Webforms - A prime Hacker target

Having run a Linux webserver for a number of years I am very aware of this threat. I have also attempted to run a Wordpress blog and the abuse of comment forms was one of the reasons that I abandoned Wordpress. Similarly, I gave up hosting my own Linux webserver as I grew tired of "fighting" with the spammers!

Above is a screen-shot taken from the Village Hall website in October 2021. Here you can see that there has been very little real activity in users interacting with the site. At the time of the screen capture there had been only 245 form submissions. There are 30 spam messages but I had been deleating these as I went along.

Since that time I have disabled most of the forms on the Wordpress site.

A previous experience - when I was hosting my own Wordpress site

The Attack Vector

Basically when you place a form on your website it is an open invitation for those so inclined to attempt to access your server's resources. Depending on what the forms function is the result can range from bogus emails being sent from your email form to spam comments on your feedback forms. In an extreme case of a log-in form being compromised your site can be defaced, shut-down or you can be held to ransom.