Secure your WordPress Build in 2016
The news this week has been filled with the so called “Panama Papers” which have resulted in the resignation of at least one world leader, the Icelandic Prime Minister, and have caused controversy to surround others including Russian President Putin and British prime minister Cameron.
The data involved was taken from a Panamanian Law Firm called Mossack Fonseca (MF) by a hacker and reveals secret financial structures used by the powerful and wealthy to hide their assets around the world.
We performed an analysis of MF’s network and it seems that the breach may have been caused by an outdated WordPress plugin: Revolution Slider. It turns out that not updating your WordPress plugins may result in the fall of world leaders and the largest data breach to journalists in history.
Incredible. There’s some humor in here…
As a WordPress administrator…
Whenever I administrate a local client’s WordPress sites I usually ask for a monthly retainer . I do this because every month I’ll be visiting the site at least once to check for and run updates.
If I did not take the time to run updates then there is a chance my client’s property could become a puppet for the underworld of cyber pirating.
We can’t allow that.
Stories about security…
Cats in the security sector (infosec) are very good about emailing me when they find a vulnerability in my work. They do this for free.
The charity in the community is incredible.
We get the fixes in and we get the updates out fast.
We typically wont publish knowledge of security issues to the public because that would make our legacy customers even more exploitable. The placebo of bedside manner is important to culturing good humor in a patient. Good humor, if you believe in the other world of things, is a positive engine in itself. It’s also not good to invite your enemies to your unguarded entrances before you have a chance to patch up the door.
Stories about being prepared.
I’m of the opinion that nothing in WordPress is permanently safe, and the safest plugin is the most current version and even then it may not be safe. Space pirates tend to exploit known insecurities though. So better update.
As a second line of defense it’s important to have a security plugin that monitors for oddities and helps solve critical issues occurring from a hacked WordPress instance. I use the WordFence security plugin most times.
And as for here, let’s just say we don’t store any of our customers financial information here, we don’t want it. The less sensitive information we have the better, but we are living in a world where security doesn’t as much lie in defenses as it does in not being targeted. Cheers to the blue ocean!