We want to reassure our customers that the current version of the Heartbleed bug, a recently discovered high priority security vulnerability, is not affecting sites hosted by WP Engine.
At WP Engine we take WordPress security very seriously. We conduct regular security assessments and work to address security vulnerabilities to protect our customers and their data. We also conduct ad hoc tests if a security threat, such as the Heartbleed bug, is brought to our attention. Accordingly, our security engineers have tested for Heartbleed and confirmed that customer sites and our User Portal are not vulnerable as of the date of this post.
The Heartbleed bug is currently impacting the open source software OpenSSL, which is used to encrypt web communications. The vulnerability can allow attackers to access encrypted data and communications. Fortunately, the version of OpenSSL we use here at WP Engine is not either of the versions impacted by the vulnerability.
You can use this tool to check whether your site is vulnerable to the Heartbleed bug. If you have reason to believe your site is vulnerable, you can contact our Support Team via Live Chat in the User Portal.
Please rest assured that our security team is monitoring the situation.