Heartbleed brought OpenSSL security to the front of everyone’s mind, but here at WP Engine we proactively monitor the security of the sites hosted with us just like we do our own. In addition to WordPress security releases, we are constantly monitoring for security patches for the operating system WordPress is running on.
Earlier today the OpenSSL team released a new security advisory, along with patches to OpenSSL that removed a number of vulnerabilities. The vulnerabilities would have allowed remote attackers to inject and run arbitrary code on vulnerable systems, or create a denial of service against vulnerable systems taking them offline. At this time we have updated OpenSSL across all of our systems, data centers and environments. No further action is required on your part due to this release.
Fanstastic! Thanks for the update. I was actually in the middle of trying to research these new vulnerabilities and I decided to check here to see if our servers had been updated. I’m relieved to hear that we have been updated!
Thanks so much Ian! Thanks for thinking to check on us, and by all means feel free to let us know if you find something that’s not secure. We’ve always got our eyes open, but it is tricky to keep up with all that can change.