Worst case scenario of not upgrading WordPress core, plugins and themes

Posted on

For the last couple of weeks all the news has been about the Panama Papers breach, even though it is unclear if it was an inside job or a direct hack. Wordfence, an industry leader in WordPress security, has identified a possible breach via an outdated WordPress plugin.

Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause

The outdated plugin had a vulnerability that gave possible shell access to the server. Once someone has shell access to the server they can start to move around on other services on that server –  not ideal.


Why this is important to WordPress sites is this security breach had been identified many months before and fixed by the plugin developers. So by actually keeping the website up to date maybe this breach would not have happened. Prevention is far better than cure.


I can surmise what happened, as we have dealt with this before at WPZA. Plugins are being updated all the time, the good ones maybe once or twice a month. One of these updates was incompatible with the installed theme and crashed the website so the developer or owner of the site decided to keep the older version of the plugin so the site was running, but this left the site open to attack.

What would WPZA have done?

Here at WPZA we would have gone into the theme code and figured out and fixed the error so both the theme and plugin was up to date and the site was  secure and running efficiently. We would have utilised plugin forums for support, or contacted the plugin developers directly for help on the issue.


It is so important that you have decent off site backups, an update plan for your core, theme and plugins. Also try and have decent security plugins that keep you informed of possible problems and protect you from most attacks.


Some plugins we recommend to backup and protect your WordPress Website.


But if you need a professional maintenance service plan please contact WPZA to help protect your site. We include multiple premium plugins to backup, protect and speed up your WordPress website.

Rather prevent an attack before it happens where possible. It, in the long run, would be less time consuming and ultimately less costly to invest in a maintenance plan than spending money on trying to save your site or even, worst case, start all over again.

Tags: , ,

Leave a Reply