannels.

Find out more

Discover more

Want to see how live chat can work for your organisation?

See examples of web chat and chatbot implementations for your industry. Be inspired by how other companies in your sector use live chat!

Download web chat and chatbot examples for your industry

Embrace new ways of engaging with your audience!