For the sake of this article, I am assuming that the reader is a stake holder of some sort in a WordPress website, a business owner, site administrator, someone who has commented on a post, etc.
The Story
If you read the news, you have likely heard about the Panama Papers and you probably know the gist of what they are, what you may not know is what they have to do with WordPress - and you. The main thing that makes WordPress so prolific is it’s standardization. If you ran a blog 5 years ago, you can probably run an E-Commerce site today with only a few hours of learning. WordPress plugins allow powerful features to be enabled on WordPress sites, sometimes in a matter of minutes, that would have taken multiple programmers months to build using a non-standard system. WordPress themes allow developers to do in a few days what would take a few weeks or months to build without using a framework or CMS. However, it also allows people with very little technical knowledge to get a website up and running, that appears to do the job. This person, usually an assistant or a niece or nephew, will usually follow a guide to get a site up and running. This may take hours, days, or even weeks - but the final product will usually include dozens of WordPress plugins, and herein lies the risk.
Problem
The WordPress Core, the base platform that you get from WordPress, is a secure system. Most plugins are also secure, however like all software security vulnerabilities will often be found and plugins will need to be updated. Unfortunately, because not all plugins play nice together, and some plugins cause problems for others when they are updated, some people will opt to leave their site alone and not run updates, thinking “if it ain’t broke, don’t fix it.” While this approach may work in other areas of life, it doesn’t work with software - and unlike the websites of 10 years ago WordPress and WordPress plugins are most definitely software. So what does this have to do with WordPress or you for that matter? Well, Mossack Fonseca, the firm behind the Panama Papers breach, was running a WordPress plugin called ‘Revolution Slider’ that had a massive security vulnerability which was exploited, allowing an attacker to gain access to their server and from there to gain access to their email server. Reporting on the same issue, Gizmodo notes that the more plugins you have on your site, the harder it is to protect it.
The Solution
So What can you do to keep you site and your site’s data safe. The first thing we recommend, is having a professional build your site. Even if it is setting up a premium WordPress theme, a good developer will ensure that your site is setup without using unnecessary plugins, in a way that the page loads as fast as possible, but most importantly, is able to be updated regularly without one plugin breaking another. The second thing we recommend is hosting your site with a company who specializes in WordPress and offers managed hosting. A good hosting company, we use and recommend Vancouver’s Tech Tone, will ensure that your site is updated regularly (WordPress Core and plugins), will keep your site a virtual environment that is sealed from other sites (to ensure that if there is a breach on another site, it wont affect yours), and will optimize the server to ensure that your site’s visitors get the fastest experience possible.
So to answer the initial question what the Panama Papers have to do with WordPress and you - it happened to Mossack Fonseca and it can happen to you.