As our customers know, we run plugin updates on their website weekly on Tuesdays. If security vulnerabilities go public for a plugin, and there is a patched release for it, we make exceptions and update the affected sites as soon as possible. This helps us keep your site as secure as we can.
A data breach
If you have paid attention to the news recently, you will know about the Panama Papers, which is causing a stir. It has thus far brought down the Prime Minister of Iceland, and surrounded many other famous public figures with controversy.
At the time of the incidents, the data access-providing websites were running a notably outdated copy of Revolution Slider, a popular plugin that helps create sliders for your sites. It is theorized that Revolution Slider provided access for the breach that leaked millions of emails, database records, and other documents. The RevSlider developers had patched and fixed the exploited vulnerability a number of years, but since site owners are still responsible for applying available updates as they become available, the security vulnerability on an outdated version of Revolution Slider remained on the site.
The outdated slider code is only a small part of the overall issue for the breach, but it does illustrate why it is important to keep things up-to-date so that you can keep yourself in the best position possible to not have similar issues.
What if I use RevSlider on my site?
If you are a Maintainn customer, know your site is using RevSlider and are worried that you may not be on an exploit-safe version, let us know and we can help assess the situation. Anything at or below version 3.0.95 is going to be vulnerable.
How can we ensure we can always be up to date?
If you have ever purchased a premium theme or plugin, there is high chance it also came with a license key that can be entered in the appropriate place to help ensure that they can be updated. Read more about applying premium licenses in my post from this past January.
If you acquired your theme from anywhere but a custom development project for your site, chances are it may continue to receive updates. It is best to not directly modify the theme files yourself.
If you need to edit details at the file level, the best method is to create what is known as a “child theme.” This method allows you to override and modify files safely while keeping the “parent” premium theme update-able without losing those modifications; this allows you to benefit from the necessary security updates without losing those changes you make.
When it comes to plugins, it is simply best to never modify them directly. In this case, there is no such thing as child plugins; more often than not, modifying plugins is not a concern, with majority of customizations coming in the active theme or settings in the WordPress Admin.
Wrapping up
Whether you are running a “mom and pop” store, simply blogging about a topic that interests you, or providing a portal of information of some sort, the news of the Panama Papers should be at least a little scary. However, that does not mean that your own site needs to fall victim to the same situation, no matter what type of content you have–or how confidential it is.
Keeping your software updated is crucial to maintaining your site’s security, and if you don’t have the time or patience to do it yourself, you know who to call. Don’t let your site fall prey to malicious forces! Let Maintainn protect you and your business.
