My client's site was recently compromised using the form fields on her contact page, which is created by the cforms plugin. Unfortunately I don't have a lot of information — they are a new client, I did not create the website and do not host it. The site was hacked, client contacted host company (GoDaddy) who informed her that code had been input into their contact request form, corrupting the site.

GoDaddy instructed her to add a Captcha and limit the number of characters per field. They restored her site (again, not sure of the details, I'm guessing from a backup).

As a quick and dirty solution, I've added a user verification field instead of a Captcha because it was easier with the layout of the site. I'm not seeing an easy way to limit the number of characters per field. It seems that should be a built-in feature for single line text fields!

At this point I'm not convinced that the same thing won't happen again. I'm tempted to switch to another contact form plugin but am not that familiar with the site and want to save time by working with what's already implemented. Are there other security measures I can take? Has anyone else had this problem?