WordPress is an open-source content management software (CMS) that currently powers around 25% of all websites on the Internet. As you might be able to tell from our portfolio, we dig it.
WordPress, as a development tool, is contributed to by tens of thousands of developers all over the world and is growing in functional capacity every day. It allows web developers (like us) to develop flexible and customizable websites to modern standards – furthermore, the community of web developers building WordPress sites, themes and plugins reach far and wide and allow us to tap in to this collective intelligence and bring that wealth of experience to your project.
At Hermes Development, we are proud of the custom WordPress solutions we build for our customers. We are active in the WordPress community, and we truly believe in the strength and power of its capabilities.
All that said – with all good things come the not-so-good things. The WordPress platform, like every other platform, when not properly handled, cared for, monitored and updated, can be vulnerable and open to hacks and attacks.
It is the vulnerability of an outdated WordPress plugin that many are blaming for the Mossack Fonseca’s (MF) website hack; or what has been deemed the Panama Papers Leak – the most notorious website leak in recent history.
Backstory: The Panama Papers Leak
Wordfence.com has provided an extensive overview of how the hack may have happened, but in short: the attackers likely breached the MF email servers via WordPress and a vulnerable version of Slider Revolution (formerly known as Revolution Slider). Once inside the website, hackers were able to access MF’s email server – they had access to another plugin that revealed credentials to allow them to send mail through the website. This plugin had no vulnerabilities and was fully updated, yet once hackers penetrated the site, it was already too late.
Watch the video below that Wordfence created to see how hackers were likely able to exploit this plugin vulnerability:
What It Means For WordPress/Plugins
The MF website runs WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server. – Wordfence, “Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause” 2016
The Slider Revolution plugin managed, as you might imagine, sliders on the MF website. Generally, Slider Revolution is popular WordPress plugin – it is extremely customizable and comes with many features out-of-the-box. But, as we know too well, the challenge with all plugins is that while they can add functionality to your site, they also can create vulnerabilities if not maintained properly.
With each update of WordPress, or, with each update of the specific plugin or theme, you increase your risk for incompatibilities or conflict. Unfortunately, when you update your WordPress website, it is not as simple as just clicking “Update.” With each update, you run the risk of a breaking the functionality of your site. Then again, the doubled-edged sword is that every time you fail to update your site, you also run the risk of leaving your site exposed to attacks.
What Does This Mean For Me
The attack and breach on MF is an extreme example of data theft. That said, the likelihood of being hacked or attacked through your website, especially if your business is high-profile, is high unless you frequently maintain, secure and and update your site.
Bots target low-hanging fruit (your unmaintained WordPress site, for example) and the MF hack is a good example of this. Undoubtedly, the attack on MF was coordinated and intentional; the hackers were more sophisticated than common cyber-criminals, and the hack itself was a political act.
Even so, it is a strong reminder that all websites, regardless of platform, should be updated, maintained and secured frequently; as should plugins, modules and themes.
How 11 Online Can Help
11 Online believes strongly that your website needs tender love and care, and we are happy to partner with you to provide these services. We have an array of website care plans that we offer to our clients and customers to ensure your information stays secure, your website is always functioning at its peak, and you have peace of mind.
Our trained team of experts will keep your website up-to-date, your information backed up and secure, and let you get back to do what you do best – without the worry or stress of downtime or vulnerabilities on your website.
Our team stays up-to-date on the nitty-gritty of website security – so you don’t have to.
Want a free, no-risk evaluation of your website’s security and safety? Contact us today.
Leave a Reply