Is Your Site Safe from the Shell Shock (Bash) Vulnerability?

What is It?

This vulnerability attacks your host, not your website itself. It is important to check to make sure your host has patched the bug to ensure your site is safe. Some say this security threat could be bigger than HeartBleed a few months ago, so it is important to know your site it protected.


Has Your Host Responded?

Below are excerpts from each host explaining how they responded to Shell Shock.




As one of the first organizations to know about the exploit, we immediately began taking action to secure our platform.  Using the RedHat public patch as a primary resource, we patched our own implementation of Bash to secure our platform, and have deployed that to all our servers.

Official Response



We’re patching our servers. We began patching our servers yesterday when we learned of the vulnerability. We’ve got a lot of work to do, but our goal is to finish patching by end of day today. We’ve also added additional security filters to protect your accounts while we patch our servers. (9/25/14)

Official Response



“You should know that all HostGator servers have been patched as of this writing. We identified the issue very early-on and developed the necessary solution for our environment.”

Official Response

WP Engine


Because we specifically block CGI execution on customer sites by default—as it does not need to be “on” in order to get WordPress to run—our users are already protected from this exploit. Our use of AppArmor on all servers also offers additional protections that would keep attackers from gaining access to anything beyond the site they are visiting.

Official Response



All SiteGround servers were patched in less than 24 hours the vulnerability was announced. In addition, our unique server setup including the special chroot isolation has made it highly unlikely for any attacker to have been able to utilize this vulnerability and gain access to sensitive information even before the patch.

Official Response


Don’t See Your Host Listed Here?

Download and activate this plugin, which will let you know if your site is secure from Shell Shock.