heartbleed
- This topic has 2 replies, 3 voices, and was last updated 10 years, 8 months ago by .
Viewing 3 posts - 1 through 3 (of 3 total)
Viewing 3 posts - 1 through 3 (of 3 total)
- You must be logged in to reply to this topic.
Tagged: heartbleed
Hello, Is the heartbleed issue that’s being reported in the news relevant to WordPress/Buddypress sites? I hope others on this list understand this issue better than I do!
Hi Wolfgang. Thanks for asking this question. Yes indeed, it would be interesting for everyone to know. Friends, we would appreciate your insights.
Here is an article I found about Heartbleed and WordPress: http://digitalchild.info/
It seems the answer is not obvious.
If your WP site does not use SSL, you’re not directly affected by the bug. If you have the openssl package on your server, it’s still a good idea to update it, of course.
If you *are* using SSL – some of your WP pages are accessible over HTTPS – you should do the following immediately:
1. Upgrade to the latest openssl immediately
2. Regenerate your SSL certificate key. Contact your SSL vendor and/or webhost for more information on this process
Changing your salts as defined in wp-config.php, as suggested in the digitalchild.info article, is an easy and responsible thing to do.
I don’t recommend deleting all your users’ existing passwords. This is likely to result in a support nightmare, as users have a tendency to run into difficulties with the Reset Password tool. If you would like your users to change passwords, consider a plugin like http://wordpress.org/plugins/force-password-change/.