Choose your web developer carefully

The Panama Papers - a big website security failure?

Mon 18th Apr 2016

I'd be surprised if you had not heard of the Panama Papers data leak which has revealed the many ways in which some of the wealthiest people and organisations in the world have exploited offshore tax regimes and schemes.

Initially the information was assumed to have come from a hacked email server – but evidence has since suggested that hackers found their way into the hosting server through out of date versions of WordPress and Drupal content management systems.

The law firm whose website was hacked has two main websites: a front-facing WordPress site; and a Drupal based portal for sharing information with customers. Both websites were running unpatched versions of the software and in both cases security holes existed that could have allowed hackers access.

WordPress and Drupal can be used to great effect and if setup properly and updates maintained are secure, but with hundreds of thousands of websites using the same systems, plugins and structures often setup by people who aren't professionals they are a big target for hackers. One hacker can work out a weakness in a system like WordPress or Drupal and they can use it repeatedly to attack thousands of websites around the world.

This is one of the reasons I do not use WordPress or Drupal. My content management systems are customised to suit each client and while this is rarely the cheapest option, one of the advantages of these is that they are less prone to attack attempts. Notice I said less! No website is invulnerable to attack, but I work hard to keep the sites I look after safe by using reliable hosting, secure passwords and custom design and code.

Or if you do choose to use a WordPress, Drupal or similar system, choose your developer very carefully, make sure that they know how to set the site up securely and that they will keep on top of keeping it up to date.

Read more about the Panama Papers here:

by Rachel Watson