• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Tips and Tricks HQ

  • Home
  • Blog
  • Projects
    • All Projects
    • Simple WP Shopping Cart
    • WP Express Checkout Plugin
    • WP Download Monitor
    • WP Security and Firewall Plugin
    • WP eStore Plugin
    • WP Affiliate Platform
    • WP eMember
    • WP Lightbox Ultimate
    • WP Photo Seller
  • Products
    • All Products
    • Checkout
  • Support
    • Support Portal
    • Customer Only Forum
    • WP eStore Documentation
    • WP Affiliate Software Documentation
    • WP eMember Documentation
  • Contact

HeartBleed Vulnerability and WordPress Site Owners (What You Need to Know)

You are here: Home / Shop Admin Tips / HeartBleed Vulnerability and WordPress Site Owners (What You Need to Know)

Last updated: April 12, 2014 by Ruhul Amin





There has been a lot of press on the HeartBleed bug recently and it is scaring a lot of WordPress site owners/admins. Since we have a popular security plugin, we are getting a lot of questions about this. So, in this article I will explain what HeartBleed bug is and what you need to do on your WordPress site (if any).

heartbleed-bug-icon-logo

What is the HeartBleed Bug?

The Heartbleed bug is a newly discovered vulnerability in the popular OpenSSL cryptographic software library. This library is used to encrypt web communication and used by many companies including Google, Yahoo, Facebook etc. This vulnerability allows stealing of information protected by the SSL/TLS encryption.

Here is how this bug works in an easy to understand language:



It allows the attacker to read 64K of memory from your server. The attacker can then retrieve information such as username, password, private key etc from that memory data.

You can read the full details of this vulnerability on the heartbleed site.

Is Your WordPress Site Affected?

This vulnerability can have a lot of direct and indirect impact. However, the following is what you need to know as a WordPress site admin:

If your WordPress site doesn’t use HTTPS (meaning you never installed SSL certificate on your site) then you don’t have to worry about this vulnerability too much.

Majority of the WordPress users do not use HTTPS on their sites so a lot of you are probably relieved to know the above.

What to do

If you are using HTTPS on your site then you should do the following as soon as you can:

1. Upgrade the Software

Contact your hosting provider and ask them if your server is affected (meaning it is using a vulnerable version of the Open SSL library). If your server is affected then request them to upgrade the software to fix this bug. Your hosting provider is likely to be working on this already so give them some time.

2. Get New SSL/TLS Certificate

Contact your SSL/TLS certificate provider (in most cases this will be your hosting provider if you bought it through them) and request them to re-issue the certificate. You need to do this to ensure that the new public and private keys are issued to you. Otherwise, if the attacker did steal the private key then he/she can decrypt the data using that key even after you have upgraded the software.

3. Change User Login Passwords

Change your account password (if you haven’t done so already). If you are running a membership site (where other users create user accounts on your site), you should contact your users and request them to change their passwords.

It is important to understand that you do this step after you have done steps 1 and 2. Until the SSL certificate is replaced, any new passwords are in the same danger of being stolen as the old password.

I hope the above info helps you take action on your WordPress site. Please leave a comment below if I have missed anything.

Related Posts

  • What Would You Do If Somehow You Lost all Your Blog’s Content?
  • Tips to Secure Your WordPress Site Against Brute Force Login Attacks
  • All In One WP Security Plugin – Using the ‘Cookie Based Brute Force Login Attack’ Prevention Feature
  • Implementing CAPTCHA on Your WordPress Login Page

Shop Admin Tips,  Tech Tips,  Wordpress login security,  Security,  Wordpress,  wordpress security,  WordPress security tips

Reader Interactions

Comments (2 responses)

  1. Faizan Asad says:
    May 3, 2014 at 4:57 am

    Wow great informative post thanks!!!

  2. Andy Britnell says:
    April 14, 2014 at 4:36 am

    Thanks for clearing that up. Good to have a resource to point clients at.

    I think the media have hyped this up too much and scared people. Most internet banking is perfectly safe. The problem mainly with social media sites. Since it’s allegedly been around for 2 years I don’t think it’s such a big deal.

    Just follow your advice if you have set up SSL and practice safe user id and password guidelines.

    And why is it some webmasters use ‘admin’ for user ids in WordPress in my experience. Are they just too lazy to dot the last i?

    Thanks for the useful info.

    Andy

Leave a Reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Featured & Popular Articles

Video Answers to Top WordPress QuestionsWordPress Optimization Tips and Tricks for Better Performance and SpeedEssential WordPress Security Tips - Is Your Blog Protected?WordPress Simple PayPal Shopping Cart PluginTop 15 Search Engine Optimization (SEO) Techniques I Forget to DoList of the Best and Must Use WordPress PluginsHow do I Start a Blog and Make Money Online?Good Domain Name Picking Tips for Your Blog SetupFind Out Which WordPress Web Hosting Company Offers the Cheapest and Reliable Web Hosting Solution

Featured WordPress Plugins

wordpress estore plugin
wordpress membership plugin
WP Express Checkout Plugin
WordPress Lightbox Ultimate Plugin
WordPress photo seller plugin
wordpress affiliate plugin

Recent Posts

  • Accept Donations via PayPal from Your WordPress Site Easil [...]
  • Buy Now Button Graphics for eCommerce Websites [...]
  • Subscription Button Graphics for eCommerce Websites [...]
  • Adding PayPal Payment Buttons to Your WordPress Sidebar Ea [...]
  • PayPal QR Codes [...]

Comment & Socialize

  • @Rodrigo Souza, Thank you f ...
    - admin
  • The example for 'slm_add_ed ...
    - Rodrigo Souza
  • @Ron, All the valid transac ...
    - admin
  • Hello, when people have sel ...
    - Ron
  • We have hte following featu ...
    - admin

Check out our solutions

View our WordPress plugin collection and start using them on your site.

Our WordPress Solutions

Footer

Company

  • About
  • Privacy Policy
  • Terms and Conditions
  • Affiliate Login

Top WordPress Plugins

  • Simple Shopping Cart
  • PayPal Donations
  • WP Express Checkout
  • WP eStore
  • WP eMember

Blogging Tips

  • How to Start a Blog
  • Selecting a Good Domain
  • Cheap WP Hosting
  • WP Video Tutorials
  • Simple SEO Tips

Search


Keep In Touch

Copyright © 2023 | Tips and Tricks HQ