New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WPEngine Credentials Exposed
Recently WPEngine sent out an email to their customers asking them to change their passwords.
The passwords they want you to change are the user portal, sFTP, your WordPress database password, your original wp-admin WordPress account and any password protected installs and transferable installs.
If you are a WPEngine customer, check your email immediately and start updating your credentials as per their suggestion.
Additional information and any future updates about this event are available at https://wpengine.com/support/infosec/
Comments
whoever's hosting with them deserves it.
Can you elaborate a bit your statement?
This is LET. We shit on people and smile complacently afterwards. We do no elaborate. ;-)
(Just kidding, of course. We all are well-bred and friendly people who are always able to prove our point in a scientific way.)
Legit!
We aren't
dumbrich enough to afford that kind of hosting.This kind of statement should make you run for the hills.
By their own admission, they have not yet investigated the issue. That also means that they don't know the attack vector, which in turn means that they cannot even know whether the breach has been resolved yet. If it hasn't, then changing your passwords would be futile.
In other words: they are asking you to change your passwords, without even having confirmed first that that would make any difference. In the process, they are likely giving their customers a false sense of security - there's a very good chance that changing your passwords will do exactly nothing to secure your account(s).
This is a highly unprofessional way to deal with a breach, and shows that they don't really understand how to handle breaches correctly.
Was curious about their pricing so I just checked out their website...those are some crazy prices for Wordpress hosting.
yeah I'd host with gvh at any time instead of wpengine
What's so special about wpengine? I know it's managed, anything else? Do they even optimize your site for you and install cache and the stuff?
You receive the privilege to pay many times more than needed for wp hosting. It's worth for it for them.
https://www.google.co.uk/search?q=wpengine+sucks&ie=utf-8
Lol that's what I thought. I think I'm better with a $30 delimiter server and manage everything myself. In the meanwhile I can stuff a couple of VPS users on there to possibly offset some costs. I'm a genius XDD
No, management services is worth it, if your time is worth a lot more and can afford it. Similar idea to hiring employees.
If you work alone, it might be fine to self-manage.
Just not sure who you can trust with server management.
Yes it's probably worth it. I got on their developer program, and they have some nice features. The price of entry represents the money I make in a small amount of time, so it makes sense if it saves me time.
The lack of control means I'll keep a dev server or 2, and some vagrant installs, but if their staging works well, I may be doing more work with them. I'm slowly moving my clients from shared hosting to Cloudways, but can see WP Engine as a possibility too.
One thing I don't like is their barred plugins policy - I can see that caching plugins might conflict with their caching setup, but barring backup plugins like duplicator seems to be a lock-in tool.
Of course, if it turns out in the hack post mortem that their passwords weren't adequately encrypted, I'll dump them immediately.
That was actually my favorite feature. For one thing, backup plugins and the like may not work because they severely alter the installations on the back end. I took a raw backup from their system once (they tarred it up and added a DB dump) and tried to set it up on a normal server... I ended up telling the client to take an XML backup of their content and be thankful that they could do that
But really plugins are what break Wordpress most easily. It was nothing at HostGator for me to run across someone running 70-150 plugins in their Wordpress install, complaining to me that it was slow.
If you're going to run an environment specifically for Wordpress, for people who outgrew regular shared hosting but refuse to run it and optimize it themselves on a VPS/dedi, you've got to draw some lines.
I'm really glad to see a lot of morons on hostgator. That means less traffic for them and more for others.
To the geniuses on this thread that wpengine sucks - they make millions by providing a "WP that works well" service to non-technical people. Tell us again how genius you feel.
Holy crap, and I thought my 13 plugins was bad. What do you do, just click install on every plugin you see? Or install 25 different facebook like button plugins
What's hilarious is when no less than 5 are SEO plugins. Add in W3 Total Cache with database/object caching to disk and you've got an instant fail
The real question here is: Why did Wordpress become so popular at all.
And here is the answer: http://www.cvedetails.com/vulnerability-list/vendor_id-2337/product_id-4096/
Nobody beats the amount of exploits!
Right place, right time, right product.