{"id":267,"date":"2014-04-09T23:50:06","date_gmt":"2014-04-09T23:50:06","guid":{"rendered":"https:\/\/digitalchild.info\/?p=267"},"modified":"2014-04-09T23:50:06","modified_gmt":"2014-04-09T23:50:06","slug":"heartbleed-vulnerability-and-wordpress","status":"publish","type":"post","link":"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/","title":{"rendered":"Heartbleed Vulnerability and WordPress"},"content":{"rendered":"

Unless you’ve been under a rock for the last day and a half you would have heard something about the latest OpenSSL vulnerability\u00a0called Heartbleed<\/a>. This article is going to help anyone that cares about the heartbleed vulnerability and WordPress SSL. What this vulnerability\u00a0allows is for an attacker to steal information that is usually nice and tightly guarded behind your SSL certificates. They are able to get passwords, the private key that secures your SSL certificate that is\u00a0in your servers memory and other information leaving no trace. This is very bad. Now I run a lot of WordPress websites and use SSL certificates for access to the admin area and for all user logins, you do too right, right?<\/p>\n

You can check if you’re vulnerable by using the following tool developed by Filipp Valsorda at \u00a0http:\/\/filippo.io\/Heartbleed\/<\/a><\/p>\n

Almost all major operating systems that are vulnerable have already released patches for this and unless you’re with a dodgy web host they would have applied the patch by now. This is great however due to the fact that there is no way of knowing if there has\u00a0been an attack\u00a0you should generate a new SSL certificate and have that installed. You will then need to force all your users to log out and change their passwords.<\/p>\n

You will need to force everyone to logout and then force them all to change their passwords.<\/p>\n

Force Logout<\/strong><\/p>\n

In WordPress it is actually very easy to force all your users to log out by changing the security keys stored<\/a> in your wp-config file. You can read how to do this here.<\/p>\n

What you’ll need to do is open the wp-config.php file on your wordpress install and locate the lines that look like this.<\/p>\n

\ndefine( 'AUTH_KEY',         't`DK%X:>xy|e-Z(BXb\/f(Ur`8#~UzUQG-^_Cs_GHs5U-&Wb?pgn^p8(2@}IcnCa|' );\ndefine( 'SECURE_AUTH_KEY', 'D&ovlU#|CvJ##uNq}bel+^MFtT&.b9{UvR]g%ixsXhGlRJ7q!h}XWdEC[BOKXssj' );\ndefine( 'LOGGED_IN_KEY', 'MGKi8Br(&{H*~&0s;{k0\ndefine( 'NONCE_KEY', 'FIsAsXJKL5ZlQo)iD-pt??eUbdc{_Cn<4!d~yqz))&B D?AwK%)+)F2aNwI|siOe' );\ndefine( 'AUTH_SALT', '7T-!^i!0,w)L#JK@pc2{8XE[DenYI^BVf{L:jvF,hf}zBf883td6D;Vcy8,S)-&G' );\ndefine( 'SECURE_AUTH_SALT', 'I6`V|mDZq21-J|ihb u^q0F }F_NUcy`l,=obGtq*p#Ybe4a31R,r=|n#=]@]c #' );\ndefine( 'LOGGED_IN_SALT', 'w<$4c$Hmd%\/*]`Oom>(hdXW|0M=X={we6;Mpvtg+V.o<$|#_}qG(GaVDEsn,~*4i' );\ndefine( 'NONCE_SALT', 'a|#h{c5|P &xWs4IZ20c2&%4!c(\/uG}W:mAvy<i44`jabup]t=]v<`}.py(<span class="hiddenSpellError">wTP%%' );\n\n<\/pre>\n

<\/span>
\n
Use the online salt generator found here<\/a>. This will output a set of new salts you can paste over the existing ones. Save the file and this will force everyone to log in again.<\/p>\n

Force Password Change<\/strong><\/p>\n

This is also relatively easy if you are comfortable with PhpMyAdmin and SQL. WordPress won’t let someone log in if their password is blank so you can force everyone to change their password by updating ALL passwords to nothing. When a user tries to login it will deny them and they will have to use the lost\/forgot password feature of WordPress to reset it.<\/p>\n

