You might have already heard, but a remotely exploitable vulnerability has been found in the widely installed Bash shell. While we do not offer SSH access to our customers, our admin team is currently upgrading Bash across the farm in order to keep our servers up-to-date. There should be no interruption to service for any customer while this upgrade is happening.
Because we specifically block CGI execution on customer sites by default—as it does not need to be “on” in order to get WordPress to run—our users are already protected from this exploit. Our use of AppArmor on all servers also offers additional protections that would keep attackers from gaining access to anything beyond the site they are visiting.
Hopefully this helps ease any concerns you might have!
Jason Cosper works as the Senior Technical Advisor for WP Engine and helps customers with their security concerns on a daily basis. He spends most of his days getting elbows deep in huge messes and doling out WordPress optimization advice. In his spare time, Cosper enjoys spending time with his wife and very tiny dog, grilling meats, sampling assorted craft beers, writing cranky tweets about the Lakers and brewing coffee.