Heartbleed and JetPack exploits

Many of you may now be aware of a couple of potentially disastrous issues plaguing the Interwebs and especially WordPress users.

There are a couple of potentially distressing issues getting around the Internet at the moment

I am of course talking about the OpenSSL Heartbleed and JetPack plugin exploits.

Heartbleed Exploit

If you have an SSL certificate on your WordPress website i.e you have a shopping cart and need https security then you are at risk. A vulnerability in OpenSSL (used in https) was disclosed on Monday 7th April 2014 in what has been called one of the worst security holes in the Internet in recent history. OpenSSL is used by web servers which power the majority of the Intenet sites which deliver secure content (HTTPS). If you have a shopping cart that uses https security then you are at risk.

Firstly you need to check if your hosting provider has taken action to rectify this fault. Ask them what the build by date is of the OpenSSL engine. The build date must be later than April 7 2014 otherwise you are at risk.

If you have an SSL certificate, you also should have your SSL Certificate revoked and reissued.

Jetpack Exploit

If you use the JetPack plugin, you need to update it now.
This is a pretty bad bug it’s been around since 2012 but it has only just been picked up. It allows attackers to publish posts on your site.

Luckily this is a pretty easy fix. – Just update the Jetpack plugin to the latest version. To be safe, The plugin version must be 2.9.3 or higher

If you are unsure about how to approach this, You can contact me here to get assistance.

Speak Your Mind