WordPress.com server issue caused by Heartbleed fixes?
-
Hi,
We have discovered a bug that seems to have been introduced in the last week, and wondered if this has been caused by recent changes required by the Heartbeed issue. This bug will affect users previewing their published posts either via the WordPress iOS app or our own iOS app, BlogPad Pro. It seems to only affect users that have their own domain hosted by wordpress.com.
Basically, we (and several of our app’s users) have noticed that affected blogs report the “post link” field (via XMLRPC) for a published post includes a reference to the wordpress.com domain rather than their own domain. Eg, instead of a post link like this:
http://blogpadpro.com/2013/08/17/uploading-files-from-dropbox-to-your-wordpress-blog/The XMLRPC reports back the post link as:
https://blogpadproapp.wordpress.com/2013/08/17/uploading-files-from-dropbox-to-your-wordpress-blog/Normally, this would be OK because the latter link would redirect to the correct link (but as http, not https) when a user tried to access it. However, recently, the redirect tries to maintain the “https” part, which obviously won’t work because there is no SSL installed for custom domains. If you try and access this link via a regular browser, you will be warned that there’s a problem with the SSL certificate. This is what is causing a problem for the iOS apps.
In short, when someone tries to access:
https://blogpadproapp.wordpress.com/2013/08/17/uploading-files-from-dropbox-to-your-wordpress-blog/This should redirect to:
http://blogpadpro.com/2013/08/17/uploading-files-from-dropbox-to-your-wordpress-blog/
(ie NOT https, but the http equivalent for that domain name).Kind Regards,
The BlogPad Pro TeamThe blog I need help with is: (visible only to logged in users)
-
I’ll tag this thread for a Staff follow-up. Please subscribe to the thread so you are notified when they respond and please be patient while waiting.
-
For information on the Heartbleed bug and security concerns on WordPress.com, please refer to the following post for the most current information: http://en.blog.wordpress.com/2014/04/15/security-update/
-
You may wish to report your specific issue using/interfacing with the WordPress app on our iOS forums, http://ios.forums.wordpress.org/
If you believe this to be a security issue, you can report that here:
http://automattic.com/security/Finally, if this is simply an issue with the SSL certificate, that is a known issue that we are working on:
https://en.forums.wordpress.com/topic/certificate-errors-in-wordpress-mobile-app?replies=1Please let me know if none of these options fit your issue and we can go from there. :)
- The topic ‘WordPress.com server issue caused by Heartbleed fixes?’ is closed to new replies.
WordPress.com Forums 