Post mortem of July's security issue
Well, it hasn't been so much of a summer break after all.
Hackers exploited a security issue in July, and that kept us very busy. It's been the toughest moment in our young company's history.
First, a quick reminder for you to always keep your plugins and themes up to date. Of course, you can't possibly be updating every day, if not week. This is especially true if you maintain several sites.
For that reason, we highly recommend subscribing to backup and security services like VaultPress, or ManageWP. Both of these reacted quickly to help protect their users. It's the price to pay for complete tranquility, but also avoid spending hours to ensure your site is safe.
I'd like to salute these hosting companies for having reacted quickly to patch their customers' MailPoet plugins as well:
• SiteGround
• Dreamhost
• GoDaddy
• WP Engine
• Infomaniak
• OVH (to some extent)
If you're hosted with them, you can enjoy some peace of mind. We noticed some big hosting companies that acted very late, like Bluehost.
While it's not the first time, nor the last time, we get security issues, this was definitely the first massive attack targeting our plugin.
Our hearts were broken after seeing so many sites being hacked. Ben, Rafael, Funchal, and Marco doubled their efforts on support to help as much as we could.
We were quite unhappy at the timing of the public disclosure of the issue by Sucuri, and we let the community know. This spawned a debate. We hope that other plugin authors can learn from our experience.
We are very encouraged by the amount of support we got from the security community, and beyond, often privately.
The positive outcome is that we've built a network of security consultants that we have been working closely with since.
Moreover, we have a better protocol in place in case this situation arises again. If you're a plugin author yourself, we'll be happy to share.
Plugins are becoming increasingly the target of hackers. This trend will not subside, unfortunately.
We want our users to be safe, first and foremost. You can count on us to work hard to help you achieve that.
Feel free to reply, and hit my inbox. I love the reply button.
Kim, and the team
ไม่มีความคิดเห็น:
แสดงความคิดเห็น