Big changes coming to WPStudio.com's membership. Make sure you are signed up for the latest news.

Cloudflare Security Precaution Alert

Good web security requires a constant eye on things that happen on the internet.  Cloudflare revealed yesterday that a buffer overflow / leakage occurred last week that may have affected around 0.00003% of their HTTP requests.  Due to the nature of this bug, I recommend that anyone who uses the Cloudflare services (be it DoS protection, DNS management, Flexible SSL, etc) take the opportunity to consider updating your security credentials:

  • Change your password
  • Change your two-factor authentication (normally this requires deactivating then reactivating to get a new “key set”)
  • If you use any APIs through Cloudflare, I would encourage you to generate a new set of keys.

For WordPress users, any easy way to log everyone out of your sites and require them to all re-login to the WordPress site is to change the SALT keys in the wp-config.php file.  All you have to do is find the code pictured below (with your own version of random characters) in your wp-config.php file.

Then replace it with an auto-generated new set of keys found at: https://api.wordpress.org/secret-key/1.1/salt/

This may also be a great opportunity to encourage people to put in place a security plan for your WordPress sites and/or client sites that you manage.  One suggestion would be to expire all passwords your clients use to access their sites every 90-120 days.  If and when clients push back on this security enhancement it can open the door for you to introduce password managers like LastPass, Dashlane, 1Password to your clients that can help keep them safer online.

Stay safe… and if you have any questions, you can ask them below.

Subscribe for Updates and Special Deals




Marketing permission: I give my consent to to be in touch with me via email using the information I have provided in this form for the purpose of news, updates and marketing.


3 Comments:
  1. How many is 0.00003% of the http requests? Is it a widespread issue that would affect other internet systems/resources that would cause problems for people who don’t use Cloudflare?

    • It’s not going to cause any problems for sites/users that don’t use Cloudflare since the issue was contained within their own internal HTTP parsing code. Now, its good to point out that if people use the same password everywhere then YES they could have issues. But with a good password manager and responsible creation of strong passwords you shouldn’t have an issue.

  2. Thanks for the info in plain American English, Benjamin! I did have one illegitimate User appear as an admin on one of my Cloudflare sites, which was pretty scary. Followed the steps and hopefully, things are okay. You can never have enough security these days.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.