A few weeks back I penned a blog post entitled “Be excited by 2014’s digital opportunities . . . but beware security threats”. The gist of the article was that while digital marketing commentators were all aflutter with the latest ideas, trends and buzzwords of digital marketing, none of them appear to have been taking website security seriously.
Just a quick heads up then . . . this month we have been alerted to a major security breach at a base level of web server infrastructure.
Our website security partners had this to say about the matter:
“There is serious vulnerability which has been dubbed HeartBleed in the OpenSSL library which is what most sites on the internet use to allow their visitors to connect securely to their websites. On a scale of 1 to 10 when it comes to security vulnerabilities for WordPress site owners, HeartBleed is an 11.”
The only “fix” for this security flaw is for the webserver itself to be patched.
The good news is that our new hosting provider that we are moving to already knows about the vulnerability and has been working on a fix. We also contacted our larger bulk ISP to ensure they knew about the vulnerability and were working on a fix to protect sites that have not yet been moved across to our new provider.
As at this time, we are still waiting for a response from them.
We will step-up our efforts to move all our sites across to our new, more secure provider as soon as possible.
This morning, we have also just received word of a vulnerability in a popular WordPress plugin, JetPack. Our security partner comments: “There is a serious vulnerability in the JetPack plugin for WordPress that allows an attacker to publish posts without permission. JetPack is one of the most widely used plugins for WordPress and this hole is “a bad bug” as described by the JetPack team.”
The recommended fix is to upgrade to the latest version of JetPack immediately.