We have been banging on for years about the importance of adding extra levels of security hardening to WordPress sites, keeping everything up to date and monitoring the activity on the site in real time. This week, in the news, an example of a site being hacked where that was not done, has been in the headlines.
The renown and respected WordPress security firm, Wordfence, has posted a blog pointing the finger at an out of date WordPress plugin for as the cause of the now famous Mossack Fonseca hack and consequent leak
if only they had bought our Security package, they might have avoided the whole thing!
“We performed an analysis of MF’s network and it seems that the breach may have been caused by an outdated WordPress plugin: Revolution Slider. It turns out that not updating your WordPress plugins may result in the fall of world leaders and the largest data breach to journalists in history.” Mark@Wordfence
- Wordfence established that they were running one of the most common WordPress vulnerabilities, Revolution Slider.
- Their web server was not behind a firewall.
- Their web server was on the same network as their mail servers based in Panama.
- They were serving sensitive customer data from their portal website which includes a client login to access that data.