ShellShock Vulnerability and your WordPress Sites

By 26th September 2014 WordPress News and Updates

Yet another serious server vulnerability was discovered and announced on Wednesday (24th September 2014) that allows attackers to execute any code on affected servers.

Please note that this is not directly a WordPress security vulnerability, but rather a vulnerability on those servers that host your WordPress sites.

This is significantly more serious than the Heartbleed problem reported a few months back and you should take all the necessary action to verify your web servers.

How to test your web servers

If you have administrator shell access to your web servers, this is the simplest way to test.

I can lay it out here but I’d just be repeating what is already very well explained here and here and here.

If you don’t have this level of access, but would like to use your web hosting to test this, you can do so quite easily though the iControlWP code snippets feature.

Here’s how:

ShellShock Vulnerability Testing

If the server hosting your site is secured already and isn’t vulnerable, you’ll simply receive a response from this code snippet saying:

“Test For ShellShock Finished”

Otherwise, you will also receive a message indicating your server is vulnerable.

How to patch against this vulnerability

Use the links above to learn about how to patch against this ShellShock security vulnerability.

It’s normally a simple matter of running either, depending on your server flavour.

  • yum update bash
  • apt-get update && sudo apt-get install –only-upgrade bash

If you don’t manage your server directly, contact your hosting provider and get them to patch immediately.

We will update as any new developments are released.

Join the discussion 2 Comments

Leave a Reply

x Logo: ShieldPRO
This Site Is Protected By