Remember the Heartbleed virus that made news earlier this year?
Well, there is a new kid on the block. Actually, he has been hanging around unnoticed for quite a while (scary thought.) But now the cat is out of the bag. This threat has made the headlines, which means, now all the bad guys know about it too! And it is a HUGE threat! More like a neon sign that says…”come on in, the door is open.”
Granted I am not an expert in internet security, viruses or hacks, but I know enough to understand the implications of this one and you need to understand them too. So I wanted to share what I have learned along with some basic tips to keep your website and business safe.
So what is this BASH (a.k.a. ShellShock) threat?
It is a serious vulnerability that allows hackers to run/execute program code on any server that is using this particular software, and servers are what host ALL the websites we visit! Including yours. Because this is a Server vulnerability and not just a WordPress vulnerability it’s reach is massive. According to a post on ManageWP’s blog…
“It threatens to become one of the most widespread and dangerous exploits with serious security implications (it received both Impact and Exploitability scores of 10/10). If you have a server, own/manage websites or use a Mac – read on.”
How to check if your server/hosting account is vulnerable.
Download and install the Shellshock Check WordPress plugin. Then run the test. It checks if your server has a vulnerable version of bash installed. Download Shellshock check WordPress plugin
If the test shows that your server is vulnerable, you need to Contact your server/hosting company’s support. At this point most of the hosting companies should be aware of this and are busy patching and plugging.
BASH also affects Mac’s. You can find more information about it here.
Want to know more about the nitty gritty of this?
This is a great article (although a bit techy) that answers a lot of the questions you might have. The Shellshock FAQ: Here’s what you need to know
Other Steps you should be taking to protect your business and your website.
- Change your passwords often (I know…it’s a pain.)
- Make your passwords complex. Make it longer than 8 characters. Include capital letters, numbers and basic symbols.
- Install the Limit Login Attempts plugin (if you have a WordPress website.)
- Always log out when you are finished working on your website. Don’t just close the browser.
- Make sure you are backing up your website regularly.
- Make sure you are updating your website regularly. This includes WordPress updates, Theme updates and Plugin updates.
- Invest in a Firewall, Monitoring and Repair service. (Think of it like car insurance, you hope you never have to use it, but…) Two to look at are: Sucuri.net and SiteLock.com
If you want to put these things in place but find it totally overwhelming or just too time consuming, I invite you check out CS Basic Update & Backup.