One of our missions at WP Engine is to ensure that your WordPress experience is as secure as possible. In the digital world we operate, security is our top priority. With that in mind, and in partnership with our infrastructure providers, over the last two weeks we have conducted an emergency security maintenance to ensure that we live up to our security promise.
This maintenance was done by all major Cloud Hosting providers across the world, and was not specific to the WP Engine platform. During this maintenance, the details of the vulnerability have been under a strict embargo, and as such, we have not been able to share transparently with our customers as we usually do.
As of 7 a.m. Central this morning, the security embargo has been lifted and the details have been announced. The vulnerability existed in the Xen Hypervisor technology, which is the underlying technology for major Cloud Hosting providers across the world.
The patch, which has now been completed, required our infrastructure providers to reboot their servers. In many cases, those server reboots resulted in 10 to 40 minutes of downtime for your site. You can read the details of the patch for the vulnerability here: xenbits.xen.org/xsa
We understand that any interruption to your business is more than just an inconvenience, so we apologize for the disruption and downtime your site may have experienced. Our commitment to security is one we take extremely seriously. Thank you for your understanding during this time.
We’re happy to say that as of today, the affected servers have all been patched and none of our customers’ sites were compromised. We will continue to monitor this situation closely.
At WP Engine, we’re committed to the performance and security of your sites. If you have any questions or concerns, please don’t hesitate to reach out to us—we’re here to help 24/7.
Thank you for trusting your business to WP Engine.
Leave a Reply