Share this live chat software article on facebook
Tweet this web chat software blog on twitter
Pin this blog on how to add live chat on websites within pintrest
Share this information regarding a live chat service on linked-in
Use google plus to share this news relating to live chat software
Click4Assistance Live Chat WordPress Plugin is Completely Secure
DATE
This Live Chat Software Blog was Published On
TAGS
Associated Tags that are related to Web Chat Software
AUTHOR
The Author of this Live Chat Service Article
VIEWS
Number of views this blog has had

18 July 2019

Gemma Baker

471

Click4Assistance Live Chat WordPress Plugin is Completely Secure

Over 50,000 businesses are using the ‘WP Live Chat Support’ plugin to provide customer service and chat with their website visitors.


A warning about a critical vulnerability, identified as CVE-2019-12498, has been shared from security researchers regarding the WordPress live chat website plugin. The flaw was discovered by cybersecurity researchers at Alert Logic. It exists due to an improper validation check for authentications that could allow unauthorised access to the restricted REST API endpoints.

If the vulnerability is abused, unauthorised remote users can gain access to steal all chat logs, modify or delete the chat history, manipulate live chat sessions by injecting messages and imposing as the customer support agent and forcefully end an active session as part of a denial of service (DoS) attack.

Not To Be Confused

Click4Assistance have our own live chat website plugin for the WordPress platform. It is our own software that allows users with a WordPress website to easily implement the communication channel.

There is no association what so ever between our solution’s plugin and the ‘WP Live Chat Support’ Plugin. Think Hoover, Dyson, Shark as a comparison, they are the same type of product but they are separate companies.

Data Security

Click4Assistance live chat website plugin is completely secure.

Security is one of our main priorities when redesigning the solution from the ground up and when making enhancements. Our developers are up to date with security trends and best practices to ensure the software remains resilient and secure.

Security protocols are embedded into all operations from product development, infrastructure and the physical environment. Security aware software development with agile methodologies occurs under strict change control processes which require rigorous testing regimes and multiple sign off to OWASP standards before release.

We have many procedures in place when it comes to data security. Some are more account level specific such as:

  • Login policies with forced password strength and expiry,
  • Password  lockout,
  • IP/Time lockdown,
  • AD integration,
  • Full audit reporting.

Whereas others are at transmitting and storing level:

  • Data only ever resides within the UK,
  • Encrypted in transit using TLS 256bit SHA2 algorithms,
  • Passwords and any personally identifiable data include chat transcripts are encrypted at rest using the latest AES256 (Advanced Encryption Standard),
  • No script can be injected during a chat. This ensures that the JavaScript cannot be manipulated and unauthorised changes can be made to the system.

Hosting

We use Equinix to host our servers. They are a global leader in co-location and connectivity. Their accreditations include ISO9001, ISO27001, and ISO14001 amongst many others.  Access to the data centre and our servers is heavily restricted with only key members of staff allowed entry. Even then they are rigorously checked with ID, retina scans and controlled entry points etc. 

New servers were recently introduced following a lot of research into the best type for our requirements. They were built from scratch and include a large number of encrypted back up hard drives. This ensures connectivity should the hardware experience an issue.

They are situated in a more powerful dedicated rack than previous to ensure that the system uptime maintains our minimum of at least 99%. We have never had a data security breach.

Takeaway

Sometimes the free or built in options might be great for convenience; however there are risks with security and lack of functionality/usability. When looking for a live chat website plugin provider, ensure you research into their data/cyber security information and find a supplier that can meet your requirements.

Click4Assistance has been providing website live chat for over 15 years. Our clientele includes police forces, NHS organisations and local government etc. therefore we have a legal obligation to ensure our security is of the highest possible standards. For more information about our WordPress plugin, security or our services contact our team on 01268 524628 or email theteam@click4assistance.co.uk.



WE HELP BUSINESSES COMMUNICATE

UK providers of live chat software and online communication tools to a range of industries, we offer a cutting edge, resilient and proven live chat solution backed-up with first class support and advice.

FIND OUT MORE

Photograph of the Author

BLOG ARTICLE AUTHOR: GEMMA BAKER

Gemma is a Marketing Executive for UK web chat Provider Click4Assistance, with a range of knowledge in live chat software and customer engagement channels, customer service methods and improving online business.






WE HELP BUSINESSES COMMUNICATE

UK providers of live chat software and online communication tools to a range of industries, we offer a cutting edge, resilient and proven live chat solution backed-up with first class support and advice.

FIND OUT MORE

An image of the Author

BLOG ARTICLE AUTHOR: GEMMA BAKER

Gemma is a Marketing Executive for UK web chat Provider Click4Assistance, with a range of knowledge in live chat software and customer engagement channels, customer service methods and improving online business.






SMALL OR MEDIUM SIZED ENTERPRISE

Cost-effective live chat software, proven to increase lead generation and customer satisfaction. Easy to implement and customise, the solution supports your business out of hours with the ‘leave a message’ feature.

CORPORATE ORGANISATION

Integrate our compliant solution with your existing systems for a seamless implementation. Intelligent chat routing ensures multiple department capabilities. Measure your ROI and monitor operators’ KPI’s with the Advanced Reporting Suite.

THE PUBLIC
SECTOR

Increase productivity, reduce resource costs and improve customer satisfaction by answering multiple enquiries simultaneously with live chat software. Mitigate budget restraints, support digital transformation and help customers during online processes.