At WP Engine, we take the security of your sites very seriously, and we strive to proactively keep you aware of any potential issues or vulnerabilities that could impact the sites you entrust to us.

A vulnerability was announced yesterday that impacted all WordPress sites across the world. If exploited, this vulnerability would allow malicious users to store JavaScript code which then could be used to obtain the credentials of anyone who visits the page. This Forbes article discusses the vulnerability in more detail.

Here at WP Engine, our Security Engineers immediately sprang into action and had placed a patch on our environment within three hours of the vulnerability being announced yesterday. This means that all WP Engine customers are safe and not vulnerable to this issue. You do not need to take any mitigation steps such as turning off comments, or wait for a WordPress update to ensure you are secure.

We’re proud to continue to fulfill our commitment to our customers by ensuring your sites are safe and secure.

More WordPress News from WP Engine

Join the conversation.

Leave a Comment.

There are 5 comments

  • Gabriel S Merovingi on
    April 27, 2015 at 10:40 am

    Keep up the good work!

    Reply
  • Carl Hassett on
    April 27, 2015 at 3:31 pm

    You all rock! Thank you!

    Reply
  • Matt Orley on
    April 28, 2015 at 8:53 am

    Have I told you lately that I love you? Thrilled to have you.

    Reply
  • Alexei Petrou on
    April 28, 2015 at 11:54 pm

    Great work. Thanks!

    Reply
  • Samina on
    April 29, 2015 at 5:37 am

    Well this is the commitment.
    Every blogger want to have safe and secure blog.
    Having WordPress hosted on a secure hosting services like WPEngine make us feel relax and secure

    Reply