Posted by Performance Foundry in Hosting on April 11, 2016

What do the Panama Papers have to do with my site?

The Panama Papers have taken over the world’s press, and for good reason: the information leaked through these papers has caused Prime Ministers to step down, FIFA officials to be investigated (again), and Revolution Slider to become the most hated plugin in WordPress history.

While that last point may be hyperbole, Revolution Slider certainly isn’t enjoying its most popular days. Why? This plugin might well have made the leaks possible. A theory that is currently floating around indicates that Mossack Fonseca was hacked via a vulnerability in the Revolution Slider Plugin used by their WordPress site.

Can you imagine? Making world-wide headlines because you wanted your images to slide one after the other? Not their finest moment.

If you read the WordFence article, you’ll see that the theory, though unconfirmed, is plausible: an out-of-date plugin gave access to the server, and was used to move from the marketing site to areas of the business that should have been secure.

This should be enough of a warning for all of us that use WordPress. Ask yourself: could this happen to me?

Hand on mouse
Could this happen to me?

At Performance Foundry, we take steps to make sure that this kind of hack isn’t possible on our clients’ sites.

  • We specialize in Managed WordPress Hosting. That’s right, websites only. We don’t host emails, we leave that to the email professionals. There is no way to move from your website to your email or within your corporate firewall, which is likely what happened with Mossack Fonseca.
  • All our sites have a solid defensive structure, starting at the edge of the content delivery network (CDN) and moving to the core of the server. For obvious reasons, we can’t disclose exactly how we do this!
  • We monitor the WordPress plugins we use and update them as soon as a new version comes out. We do a backup every 24 hours, then update everything we can. This is manually checked on occasion to catch anything our systems miss.
  • WordPress Core security patches are applied in a similar fashion. In fact, our hosting partners are sometimes able to apply security patches in advance of public release.
  • Theme updates for commercial themes are monitored for security content and are updated as needed. We do this off site, using a staging process to ensure nothing breaks on the live site.
  • Performance Foundry developers spend time in the WordPress community’s most important developer chat groups to stay abreast of new security challenges.

By shortening the time between updates, we shrink the largest WordPress attack vectors, then use clever server technology to harden the rest against attack.

I’m not saying we will never get hacked (and this is not a challenge!). What I’m saying is, if when we do, we are prepared to handle the situation. Are you?

Want to talk security for your site?

With plans starting at $125/month, you can take advantage of all Performance Foundry has to offer. Contact us today!

  • This field is for validation purposes and should be left unchanged.