Well if you never really thought it was important to update your WordPress installation and plugins I urge you to reconsider.
Mark Maunder, Founder and CEO of popular WordPress security plugin Wordfence, posted a blog today that claims the Revolution Slider plugin was the possible cause of the Mossack Fonseca data breach.
For those that aren’t aware of the story, Mossack Fonseca is a Panamanian law firm at the center of the so called Panama Papers Breach, that so far, as brought down the Prime Minister of Iceland and surrounded Russian President Putin and British Prime Minister David Cameron with controversy, among other famous public figures. It is the largest data breach to journalists in history, weighing in at 2.6 terabytes and 11.5 million documents.
Mark was able to establish that the MF website runs WordPress and is currently still running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server (view the link for yourself here):
Throughout his post he provides ample evidence of how attackers could have used this vulnerability to obtain sensitive information and even a video demonstration on how easy it is to compromise a website using an outdated version of the plugin.
Really long story short: KEEP YOUR WORDPRESS AND PLUGINS UPDATED!
I understand it’s a huge pain in the butt to take backups, run updates, and then ensure your content and site comes back to the way you had it, but it is absolutely essential to maintaining a secure environment for your business.
WordPress is by far the most popular content management system in the world and powers nearly 20% of all websites. While this has tremendous advantages, it also poses a security risk as attackers spend lots of time developing exploits to take down websites.
Everyday our team spends countless hours helping customers recover from instances that could have been avoided if they just kept their website updated. We will even carry out the updates for you at a very affordable, $35/hour.
I also recommend that if you plan on hosting multiple WordPress domains with NameHero that you purchase a Reseller or Managed Server account as each WordPress installation should have it’s own cPanel. If you’re using add-on domains to host your websites, all with WordPress, you’re setting yourself up for a massive disaster.
You should limit yourself to the number of plugins and/or themes that you install. Unfortunately there are some bad apples out there that will develop plugins and themes for the sole purpose of compromising your website. Make sure to Google whatever you’re adding to your website and ensuring it’s not malicious.
Also, the more plugins you install, the slower your website is going to load. A lot of people that code WordPress plugins are amateurs and don’t do things the “right” way. While things may work for sometime, if you website starts to become really popular you may begin to notice a huge impact on performance as many plugins are developed with high traffic websites in mind.
Before installing a plugin, ask yourself, is this really essential to the functionality of your website? If so, is there a better way you could go about it? Then you should begin your research behind the develop and take a look at their change-log to see how often they provide updates.
WordPress is awesome and we wouldn’t be where we are today as a web host without it. It easily allows people with no coding or HTML knowledge to setup and develop a website for personal or business use. But there are certain precautions that should be taken into consideration with the biggest being keeping things updated!
Finally, if you do have an infected site, make sure you reach out to our friends at FortiPress as they’ll get things cleaned up for you in no time!
Ryan Gray is the founder and CEO of NameHero, one of the fastest growing independent web hosts in the United States. Ryan has been working online since 1998 and has over two-decades experience in Internet Entrepreneurship.
Leave a Reply