All too often we see clients deciding not to enter into a proper maintenance contract or develop a maintenance plan once they have a great new application website up and running. Keeping up to date is critical in todays landscape as hackers are always waiting for security fixes to come out to start looking for websites that haven’t applied those fixes yet. The Panamanian law firm at the center of a recent big document leak, Mossack Fonseca, found out all too well what the consequences of letting your website software updates lapse can have on business.
In the Case of Mossack Fonseca it was reported that hackers were easily able to get into both the public website running WordPress and out dated plugins, which they were able to get into and complete ransack the mail servers from login information on that site. To make matters worse the customer portal was running a version of Drupal that was so old that a grade school hacker could have gotten in and stolen all those documents. In both cases fixes have been out for over a year, that’s over one year without updating the software running business critical applications.
All of this could have been avoided with a $400/year maintenance plan that would have kept these systems up to date. Don’t wait until you’ve been hacked into to put a maintenance plan in place, in a lot of cases this can all be handled in house with a proper setup. It’s unfortunate that we spend so much time fixing sites that have been hacked into, we’d rather not have to do this at all. You read more about the details in this excellent Wordfence article here. Wordfence is one of the plugins we recommend to all WordPress CMS users.