In recent days, a security vulnerability in Bash known as “ShellShock” has put millions of servers at risk. Without going into too much detail, the vulnerability allows an attacker to execute any code on a vulnerable server. The amount of servers at risk is far greater than the Heartbleed bug discovered earlier this year. The founder of ManageWP, Vladimir Prelovac, has released a new WordPress plugin that helps determine if the server hosting your website is vulnerable to the ShellShock bug.
The plugin checks for both disclosed ShellShock vulnerabilities CVE-2014-6271 and CVE-2014-7169. Simply download the plugin, activate it, and browse to Settings > Shellshock. Click the Run Test button. After the test is completed, a notice displays whether the server is vulnerable or not. In the following screenshot, the server I tested is not vulnerable.
If the server is vulnerable, take a screenshot and contact your host as soon as possible. Create a trouble ticket. Then, inform the support representative you tested the server and the results show it’s vulnerable. Attach the screenshot to the trouble ticket with a link to this article by Troy Hunt, which explains everything they need to know about the bug. After filing the report, create a full back up of your site in case the server is attacked before it’s patched.