When Hearts Bleed

If you use the internet and you have a heartbeat then there’s a good chance you’ve heard about the Heartbleed bug. Since its disclosure to the general public it has captured the hearts and minds of all who care about security. Here at easyPress we’ve had to do our part to patch our software, update our keys and test our systems. We’ve also been keenly listening and discussing about how bad this thing really is.

On the scale of 1 to 10, this is an 11. – Bruce Schneier

Schneier is not one to exaggerate. He is arguably the most prolific security technologist so this statement by him should put things into perspective. There’s no point getting into the technical details of the bug here because there are much better venues for that starting with the Heartbleed website itself. What I would like to do here is to let all customers know what we’ve done to address this bug and what we highly recommend you do to protect yourself.

What easyPress has done to address Heartbleed

  1. Upgraded all vulnerable versions of OpenSSL and libraries.
  2. Generated new keys and have our SSL certificates re-issued.
  3. Updated passwords for accounts related to easyPress.
  4. Tested all servers running OpenSSL to ensure we are no longer vulnerable.

What easyPress customers have to do to address Heartbleed

  1. Change all your WordPress passwords if you accessed your wp-admin screens via SSL.
  2. Generated new keys and have your SSL certificates re-issued.
  3. Change your database password if you used phpmyadmin