Why is WordPress a target? As of 2016, WordPress powered more than 25% of the websites currently on the web, and its share is ever increasing. It is the CMS platform of choice for millions of businesses and bloggers. Additionally, because not all WordPress admins, WordPress installations and WordPress plugins are created alike, there are often hundreds of thousands of unsecured and out of date instances of WordPress live and in use on the web.
In fact, one of the largest and most well known data breaches in history, the “Panama Papers” leak, was caused by a single out of date plugin. What did this single out of date WordPress plugin cost the firm? More than 4.8 million e-mails, 2 million PDFs, 1 million images and 320,000 additional text documents, totaling… 2.6 TERABYTES of stolen data (that’s Terabytes with a “T”).
The resulting fallout will likely shutter the Mossack Fonseca firm for good. #DontBeLikeMossackFenseca
How can we help and what WordPress services do we offer?
WordPress Penetration Testing and Security Assessments
Our knowledgeable team leverages cutting edge tools (including the Metasploit framework, Kali Linux, nmap reconnaissance, Nikto, WPScan, open source intelligence and others methods) to perform authorized white and black box testing. The goal in this case is to uncover vulnerabilities in your environment, prioritize them by threat level and then remove or mitigate the vulnerabilities as needed.
WordPress Hardening and Risk Mitigation
After uncovering vulnerabilities in our security assessment, we will work with you to properly harden your installation of WordPress using industry best practices. It’s not enough to just keep your WordPress core files and plugins up to date and website security is a continuous process. You need to follow WordPress security best practices and appropriately harden your technology, solidify your process and educate your users. An excellent primer can be found on the WordPress Codex, here.
How much risk exposure are you comfortable with? More importantly, how much risk exposure are your clients comfortable with?
WordPress Backup Strategies
Having an automatic, reliable and well thought out backup strategy isn’t just recommended for WordPress (or any platform for that matter), it is absolutely essential. Your WordPress database contains every single piece of content that exists on your website. If you do not have automatic backups in place, you might not be able to restore your website and its content in the event of a disaster (host failure, database corruption, malicious attacks, etc). Additionally, if you’re storing important and difficult to reproduce client information in your database – you need to ensure that it is recoverable as part of your business continuity planning. A proper backup strategy is key component of any solid Disaster Recovery or Business Continuity plan.
For more information regarding the services we offer, please contact us now.