Here at WP Engine, our customers entrust us with the security of their WordPress sites, and with that trust comes great responsibility. It’s because of that responsibility that we are informing our customers today of actions we are taking to our platform.

Qualys researchers this morning announced a glibc vulnerability, nicknamed GHOST, that involves a buffer overflow that is reachable both locally and remotely using the gethostbyname*() functions in glibc.

Upon initial investigation, we have found that this vulnerability affects a subset of our customers. Our Technical Operations team is currently in the process of upgrading all affected servers to a non-vulnerable version of glibc.

Once the patch has been applied, a server reboot may be required. We will do our best to make sure we impact as few customers as possible during this upgrade, however customer security is our top priority, so any required reboots will be done as soon as possible.

Should you have any concerns, please do not hesitate to contact our Technical Support team.

Be sure to subscribe to our status page for updates: https://wpenginestatus.com/.


Jason CosperJason Cosper works as the Developer Advocate for WP Engine. He loves digging into interesting problems and learning new things. Currently, he spends most of his days getting elbows deep in huge messes and doling out WordPress optimization advice. In his spare time, Cosper enjoys spending time with his wife and very tiny dog, grilling meats, sampling assorted whiskeys, writing cranky tweets about the Lakers and brewing coffee.