What your business can learn from Mossack Fonseca

Now this story has me grinning from ear to ear, not only because running a small UK business, so my customers and myself have always been subject to the full rate of tax, but it now turns out the likely cause of the breach is through a badly managed Wordpress installation.

This following article outlines how it is possible that the Mossak Fonseca data breach was down to the insecurities in Wordpress.

Mossack Fonseca breach venerable wordpress plugin.

So Wordpress is a website platform has taken the world by storm and used on a huge number of sites. I have never been a fan for some key reasons:

  • It is opensource and has a long history of being hacked
  • It is not a true CMS but a blogging platform with CMS add-ons.
  • It only contains the most basic features to produce a blog and manage text on pages.
  • A lot of key features that all websites need require you to install an array of 3rd party plugins
  • Regular upgrades to Wordpress are essential for security
  • Plugins are not necessarily compatible with the latest version of Wordpress therefore upgrades often don't happen.

Now there are a lot of good reasons (excuses) why people use Wordpress.

  • It's free - just ask anyone who has been hacked if this represents value for money.
  • There is a massive community of developers to call on - for developers also read hackers.
  • It is very easy for non-experts to pick-up and deliver website for clients - if a non-expert is whom you want building your site.

I am not saying that every Wordpress developer is not an expert, or that every installation is done badly and not well managed.

So what can your business learn from this.

  • If you are using Wordpress make sure you have a contract with someone that actively manages the upgrades
  • If you are not using Wordpress, best to steer clear in future.
  • If you absolutely must use Wordpress make sure you are using someone that has access to real expert support.

At Eonic we deliver all websites on our own EonicWeb CMS platform that has never been hacked. We have many advantages over Wordpress that are outlined here.

The key differentiator between EonicWeb and Wordpress is that all the code is written and validated by our in-house team and all sites are upgraded to the latest version automatically.

We often migrate clients from Wordpress to our platform, if you would like to find out more please get in touch.

Don't be the next Mossack Fonseca