In recent days, a security vulnerability in Bash known as “ShellShock” has put millions of servers at risk. Without going into too much detail, the vulnerability allows an attacker to execute any code on a vulnerable server. The amount of servers at risk is far greater than the Heartbleed bug discovered earlier this year. The founder of ManageWP, Vladimir Prelovac, has released a new WordPress plugin that helps determine if the server hosting your website is vulnerable to the ShellShock bug.
The plugin checks for both disclosed ShellShock vulnerabilities CVE-2014-6271 and CVE-2014-7169. Simply download the plugin, activate it, and browse to Settings > Shellshock. Click the Run Test button. After the test is completed, a notice displays whether the server is vulnerable or not. In the following screenshot, the server I tested is not vulnerable.
If the server is vulnerable, take a screenshot and contact your host as soon as possible. Create a trouble ticket. Then, inform the support representative you tested the server and the results show it’s vulnerable. Attach the screenshot to the trouble ticket with a link to this article by Troy Hunt, which explains everything they need to know about the bug. After filing the report, create a full back up of your site in case the server is attacked before it’s patched.
Hi Jeff
Just sent a link to my host to see if they want me to run the check.
They are usually well on top of this sort of thing, but just in case.
Thanks for the heads up.