What Is Teladoc.com?
Teladoc (Teladoc.com) is a virtual healthcare company allowing access to doctors, therapists, and specialists direct from a phone call, video, or app on your smartphone or computer. Teladoc virtual care means you can visit a doctor directly from your computer without having to see them in person. As of December 2022, the site Teladoc.com gets an estimated 1.3 million monthly views, according to SimilarWeb. The Wayback Machine estimates Teladoc.com was founded on July 19, 2001.
Website: https://www.teladoc.com/
Is Teladoc.com Safe?
I conducted a series of malware tests to find out if Teladoc.com is safe and legit. Here are the results:
I installed the Malwarebytes browser guard on my Edge browser and was able to browse the site Teladoc.com without any issues, meaning the browser guard didn’t think the site was compromised or malicious.
To check this further I ran malware scans on my computer after having used Teladoc.com with Malwarebytes and Spybot – Search & Destroy and they returned no malware detection. I also ran a system-wide scan on my computer with Microsoft Defender and no malware was found.
To try to confirm that the site is clean, I also checked the site Teladoc.com on the online malware scanner Sucuri, and unfortunately, it returned with some issues. You can see the same here: Sucuri scan for the site Teladoc.com.
The site Teladoc.com is considered a high-security risk because it runs a critically outdated version of WordPress. More specifically, the site runs on WordPress under 5.4.2/5.3.4/5.2.7. Thankfully, this isn’t very difficult to fix. Moreover, no malware, no injected spam, no defacements, and no internal server errors were found.
On a positive note, the site Teladoc.com uses a website firewall to protect against DDoS attacks and website hacks. Additionally, no security vendor has blacklisted the site.
Some hardening improvements could be made, namely solving several missing security headers. You can read what they are below:
Missing security header to prevent Content Type sniffing. Affected pages:
https://teladoc.com/ for Google’s UA
https://www.teladoc.com/searchMissing Strict-Transport-Security security header. Affected pages:
https://teladoc.com/ for Google’s UA
https://www.teladoc.com/searchMissing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src
Lastly, I ran a malware scan with VirusTotal on the domain Teladoc.com and no security vendor has flagged the domain as malicious. You can see the same here: VirusTotal scan for the site Teladoc.com.
In conclusion, the site Teladoc.com is a high security risk due to it running an outdated version of the WordPress software. However, that is only concerning it being potentially compromised in the future. No malware was found on the domain currently and there is no reason to assume the site is malicious.
Mat Diekhake
February 1, 2023 @ 19:24
I was extremely surprised to see Teladoc running an outdated version of WordPress. It is fixed as quickly as clicking one button. The reason that button isn’t being pressed is likely because those in control of the development don’t want to risk some of the site’s features breaking or deal with them changing. Teladoc needs to update its version of WordPress as soon as possible otherwise it is vulnerable to hacks; older versions of WordPress do have vulnerabilities that can be exploited. If you are using an outdated version of WordPress because you preferred the old features, you need to run the updated version and find workarounds for those features. For instance, you can use the Classic Editor plugin if you don’t like the Gutenberg editor. There are plugins to solve any changes that occur during WordPress updates.