You might have already heard, but a remotely exploitable vulnerability has been found in the widely installed Bash shell. While we do not offer SSH access to our customers, our admin team is currently upgrading Bash across the farm in order to keep our servers up-to-date. There should be no interruption to service for any customer while this upgrade is happening.
Because we specifically block CGI execution on customer sites by default—as it does not need to be “on” in order to get WordPress to run—our users are already protected from this exploit. Our use of AppArmor on all servers also offers additional protections that would keep attackers from gaining access to anything beyond the site they are visiting.
Hopefully this helps ease any concerns you might have!
Jason Cosper works as the Senior Technical Advisor for WP Engine and helps customers with their security concerns on a daily basis. He spends most of his days getting elbows deep in huge messes and doling out WordPress optimization advice. In his spare time, Cosper enjoys spending time with his wife and very tiny dog, grilling meats, sampling assorted craft beers, writing cranky tweets about the Lakers and brewing coffee.
I am a new WP Engine customer and was just getting emails about this issue elsewhere.
I am incredibly pleased by WP Engine’s rapid handling of this situation, even though they have pretty much ruled out our direct vulnerability from the start.
This is the kind of reason I moved to WP Engine. My last host practically had to be threatened to get them to even admit whether or not we were already protected, much less asking them to update something in case we weren’t!
I was just reading about that exploit this morning – Thank you for posting this so I can ease any concerns so quickly..
Kind Regards,
Joe
Amerivest Realty
On top of things as usual. Much appreciated, guys
Awesome work guys, glad to hear it. This is why WP Engine is the best.
Gives me a lot of faith in your service to have you post clear and timely updates like this.