Panama Papers and an out of date WordPress Website. Oh Dear.
So, it tuns out that the law firm holding a wealth of information (sorry) about our world leaders and their secret stashes of cash (Mossack Fonseca) have a WordPress website. Could it be that one of the largest data breaches ever was helped along by a tiny out of date plug-in?
Well, it appears that could well be the case.
According to WordPress Security experts Wordfence,
“The MF website runs WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server”.
Wordfence performed an analysis of the Mossack Fonesca website and discovered that:
- they were (and still are) running one of the most common WordPress vulnerabilities, Revolution Slider.
- their web server was not behind a firewall.
- their web server was on the same network as their mail servers based in Panama.
- they were serving sensitive customer data from their portal website which includes a client login to access that data.
Needless to say this post isn’t about the Panama Papers at all. It’s actually a wake up call to anyone running WordPress.
It’s imperative that you ensure your WordPress core, themes and plugins as soon as these updates become available.
You can do this yourself, or you can pay someone else to do it. A few dollars each month will help to ensure your site remains as safe as possible.Get in touch if you want to discuss the security of your WordPress website.