Many of you have likely heard about the Heartbleed Bug. What is it?
Heartbleed is a serious vulnerability found in an extremely popular software library called OpenSSL. The bug, which has been out for two years but only recently discovered, allows for theft of normally secure information by letting anyone on the Internet read information held on systems with the vulnerable versions of the software. If you aren’t at least a bit freaked out, go back and read that last sentence again. This is some serious sh*t.
What to do next
- If you run an e-commerce website or anything that starts with https, check in with your hosting company and find out if you are affected.
- You’ll most likely need to regenerate your SSL certificate.
- Change all of your passwords on your hosting server and, this time, use secure passwords.
For our clients
There is a shred of good news here for our clients who host through Needmore Designs. We have been in contact with our hosting company and can confirm that, if you host your website with us, your website is not not affected by Heartbleed. (Long story: our load balancers, which handle user traffic, do not make use of OpenSSL whatsoever. Further, our PHP nodes that do use OpenSSL are using earlier an earlier version that has been confirmed as not being susceptible to Heartbleed.) Further, steps have been taken to make sure that the servers are safe moving forward.
We have also recommended WPEngine to a number of clients over the last year. They have also confirmed that their sites are not affected by the bug.
If you are a client of ours and not hosted on our servers, we are here to assist you with this issue. We’ll be reaching out to anyone that might be affected, but please do feel free to touch base with us if you are at all concerned.
