At WP Engine, we take the security of your sites very seriously, and we strive to proactively keep you aware of any potential issues or vulnerabilities that could impact the sites you entrust to us.

A vulnerability was announced yesterday that impacted all WordPress sites across the world. If exploited, this vulnerability would allow malicious users to store JavaScript code which then could be used to obtain the credentials of anyone who visits the page. This Forbes article discusses the vulnerability in more detail.

Here at WP Engine, our Security Engineers immediately sprang into action and had placed a patch on our environment within three hours of the vulnerability being announced yesterday. This means that all WP Engine customers are safe and not vulnerable to this issue. You do not need to take any mitigation steps such as turning off comments, or wait for a WordPress update to ensure you are secure.

We’re proud to continue to fulfill our commitment to our customers by ensuring your sites are safe and secure.