After the recent Heartbleed fiasco, tech companies and non-tech companies alike are on top of major breaches in computer security.
Chances are you’ve already heard about “ShellShock“.
These snazzy names for security breaches are meant to generate fear and awe, and while they may sound like they are irrelevant to you, they are actually closer to home than you can imagine.
These security issues seem out of reach to many business owners or folks without technology departments. They are intimidating, and very few information sources offer real-life practical advice for non-tech experts to protect themselves.
This is a quick overview of the latest ShellShock vulnerability, in laymans terms.
Shell Shock is a vulnerability in a command line prompt language. Think back to the black box and blinking green prompts we’ve seen on computers of yore, used in the very popular Linux operating system. Linux is an incredibly popular software used in many places, some that might shock you. Think your phone, car, even your stove…
If your business has a website that lives on a public server, then chances are you are vulnerable to this security breach. In short, this is the danger: Anyone that knows this super-popular command line language can tap into a server that uses bash and access EVERYTHING.
This means your files, proprietary copy, consumer data, etc.
Many hosting companies have been transparent about patches and have fixes already in place. If you’re not a developer or web tech pro, you can still protect yourself.
Here are a few things you can do to limit your vulnerability:
- If your hosting company has not released information to you about the status of their systems then you need to contact them immediately. While shared hosting is cheap, it’s not always the best choice. If your neighbors on the server are susceptible, then you are too.
- If you aren’t confident that your hosting company has this under control, or you are using shared hosting with secure information, then you can request to be moved to a VPS (Virtual Private Server) until you know for sure how this affects your site.
- If you use managed hosting, specifically WordPress, you should ask if the hosting allows CGI (Common Gateway Interface). Note: WordPress does not use or require CGI, so ensuring that this is disabled or inaccessible is key.
- If you don’t know where to start, and you have a WordPress site, you can contact us for more information or help. We employ a full-time System Admin that serves our clients in matters like these. Just because you aren’t tech-savvy doesn’t mean you should suffer the effects of security breaches like these.
WordPress Specific Sites:
- If you have a WordPress site on an insecure host or shared hosting and need to move it immediately, you can use our migration services to get to your new host.
- If you are an Enterprise Company or large corporation using WordPress then you may qualify for our proprietary custom hosting services.
These breaches are becoming more common. The best thing you can do to protect yourself is align your business with a technology partner that is in-tune with your specific needs.
There are many wonderful options out there, but finding the best one for you is paramount. The time for “one-trick-ponies” is coming to an end and those that realize that are moving to full service firms and agencies.
At WP Valet, we know and recognize that bugs and exploits are a constant threat and on the rise. We’ve taken measures to protect our own clients that are most at risk by developing personalized server infrastructures for them. No matter who you host with, housing your business’ web properties on a virtual private cloud with a VPN server is one of the best ways to mitigate risks of any kind.
WP Valet is a WordPress Consolidated Services Agency. We provide multi-tier solutions for large companies wanting to leverage technology, business metrics, ecommerce, and sustainability in a growing and competitive web market.