Penetration testing tools overwhelm this plugin easily

  • If your site is regularly scanned with penetration testing tools like Arachni or Netsparker do not use this plugin. A single Netsparker scan can easily overwhelm a site with this plugin enabled. Performance degrades severely over the course of a pentest scan as “spam” messages build up. Submitting a new contact form slows down considerably because on the backend there seem to be an ever increasing number of database queries as the number of messages Flamingo stores goes up. Eventually it becomes like an amplification attack and it will overwhelm the backend WordPress database with too many queries. Submitting a single new contact form eventually produces thousands of queries on the backend to the database.

Viewing 1 replies (of 1 total)

  • Would this not be prevented if you use reCAPTCHA inside your forms? Seems like to me you haven’t protected your forms against spammers in the first case…

    • This reply was modified 3 years, 8 months ago by outhands.
    • This reply was modified 3 years, 8 months ago by outhands.
Viewing 1 replies (of 1 total)
  • The topic ‘Penetration testing tools overwhelm this plugin easily’ is closed to new replies.