So anyone worn out by yet another security issue to come down the pike? Raising hand here! There will be a flurry of updates coming your way for your electronic everything, but for your website, just some checking up.
ShellShock What?
Okay first it was login attacks on servers everywhere, then it was Heartbleed, now we have the bash bug called ShellShock. It has been a year of security challenges.
ShellShock is the bug nick name for the Bash Shell used by well, nearly everything, from online servers, computers to smartphones (and probably your other internet electronics). Windows perhaps not so much since it isn’t Unix/Linux based, I’m seeing conflicting info about that, but if you see an update from Windows – yes install!
Is Your Webhost A Safe Neighborhood?
Your webhost is going to be the main issue for WordPress sites (physical location of your website online). Bash shell technology is used by cPanel for example, a standard control panel used by a lot of webhosts. Note, it is not limited to cPanel for this bug.
Your webhost will need to install a security patch for Shellshock to make your website "neighborhood" safer. So how do you know if they applied the patch?
- Check with ManageWP Shellshock Check plugin. It is still waiting for approval from WordPress to be listed (it is very new).
- Server gurus – you can try this test yourself to see if your server is vulnerable.
- Or you can ask your webhost directly if they installed the patch.
Your webhost response should indicate the patch is either applied or planned on within a couple of days. If by Monday no change – this is a red flag they don’t have the resources to properly address real threats. Time to move.
How to Ask?
- Best way is to simply fill out your support ticket with your webhost. They will confirm whether or not they have applied the Shellshock patch. It might also bring your server "ahead of the cue" if they haven’t patched it. Be the squeaky wheel!
- Keep your ticket open until they have done the patch. It’s okay if they are snarky – they’re probably hearing from everyone. Be understanding but don’t close that ticket until they confirm the patch is applied.
- Why keep it open? Open tickets get escalated, they are motivated to close them. Your website is essential to your business – don’t feel guilty for asking.
- Once it is patched, close the ticket and say thanks!
Feel like you want to go up a level – maybe you should consider a WAF – web application firewall (yes I’m thinking about that but haven’t made the plunge.)
Summary – Ask, Update and Carry On
Give yourself peace of mind and proactively go ask your webhost if they have applied the Shellshock patch to your server. There will be a second patch in the near future, but they are still working on it.
There will be a lot of fear mongering in the media about this one. Will you need to change your passwords? Probably not, but if you don’t have a password manager – now is the time!
Oh, and if your computer or smartphone (or any device) has a security update – install, stay calm and carry on.