WordPress Plugin Checks if The Server Hosting Your Site is Vulnerable to The “ShellShock” Bug

ShellShock Featured Image
photo credit: Tony Busercc

In recent days, a security vulnerability in Bash known as “ShellShock” has put millions of servers at risk. Without going into too much detail, the vulnerability allows an attacker to execute any code on a vulnerable server. The amount of servers at risk is far greater than the Heartbleed bug discovered earlier this year. The founder of ManageWP, Vladimir Prelovac, has released a new WordPress plugin that helps determine if the server hosting your website is vulnerable to the ShellShock bug.

The plugin checks for both disclosed ShellShock vulnerabilities CVE-2014-6271 and CVE-2014-7169. Simply download the plugin, activate it, and browse to Settings > Shellshock. Click the Run Test button. After the test is completed, a notice displays whether the server is vulnerable or not. In the following  screenshot, the server I tested is not vulnerable.

ShellShock Test Results
ShellShock Test Results

If the server is vulnerable, take a screenshot and contact your host as soon as possible. Create a trouble ticket. Then, inform the support representative you tested the server and the results show it’s vulnerable. Attach the screenshot to the trouble ticket with a link to this article by Troy Hunt, which explains everything they need to know about the bug. After filing the report, create a full back up of your site in case the server is attacked before it’s patched.

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let's discuss your ideas.

2 Comments


  1. Hi Jeff
    Just sent a link to my host to see if they want me to run the check.
    They are usually well on top of this sort of thing, but just in case.

    Thanks for the heads up.

    Report

Comments are closed.