Here at WP Engine, our customers entrust us with the security of their WordPress sites, and with that trust comes great responsibility. It’s because of that responsibility that we are informing our customers today of actions we are taking to our platform.

Qualys researchers this morning announced a glibc vulnerability, nicknamed GHOST, that involves a buffer overflow that is reachable both locally and remotely using the gethostbyname*() functions in glibc.

Upon initial investigation, we have found that this vulnerability affects a subset of our customers. Our Technical Operations team is currently in the process of upgrading all affected servers to a non-vulnerable version of glibc.

Once the patch has been applied, a server reboot may be required. We will do our best to make sure we impact as few customers as possible during this upgrade, however customer security is our top priority, so any required reboots will be done as soon as possible.

Should you have any concerns, please do not hesitate to contact our Technical Support team.

Be sure to subscribe to our status page for updates: https://wpenginestatus.com/.

Jason CosperJason Cosper works as the Developer Advocate for WP Engine. He loves digging into interesting problems and learning new things. Currently, he spends most of his days getting elbows deep in huge messes and doling out WordPress optimization advice. In his spare time, Cosper enjoys spending time with his wife and very tiny dog, grilling meats, sampling assorted whiskeys, writing cranky tweets about the Lakers and brewing coffee.

More WordPress News from WP Engine

Join the conversation.

Leave a Comment.

There are 6 comments

  • Tom Townsend on
    January 27, 2015 at 2:35 pm

    The Number #1 reason I WON’T HOST my clients sites anywhere else…..WPE gets it….you guys and gals….ROCK…

    Very much appreciate the email and the posted update.

    Reply
  • Mike Rogers on
    January 27, 2015 at 3:19 pm

    Thanks for the transparency and being on top of this!

    Reply
  • Jason Brummels on
    January 27, 2015 at 5:00 pm

    Thanks for the post and the help!

    Reply
  • Alex Williams on
    January 27, 2015 at 5:06 pm

    So glad I made the switch to WPEngine well over a year ago. Service is outstanding! Thank you for jumping on this vulnerability. I count on you guys for security and the safety of my clients!

    One suggestion however: Please send a notification to your customers when you do emergency maintenance so we know what to expect.

    Reply
  • Winter on
    January 28, 2015 at 10:48 am

    Thinking of migrating my site to WPEngine!

    Reply
  • Biobiodus on
    July 26, 2015 at 4:44 pm

    However, it appears that the issue was not readily viewed as a buffer overflow flaw, and, hence, the bug was not classified (originally) as a security issue.

    Reply