What does disaster look like to a WordPress plugin developer? It’s never fun to find out the hard way. This talk will be in the form of a few short stories about one disaster my company (BlogVault) faced recently: a major plugin vulnerability. I’ll be telling you what we did when more than 1000 of our customers got hacked overnight through our plugin… and how we recovered. Although this was one of the most harrowing experiences in the history of the company, it taught us quite a few lessons:
- Act fast
- Minimize damage, fix the root cause. Communicate, communicate, communicate
- Be honest & clear with your team, partners, and customers about your next steps. Be prepared for curveballs
- Not everything can be planned. Forgive delays and mistakes. Fix everything
- You don’t know what’s broken (for sure). Reinforce it all. What happened when?
- Stressful times call for simple measures. Note down what happened (and when). It’ll help with communications. Eliminate doubt.
- Our internal tool helped us identify signs of malware from 200,000 sites, but we also needed reaffirmation. What not to do when you face such a disaster: Panic
- This only makes everything worse. Shy away from the truth
- Whether your customers or partners leave isn’t up to you. Your company’s integrity is. Focus inwards only
- Your business is about your customers, who are having a tough time. Help them first. The Ultimate Takeaway: Reach out to the community. Lots of people have been in the same situation.