Click4Assistance Live Chat WordPress Plugin is Completely Secure

Over 50,000 businesses are using the ‘WP Live Chat Support’ plugin to provide customer service and chat with their website visitors.

If your are looking for a list of Wordpress live chat plugins, please visit this link wordpress live chat plugin

A warning about a critical vulnerability, identified as CVE-2019-12498, has been shared from security researchers regarding the WordPress live chat website plugin. The flaw was discovered by cybersecurity researchers at Alert Logic. It exists due to an improper validation check for authentications that could allow unauthorised access to the restricted REST API endpoints.

If the vulnerability is abused, unauthorised remote users can gain access to steal all chat logs, modify or delete the chat history, manipulate live chat sessions by injecting messages and imposing as the customer support agent and forcefully end an active session as part of a denial of service (DoS) attack.

Not To Be Confused

Click4Assistance have our own live chat website plugin for the WordPress platform. It is our own software that allows users with a WordPress website to easily implement the communication channel.

There is no association what so ever between our solution’s plugin and the ‘WP Live Chat Support’ Plugin. Think Hoover, Dyson, Shark as a comparison, they are the same type of product but they are separate companies.

Data Security

Click4Assistance live chat website plugin is completely secure.

Security is one of our main priorities when redesigning the solution from the ground up and when making enhancements. Our developers are up to date with security trends and best practices to ensure the software remains resilient and secure.

Security protocols are embedded into all operations from product development, infrastructure and the physical environment. Security aware software development with agile methodologies occurs under strict change control processes which require rigorous testing regimes and multiple sign off to OWASP standards before release.

We have many procedures in place when it comes to data security. Some are more account level specific such as:

Login policies with forced password strength and expiry,
Password lockout,
IP/Time lockdown,
AD integration,
Full audit reporting.

Whereas others are at transmitting and storing level:

Data only ever resides within the UK,
Encrypted in transit using TLS 256bit SHA2 algorithms,
Passwords and any personally identifiable data include chat transcripts are encrypted at rest using the latest AES256 (Advanced Encryption Standard),
No script can be injected during a chat. This ensures that the JavaScript cannot be manipulated and unauthorised changes can be made to the system.

Hosting

We use Equinix to host our servers. They are a global leader in co-location and connectivity. Their accreditations include ISO9001, ISO27001, and ISO14001 amongst many others. Access to the data centre and our servers is heavily restricted with only key members of staff allowed entry. Even then they are rigorously checked with ID, retina scans and controlled entry points etc.

New servers were recently introduced following a lot of research into the best type for our requirements. They were built from scratch and include a large number of encrypted back up hard drives. This ensures connectivity should the hardware experience an issue.

They are situated in a more powerful dedicated rack than previous to ensure that the system uptime maintains our minimum of at least 99%. We have never had a data security breach.

Takeaway

Sometimes the free or built in options might be great for convenience; however there are risks with security and lack of functionality/usability. When looking for a live chat website plugin provider, ensure you research into their data/cyber security information and find a supplier that can meet your requirements.

Click4Assistance has been providing website live chat for over 15 years. Our clientele includes police forces, NHS organisations and local government etc. therefore we have a legal obligation to ensure our security is of the highest possible standards. For more information about our WordPress plugin, security or our services contact our team on 01268 524628 or email theteam@click4assistance.co.uk.

WE HELP BUSINESSES COMMUNICATE

UK providers of live chat software and online communication tools to a range of industries, we offer a cutting edge, resilient and proven live chat solution backed-up with first class support and advice.

FIND OUT MORE

BLOG ARTICLE AUTHOR: GEMMA BAKER

Gemma is a Marketing Executive for UK web chat Provider Click4Assistance, with a range of knowledge in live chat software and customer engagement channels, customer service methods and improving online business.

MOST POPULAR

Live Chat Software for Charities – Reaching out to those who need help

16 September 2015

Rise in Mobile Traffic for Online Retailers Shows the Importance of Live Chat Support

10 January 2017

Save Staff Resources with Chat Monkey

03 May 2018