Late last month a security vulnerability in the Bash shell known as “ShellShock” put millions of web servers at risk. The vulnerability allows an attacker to execute code on a vulnerable server. ShellShock has been a much larger vulnerability than the Heartbleed bug discovered earlier this year. There is now a new WordPress plugin that helps determine if the server hosting your website is vulnerable to the ShellShock bug.


Simply download the plugin, activate it, and browse to Settings > ShellShock. Click the Run Test button. After the test is completed, a notice displays whether the server is vulnerable or not.

If the server shows up as vulnerable, you should contact your web host asap. I would also immediately create a full backup of the website. Better safe than sorry!