According to OurMine’s website, the organisation is made of “professional hackers and vulnerability assessors” who “only care about the security and privacy of your accounts and network”.
And while a tech security company hacking sites to expose vulnerabilities is not very big news; what makes it newsworthy, is the size and reputation of the enterprise being hacked, which in this case, was TechCrunch.
For those of you not in the know, TechCrunch was built on WordPress, which is a hot target for hackers due to the CMS’ popularity. Close to a third of the world’s websites run on WordPress– if you’re a WordPress user, this might alarm you. And while we don’t yet know if the vulnerability exploited by OurMine was on WordPress, the case of TechCrunch is especially disturbing.
This is because TechCrunch was hosted on WordPress VIP. VIP services include priority hosting, offering the best enterprise solutions; and starting at $5,000/month they do not come cheap. As part of the VIP service, the website’s code is subject to rigorous code reviews from the best developers at WordPress. In addition, this service also included a host of security measures that included PAAS, DDOS mitigation, two-factor authentication and an antivirus (among other things). Basically, TechCrunch functioned in the most secure WordPress environment available.
If companies that can afford the best security measures are vulnerable, then it is a signal that there is no foolproof way to safeguard your website.
However this isn’t to say that WordPress VIP and TechCrunch were completely vulnerable. As seen in the thread, the post was taken off TechCrunch’s site within the hour, and things went back to normal almost immediately.
This hasn’t been our experience in general with websites though. In fact, some of our clients have been hacked for years before they even found out about it.
This is what inspired us to work on our new WordPress website security product that will be out soon. It scans for hacks, and auto-cleans them with a single click.
Apart from this, we’re big believers in having a WordPress backup, because it’s the one way you can be completely sure that the damage is reversible.