is it necessary to update wordpress.com blog to patch the heartbleed bug?
-
Please advise if we need to update my wordpress.com blog to patch heartbleed bug. Thanks
The blog I need help with is: (visible only to logged in users)
-
You have your site hosten by wordpress.com which means that you don´t have to update anything as they do all this stuff for us in the background. Yesterday I did read that wordpress.com users were not impacted.
-
diaryofdennis: Could you provide a link to where you read that WordPress.com users were not impacted? I can’t find a response from the “dotcom” team or Automattic anywhere.
There is a lot of erroneous information being passed around about heartbleed, mainly that simply patching the vulnerability is enough to fix the problem. It isn’t:
“The bug has been patched. After you patch your systems, you have to get a new public/private key pair, update your SSL certificate, and then change every password that could potentially be affected.”
Did WordPress.com never use OpenSSL to begin with, or did they simply patch the bug? Because the SSL cert on the login page is still from 2010.
-
I’ve asked for a response from WordPress.com, Automattic, and Matt Mullenweg directly on Twitter and I haven’t heard back from anyone.
-
-
Surprised there is nothing about Heartbleed on the news page, seeing as it is all over the Internet. We do need the answers from an official WordPress techy.
Was the site ever compromised?
And is it now patched?
And are we all set to do a password change without compromising our new password? -
@jentrifiedcitizen
The main thread which was tagged for a Staff response yesterday is here > https://en.forums.wordpress.com/topic/heart-bleed-bug-is-wp-compromised?replies=22As Staff respond to threads in chronological order based on dates stamps and timestamps, It’s in everyone’s best interest if we keep all bloggers posting on the same issue in the same thread, rather than creating new threads that have more recent datestamps and timestamps.
Please post to the thread I linked to above as this one will be tagged for closure.
-
Just to answer a question…
@seanmwootenI stumbled over a Github list that has been mentioned by Mashable…
http://mashable.com/2014/04/09/heartbleed-what-to-do/
https://github.com/musalbas/heartbleed-masstest/blob/master/top10000.txtAccording to the list:
“Testing wordpress.com… not vulnerable.”Anyway it is a good idea to change passwords everywhere I guess.
-
@diaryofdennis
Please read what I posted above so you understand this thread is tagged for closure and post into original thread on this issue at https://en.forums.wordpress.com/topic/heart-bleed-bug-is-wp-compromised?replies=22 -
Ok thanks @timethief. I read the original thread and got confused! So has wordpress.com been patched? Or is it not affected?
-
Please read what tt posted above so you understand this thread is tagged for closure and post into original thread on this issue at https://en.forums.wordpress.com/topic/heart-bleed-bug-is-wp-compromised?replies=22
-
For information on the Heartbleed bug and security concerns on WordPress.com, please refer to the following post for the most current information: http://en.blog.wordpress.com/2014/04/15/security-update/
- The topic ‘is it necessary to update wordpress.com blog to patch the heartbleed bug?’ is closed to new replies.
WordPress.com Forums 