Do You Sell Products or Services on Your Website?
What is the Heartbleed bug? Basically it is a vulnerability in the software for open SSL Certificates that leaves it possible for hackers to read your passwords and other protected information. As bugs go this is a biggie.
If you are selling anything or have a membership website, you might be using an SSL Certificate. Usually you can tell because your URL will have HTTPS as part of the address for secure areas and you are getting billed annually for your SSL Certificate.
Here is a handy tool to check if your website is affected (use only for your own website or those you administrate on behalf of):
If the test has indicated your site is vulnerable here is what you should do right now. Don’t put it off – this is important.
- Contact your webhost, fill out a support ticket and ask when they will be doing the heartbleed patch fix.
- After the patch has been done on your server – ask your SSL Certificate vendor to generate a new certificate and keys (most do this for free). If you get your SSL Certificate through your webhost, hopefully they can just take care of all that for you.
- After both steps, replace your administrative passwords to your website including user WordPress accounts, cPanel, and FTP accounts. All user accounts and membership accounts to the website should also be changed.
If you have a dedicated server, you are responsible for taking care of this directly.
What This Means For You When Using Websites
Those impacted will most likely ask you to replace your passwords. Many will publish when they have fixed this problem and probably prompt you for a new password.
Lastpass has a tool you can check if a website you use is vulnerable to the heartbleed bug. It isn’t infallible, it doesn’t know if a website has done the patch – only the date the SSL Certificate was issued. But it can give you some peace of mind with services you need to use right now.
Lastpass is awesome, another good password tracker are the 1Password apps which you can install directly on your mobile and desktops (sync with Dropbox).
There you go. I hope that helps relieve your mind – have any questions email me or post on my Facebook page or on Twitter.