This week the details of a serious security bug called the OpenSSL vulnerability or Heartbleed bug were released to the public. The bug itself has been in circulation since early 2012. Our clients have asked us about this bug and how their websites have been affected by it.
WP-MONITOR takes security very seriously. If you are a WP-MONITOR client we want you to know that your sites have not been exposed to the Heartbleed vulnerability due to WP-MONITOR monitoring and maintaining your sites. Even if the WP-MONITOR.com website itself had been exposed to the Heartbleed bug, your websites would not be affected by that. In addition, no sensitive or secure information about your sites is stored on the WP-MONITOR server or on any server used by us to maintain and monitor your sites. All WordPress maintenance and monitoring services by us are performed on your WordPress sites directly as if you were logged into them. This is possible due to the WP-MONITOR plugin that we install on your sites.
On April 08, 2014, after learning of the heartbleed bug, WP-MONITOR sent out a security alert email to any website managed by us that was found to have the heartbleed vulnerability. If you are a WP-MONITOR and you did not get an email from us, then your website was not vulnerable to the heartbleed bug as of April 8th.
For more information about the heartbleed bug, we recommend that you read the blog How to fix Heartbleed Bug and OpenSSL Vulnerability found on our parent website. That blog will explain in detail what the heartbleed bug is, how you can fix the bug on any website including WordPress sites, and why you should change your password on other websites that could have been compromised.
There is also a Heartbleed Test that allows you to check if your website has the heartbleed bug.