News for clients about the “Heartbleed” security flaw

Summary: Unless we’ve contacted you individually via phone or email your site doesn’t use security certificates and so it’s not directly affected by the widely reported Heartbleed internet-security bug.


Heartbleed OpenSSL Vulnerability LogoDetails: When a
security bug is reported as straight news in the New York Times it’s probably pretty serious.  And the newly reported OpenSSL “Heartbleed” bug, which may have compromised passwords and security certificates for more than 60% of servers hosting secured websites, definitely counts as serious!

What does this mean for RealBasics clients?

From a personal standpoint we’re likely all in the same boat.  Yahoo!, Google, and numerous other major, major websites we use every day were certainly vulnerable, and those vulnerabilities may have been exploited.  Keep your eye on the news for what to do about that.

From a website owner’s perspective, especially if RealBasics, LLC, built, fixed, or maintains your website the answer is… your actual site is safe.  You’ll likely still want to change your passwords for your hosting company (e.g. GoDaddy, BlueHost) to keep anyone from logging into your hosting account.  But your actual website is going to be fine.

If you subscribe to our Maintenance Plan then you’re further protected in the following ways:

  • We regularly backup your site to the canonical “secure remote location.”
  • We regularly run multiple security scans on your site.
  • We regularly update your core website software, your plugins, and themes.

Again, this doesn’t mean your personal information on other sites, including possibly the company that hosts your website is safe.  But, again unless we’ve contacted you directly, at least the website we’ve built, fixed, or maintained for you is secure.

 

Here are some other

FacebooktwitterredditpinterestlinkedinmailFacebooktwitterredditpinterestlinkedinmail

David Innes, RealBasics.com

I've been building and maintaining websites since 1997 and building and supporting similar hypertext-driven software since 1987. I've done maintenance, support, and maintenance for physical and digital systems since 1981. And no, I still haven't seen it all but by now I usually know where to look.