You will need to check what your database prefix is (this is in your wp-config.php) and then run the following command in PhpMyAdmin on your wordpress database.<\/p>\n

\n\nUPDATE wp_users SET user_pass='';\n\n<\/pre>\n

PLEASE NOTE: This assumes that your WordPress database prefix is wp, it might not be this if you are using any security plugins such as Better WP Security.\u00a0<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Unless you’ve been under a rock for the last day and a half you would have heard something about the latest OpenSSL vulnerability\u00a0called Heartbleed. This article is going to help anyone that cares about the heartbleed vulnerability and WordPress SSL. What this vulnerability\u00a0allows is for an attacker to steal information …<\/p>\n

Heartbleed Vulnerability and WordPress<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":""},"categories":[5],"tags":[87,138,148,175,189,213,224],"yoast_head":"\nHeartbleed Vulnerability and Wordpress - Random Adult<\/title>\n<meta name=\"description\" content=\"Use the following tips to clean up after the heartbleed vulnerability and wordpress.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Heartbleed Vulnerability and Wordpress\" \/>\n<meta property=\"og:description\" content=\"Use the following tips to clean up after the heartbleed vulnerability and wordpress.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/\" \/>\n<meta property=\"og:site_name\" content=\"Random Adult\" \/>\n<meta property=\"article:published_time\" content=\"2014-04-09T23:50:06+00:00\" \/>\n<meta name=\"author\" content=\"digitalchild\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dcwhatwhat\" \/>\n<meta name=\"twitter:site\" content=\"@dcwhatwhat\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"digitalchild\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/\"},\"author\":{\"name\":\"digitalchild\",\"@id\":\"https:\/\/randomadult.local\/#\/schema\/person\/b0b954202434291ace51b4e7a0a81c04\"},\"headline\":\"Heartbleed Vulnerability and WordPress\",\"datePublished\":\"2014-04-09T23:50:06+00:00\",\"dateModified\":\"2014-04-09T23:50:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/\"},\"wordCount\":639,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/randomadult.local\/#organization\"},\"keywords\":[\"heartbleed\",\"openssl\",\"phpmyadmin\",\"security\",\"SSL\",\"vulnerability\",\"wordpress\"],\"articleSection\":[\"Geek\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/\",\"url\":\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/\",\"name\":\"Heartbleed Vulnerability and Wordpress - Random Adult\",\"isPartOf\":{\"@id\":\"https:\/\/randomadult.local\/#website\"},\"datePublished\":\"2014-04-09T23:50:06+00:00\",\"dateModified\":\"2014-04-09T23:50:06+00:00\",\"description\":\"Use the following tips to clean up after the heartbleed vulnerability and wordpress.\",\"breadcrumb\":{\"@id\":\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/randomadult.local\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Heartbleed Vulnerability and WordPress\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/randomadult.local\/#website\",\"url\":\"https:\/\/randomadult.local\/\",\"name\":\"Random Adult\",\"description\":\"Ramblings of a random adult\",\"publisher\":{\"@id\":\"https:\/\/randomadult.local\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/randomadult.local\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/randomadult.local\/#organization\",\"name\":\"Random Adult\",\"url\":\"https:\/\/randomadult.local\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/randomadult.local\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/randomadult.local\/wp-content\/uploads\/2020\/01\/logo.png\",\"contentUrl\":\"https:\/\/randomadult.local\/wp-content\/uploads\/2020\/01\/logo.png\",\"width\":320,\"height\":134,\"caption\":\"Random Adult\"},\"image\":{\"@id\":\"https:\/\/randomadult.local\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/twitter.com\/dcwhatwhat\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/randomadult.local\/#\/schema\/person\/b0b954202434291ace51b4e7a0a81c04\",\"name\":\"digitalchild\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/randomadult.local\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e0331079f6730910bc7760cb8f781237?