WP Engine customers on legacy Xen Linode host servers are being notified via email and the company’s status blog about impending downtime between July 21st and July 25th. According to an email forwarded to the Tavern from a WP Engine customer, Linode’s legacy Xen host servers contain a critical security vulnerability.
We are contacting you today regarding an upcoming emergency security maintenance being performed at one of our cloud infrastructure providers. The majority of cloud infrastructure providers across the world will be conducting maintenance due to this situation.
The details of the vulnerability are embargoed until July 26th giving Linode a limited amount of time to patch its systems. According to Linode, the company has no control over the disclosure date.
WP Engine expects the maintenance procedure to be conducted at some point on July 23rd. Downtime could last anywhere from 20-40 minutes during the migration.
This isn’t the first time both companies have been in the news due to security issues. Earlier this year, Linode confirmed that it experienced a data breach which resulted in resetting all of its customer’s passwords. The data breach was similar to one experienced by WP Engine where an attacker bypassed multiple layers of security to gain access to an administrative panel.
Linode is encouraging customers using its legacy Xen servers outside of hosting providers to review the following document to prepare for the reboot. WP Engine customers affected by this issue are encouraged to check the company’s status blog for further updates.