As if the constant security threats, plugin takeovers, and general state of malware wasn’t enough motivation to keep your WordPress installation updated to its latest versions, here’s a major reason to keep your WordPress installation, themes, and plugins up to date.
Perhaps you’ve heard of the Panama Papers, which is turning out to be only one of the biggest leaks of corporate information in history. It’s already brought down one world leader, and possibly another, ousted people at organizations like FIFA and more, and shined a light on the nefarious ways the rich will use to protect and hide their money.
One of the ways hackers got access to the files at Panamanian law firm Mossack Fonseca was through an old version of the WordPress plugin Revolution Slider, according to WordFence, who specialize in WordPress security plugins and services. Their post goes into great detail about the specifics of the possible hack. The short version is:
Mossack Fonseca had a Revolution Slider vulnerability in their WordPress site which probably gave an attacker access to their systems including their WordPress database. Once they had access to the database, they could easily see credentials for other services, including, astonishingly, their email server, which was sat on the same network as the web servers. As you know the big part of this leak was firm emails. Between this WordPress vulnerability and an unpatched Drupal installation, this was ripe for the picking. Once into the network, it was trivial to get access to the mail servers, they had, after all, the username and password to do so, stored in plaintext in the WP database.
This is especially shocking given the sensitive information this firm was storing. You would think their data and information would be locked down harder than any bank and government. It’s not hard to do–expensive, sure, but not impossible.
Take a moment, and make sure your site and plugins are up to date.