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e0331079f6730910bc7760cb8f781237?s=96&d=mm&r=g\",\"caption\":\"digitalchild\"},\"url\":\"https:\/\/randomadult.local\/author\/digitalchild\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Heartbleed Vulnerability and Wordpress - Random Adult","description":"Use the following tips to clean up after the heartbleed vulnerability and wordpress.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/","og_locale":"en_US","og_type":"article","og_title":"Heartbleed Vulnerability and Wordpress","og_description":"Use the following tips to clean up after the heartbleed vulnerability and wordpress.","og_url":"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/","og_site_name":"Random Adult","article_published_time":"2014-04-09T23:50:06+00:00","author":"digitalchild","twitter_card":"summary_large_image","twitter_creator":"@dcwhatwhat","twitter_site":"@dcwhatwhat","twitter_misc":{"Written by":"digitalchild","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/#article","isPartOf":{"@id":"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/"},"author":{"name":"digitalchild","@id":"https:\/\/randomadult.local\/#\/schema\/person\/b0b954202434291ace51b4e7a0a81c04"},"headline":"Heartbleed Vulnerability and WordPress","datePublished":"2014-04-09T23:50:06+00:00","dateModified":"2014-04-09T23:50:06+00:00","mainEntityOfPage":{"@id":"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/"},"wordCount":639,"commentCount":0,"publisher":{"@id":"https:\/\/randomadult.local\/#organization"},"keywords":["heartbleed","openssl","phpmyadmin","security","SSL","vulnerability","wordpress"],"articleSection":["Geek"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/","url":"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/","name":"Heartbleed Vulnerability and Wordpress - Random Adult","isPartOf":{"@id":"https:\/\/randomadult.local\/#website"},"datePublished":"2014-04-09T23:50:06+00:00","dateModified":"2014-04-09T23:50:06+00:00","description":"Use the following tips to clean up after the heartbleed vulnerability and wordpress.","breadcrumb":{"@id":"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/randomadult.local\/heartbleed-vulnerability-and-wordpress\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/randomadult.local\/"},{"@type":"ListItem","position":2,"name":"Heartbleed Vulnerability and WordPress"}]},{"@type":"WebSite","@id":"https:\/\/randomadult.local\/#website","url":"https:\/\/randomadult.local\/","name":"Random Adult","description":"Ramblings of a random adult","publisher":{"@id":"https:\/\/randomadult.local\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/randomadult.local\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/randomadult.local\/#organization","name":"Random Adult","url":"https:\/\/randomadult.local\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/randomadult.local\/#\/schema\/logo\/image\/","url":"https:\/\/randomadult.local\/wp-content\/uploads\/2020\/01\/logo.png","contentUrl":"https:\/\/randomadult.local\/wp-content\/uploads\/2020\/01\/logo.png","width":320,"height":134,"caption":"Random Adult"},"image":{"@id":"https:\/\/randomadult.local\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/twitter.com\/dcwhatwhat"]},{"@type":"Person","@id":"https:\/\/randomadult.local\/#\/schema\/person\/b0b954202434291ace51b4e7a0a81c04","name":"digitalchild","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/randomadult.local\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e0331079f6730910bc7760cb8f781237?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e0331079f6730910bc7760cb8f781237?s=96&d=mm&r=g","caption":"digitalchild"},"url":"https:\/\/randomadult.local\/author\/digitalchild\/"}]}},"_links":{"self":[{"href":"https:\/\/randomadult.local\/wp-json\/wp\/v2\/posts\/267"}],"collection":[{"href":"https:\/\/randomadult.local\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/randomadult.local\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/randomadult.local\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/randomadult.local\/wp-json\/wp\/v2\/comments?post=267"}],"version-history":[{"count":0,"href":"https:\/\/randomadult.local\/wp-json\/wp\/v2\/posts\/267\/revisions"}],"wp:attachment":[{"href":"https:\/\/randomadult.local\/wp-json\/wp\/v2\/media?parent=267"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/randomadult.local\/wp-json\/wp\/v2\/categories?post=267"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/randomadult.local\/wp-json\/wp\/v2\/tags?post=267"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}