If you are in this world you will already know that a little more than a month ago a fault was discovered huge that affects more than 66% of the entire Internet : the bug Heartbleed .
:: What is Heartbleed? ::
In fact, Heartbleed is considered the biggest Internet security breach in history since it affects software Open SSL the most used in Apache and NGinx servers since 2012 to offer secure connection pages (the irony is served).
So your social network, your e-commerce store, to the web where you make the purchase of the supermarket could be vulnerable if they use an unsafe version of Open SSL from 1.0.1 to 1.0.1f both included.
Worst of all is that any attacker maliciously can use this failure and leaves no trace of its activity simply takes possession of the web, can substitute users, obtain personal information and credit cards, even create a clone of the site.
In fact , it was recommended that, if we were worried about safety, the nature of our data, until there was a secure version of Open SSL (the first was 1.0.1g) and the main services were updated better not to use the Internet ]that's nothing.
:: How do I protect myself from Heartbleed as a user? ::
As an Internet user the only way to protect yourself from Heartbleed is to be informed, something that goes through the following:
- Check on this list if your favorite websites are affected by the Heartbleed bug.
- Install this Chrome extension that alerts you if the web you visit is affected by Heartbleed.
- Changes passwords immediately in all sites that use Open SSL and have been proven to have been compromised (almost all, examples: Google, Facebook, Flickr, Yahoo, GoDaddy, etc, etc, etc.).
:: How I protect WordPresss from Heartbleed? ::
To start … if you do not use secure certificate then you do not have to do anything . This only affects if you have registered a certificate to offer an e-commerce store, a social network or similar. This only affects pages https .
Otherwise, if you use a certificate SSL / TLS the question is quite different and what you should do is the following:
- ] Check if your site is affected by the Heartbleed bug here or here . If yes (or doubt) contact your hosting provider to demand that you update Open SSL to a secure version with the utmost urgency.
- Once you have updated Open SSL get new certificates SSL / TLS (usually your hosting provider)
- As a responsible and cautious administrator requires your users to change their passwords, or you re-commit all of them by force . It is always good strategy to force the password change every so often .