News for clients about the “Heartbleed” security flaw
Summary: Unless we’ve contacted you individually via phone or email your site doesn’t use security certificates and so it’s not directly affected by the widely reported Heartbleed internet-security bug.
Details: When a security bug is reported as straight news in the New York Times it’s probably pretty serious. And the newly reported OpenSSL “Heartbleed” bug, which may have compromised passwords and security certificates for more than 60% of servers hosting secured websites, definitely counts as serious!
What does this mean for RealBasics clients?
From a personal standpoint we’re likely all in the same boat. Yahoo!, Google, and numerous other major, major websites we use every day were certainly vulnerable, and those vulnerabilities may have been exploited. Keep your eye on the news for what to do about that.
From a website owner’s perspective, especially if RealBasics, LLC, built, fixed, or maintains your website the answer is… your actual site is safe. You’ll likely still want to change your passwords for your hosting company (e.g. GoDaddy, BlueHost) to keep anyone from logging into your hosting account. But your actual website is going to be fine.
If you subscribe to our Maintenance Plan then you’re further protected in the following ways:
- We regularly backup your site to the canonical “secure remote location.”
- We regularly run multiple security scans on your site.
- We regularly update your core website software, your plugins, and themes.
Again, this doesn’t mean your personal information on other sites, including possibly the company that hosts your website is safe. But, again unless we’ve contacted you directly, at least the website we’ve built, fixed, or maintained for you is secure.
Here are some other