Good web security requires a constant eye on things that happen on the internet. Cloudflare revealed yesterday that a buffer overflow / leakage occurred last week that may have affected around 0.00003% of their HTTP requests. Due to the nature of this bug, I recommend that anyone who uses the Cloudflare services (be it DoS protection, DNS management, Flexible SSL, etc) take the opportunity to consider updating your security credentials:
- Change your password
- Change your two-factor authentication (normally this requires deactivating then reactivating to get a new “key set”)
- If you use any APIs through Cloudflare, I would encourage you to generate a new set of keys.
For WordPress users, any easy way to log everyone out of your sites and require them to all re-login to the WordPress site is to change the SALT keys in the wp-config.php file. All you have to do is find the code pictured below (with your own version of random characters) in your wp-config.php file.
Then replace it with an auto-generated new set of keys found at: https://api.wordpress.org/secret-key/1.1/salt/
This may also be a great opportunity to encourage people to put in place a security plan for your WordPress sites and/or client sites that you manage. One suggestion would be to expire all passwords your clients use to access their sites every 90-120 days. If and when clients push back on this security enhancement it can open the door for you to introduce password managers like LastPass, Dashlane, 1Password to your clients that can help keep them safer online.
Stay safe… and if you have any questions, you can ask them below.