18 July 2019 | 4783 views

Click4Assistance Live Chat WordPress Plugin is Completely Secure

Click4Assistance Live Chat WordPress Plugin is Completely Secure

Over 50,000 businesses are using the ‘WP Live Chat Support’ plugin to provide customer service and chat with their website visitors.

If your are looking for a list of Wordpress live chat plugins, please visit this link wordpress live chat plugin

A warning about a critical vulnerability, identified as CVE-2019-12498, has been shared from security researchers regarding the WordPress live chat website plugin. The flaw was discovered by cybersecurity researchers at Alert Logic. It exists due to an improper validation check for authentications that could allow unauthorised access to the restricted REST API endpoints.

If the vulnerability is abused, unauthorised remote users can gain access to steal all chat logs, modify or delete the chat history, manipulate live chat sessions by injecting messages and imposing as the customer support agent and forcefully end an active session as part of a denial of service (DoS) attack.

Not To Be Confused

Click4Assistance have our own live chat website plugin for the WordPress platform. It is our own software that allows users with a WordPress website to easily implement the communication channel.

There is no association what so ever between our solution’s plugin and the ‘WP Live Chat Support’ Plugin. Think Hoover, Dyson, Shark as a comparison, they are the same type of product but they are separate companies.

Data Security

Click4Assistance live chat website plugin is completely secure.

Security is one of our main priorities when redesigning the solution from the ground up and when making enhancements. Our developers are up to date with security trends and best practices to ensure the software remains resilient and secure.

Security protocols are embedded into all operations from product development, infrastructure and the physical environment. Security aware software development with agile methodologies occurs under strict change control processes which require rigorous testing regimes and multiple sign off to OWASP standards before release.

We have many procedures in place when it comes to data security. Some are more account level specific such as:

  • Login policies with forced password strength and expiry,
  • Password  lockout,
  • IP/Time lockdown,
  • AD integration,
  • Full audit reporting.

Whereas others are at transmitting and storing level:

  • Data only ever resides within the UK,
  • Encrypted in transit using TLS 256bit SHA2 algorithms,
  • Passwords and any personally identifiable data include chat transcripts are encrypted at rest using the latest AES256 (Advanced Encryption Standard),
  • No script can be injected during a chat. This ensures that the JavaScript cannot be manipulated and unauthorised changes can be made to the system.

Hosting

We use Equinix to host our servers. They are a global leader in co-location and connectivity. Their accreditations include ISO9001, ISO27001, and ISO14001 amongst many others.  Access to the data centre and our servers is heavily restricted with only key members of staff allowed entry. Even then they are rigorously checked with ID, retina scans and controlled entry points etc. 

New servers were recently introduced following a lot of research into the best type for our requirements. They were built from scratch and include a large number of encrypted back up hard drives. This ensures connectivity should the hardware experience an issue.

They are situated in a more powerful dedicated rack than previous to ensure that the system uptime maintains our minimum of at least 99%. We have never had a data security breach.

Takeaway

Sometimes the free or built in options might be great for convenience; however there are risks with security and lack of functionality/usability. When looking for a live chat website plugin provider, ensure you research into their data/cyber security information and find a supplier that can meet your requirements.

Click4Assistance has been providing website live chat for over 15 years. Our clientele includes police forces, NHS organisations and local government etc. therefore we have a legal obligation to ensure our security is of the highest possible standards. For more information about our WordPress plugin, security or our services contact our team on 01268 524628 or email theteam@click4assistance.co.uk.

Popular Blogs

16 Sep 2015

Live Chat Software for Charities – Reaching out to those who need help

Charities are using Live chat software to help people in difficult situations, by offering secure advisory services through live chat rather than normal means of communication such as phone or email.

Read more
21 Mar 2017

Healthcare Organisations Successfully Use Live Chat Integration

Click4Assistance will be exhibiting at the B2B marketing expo on the 28th and 29th March 2017, at Excel London.

Read more
22 Feb 2018

Securing Your Live Chat Integration to Comply with GDPR

The countdown is ticking away until organisations must be fully compliant with the General Data Protection Regulations (GDPR) that take affect from 25th May 2018.

Read more

Find out more

Live chat dashboard with chat window example

Live chat

Learn how live chat can help empower your organisation.

Find out more
Coni chatbot live chat support Arti AI for live chat business support

Chatbots & AI

Learn how chatbots and AI can help you engage with your audience.

Find out more
integrated omnichannel communications

Omnichannel

Connect with your audience using multiple omnichannels.

Find out more

Discover more

Want to see how live chat can work for your organisation?

See examples of web chat and chatbot implementations for your industry. Be inspired by how other companies in your sector use live chat!

Download web chat and chatbot examples for your industry

Embrace new ways of engaging with your audience!