I know, I know! No one likes to change their passwords. I don’t either. I manage about 900 passwords these days, down from 1700 at my peak before I started slimming down accounts. Changing 900 passwords, um, in technical professional terms, it sucks!
But the new Heartbleed vulnerability is real and its serious, not just for servers and websites running OpenSSL, but for people with PC’s and devices that might have been infected visiting those websites and also for their accounts on sites that use that security technology.
So in short, its time to change your password, if you do not need to be told three times, just do it now and skip the rest of this (except this piece, also go update your jetpack plugin to fix an unrelated security issue with Jetpack installs).
For those of you that are still not convinced, let me share a happy story.
I received an email from a client today asking if they might be at risk due to Heartbleed. I was happy to report back to them the following:
Any idea if this (Heartbleed, wp 3.8.2 update or Headway 3.7 beta update) will be a major issue for us?
In regards to OpenSSL Heartbleed, your site is not running SSL (You would have had to purchase an SSL certificate and set it up.) However, many many big social networks and other businesses do use it and it will be important to change your passwords on many sites, including places like Twitter and Facebook, just to name a couple. It would probably also be wise to update your passwords. This Mashable article has a chart of many of the well known accounts that are or are not in the danger zone http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/#:eyJzIjoiZiIsImkiOiJfNHp6cWtuYWZyY215czE3byJ9In regards to wordpress 3.8.2 and headway 3.7 beta, Not that I know of without testing.In regards to WordPress 3.8.2, I do not anticipate that the update will cause you any problems, although it is always a good practice to back the site up first.Fortunately, you are hosted on WPEngine and they automatically back your site up completely every 24 hours! So if you update, and notice a problem, all you have to do is restore the site to an earlier date before the update. Same thing goes for updating Headway. I do not advise updating to a beta version of headway, however there is an actual live version of a Headway update available for you. (Headway 3.5.13 is now available, you’re running 3.5.12! )Hope all is well and business is growing!thanks,Brett
The Passwords You Need to Change Right Now
The bug has affected many popular websites and services ones you might use every day, like Gmail and Facebook and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years. Some Internet companies that were vulnerable to the bug have already updated their servers with a security patch to fix the issue. Even that is no guarantee that your information wasn’t already compromised, but there’s also no indication that hackers knew about the exploit before this week. The Passwords You Need to Change Right Now
Critical Security Update — Jetpack for WordPress
Jetpack version 2.9.3 contains a critical security update, and you should update your site and any you help manage as soon as possible. You can update through your dashboard, or download Jetpack manually here. This bug has existed since Jetpack 1.9, released in October 2012. Fortunately, we have no evidence of this being used in the wild. Critical Security Update — Jetpack for WordPress
Review – What we need to do!
- Change your passwords
- backup your website(s)
- Update WordPress
- Update Jetpack
- Check for issues after the updates
- Be Happy