WordPress 3.8.2 and OpenSSL Heartbleed Vulnerability
There were a couple noteworthy items in the news today.
OpenSSL Heartbleed
First off, we’ve seen a bunch of questions about the OpenSSL Heartbeat Vulnerability. OpenSSL is used to power https on a large portion of the web. This was a critical vulnerability, and all over the tech news: http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/
Some of our users run the Sucuri WordPress plugin, which was apparently scanning for this and alerting users – others read about it on the news. You didn’t need to worry, however. Some of our systems were updated during routine updates last night, and then we proceeded to update the remaining systems today. If you want to double check your site here or any other location, you can use this tool: http://filippo.io/Heartbleed/
We do recommend updating your password for our client area, cPanel, and your website. An email has been sent to all clients with details – if you have any questions, please open a ticket in our client area. All Lightning Base issued SSL certificates are also in the process of being reissued.
WordPress 3.8.2
The other (partially security related) news is the release of WordPress 3.8.2: http://codex.wordpress.org/Version_3.8.2
Being a minor point increment, this will be automatically updated from WordPress.org. Those of you that have sites setup for automatic updates from Lightning Base will see the update rolling out tonight.
3.8.2 is a minor release but includes a few security fixes that are definitely beneficial for your site to have. I would strongly encourage everyone to upgrade as soon as possible.
If you have any questions about your site and Heartbleed or updating WordPress, don’t hesitate to visit our client area and open a ticket.