New hardware bugs affecting processors have been reported. The ones that Intel, AMD, and ARM are designing. Google’s Project Zero reported these security flaws. And they are already being described as one of the worst bugs ever found in CPU attacks.
Spectre Meltdown Explained:
Vulnerabilities in Meltdown and Spectre enable malicious programmes to read. As well as accessing other programmes’ data. All systems that use any modern computing device are affected. You could be the owner of a WordPress site or a casual website browser. You can be harmed by this issue. You have a browser tab, for instance, that accesses a malicious site. This tab allows access to data from the browser’s installed password manager. Or cookies from other tabs, as well. Likewise, if you have a website hosted by WordPress with web hosts. And it has the same hardware shared by multiple sites. Your site is susceptible to theft of information violations. This means regardless of whether you’re sharing or being able to host. In a bad situation, you are.
Why are Spectre and Meltdown dangerous?
This specific problem affects everyone who uses any modern computing device. You could be the owner of a WordPress site or a casual website browser. You can be harmed by this issue. You have a browser tab, for instance, that accesses a malicious site. This tab allows you to access data from the browser-installed password manager. Or from cookies from other tabs as well. In the same way, if you’re hosting a WordPress site with web hosts. And there are multiple sites on the host which share the same hardware. Your site is prone to theft of data. This means, regardless of whether you’re on shared or managed hosting services. In a bad situation, you are.
Am I affected as a Website owner?
You’re already affected by the Meltdown security bug as of now. Passwords, SSL keys, and other sensitive information can be included in data theft.
What should I do as a WordPress site owner?
There are four ways to host a WordPress site that are popular:
Shared Hosting- GoDaddy, Bluehost, SiteGround et al.
There are many sites running on shared hosting, alongside many others. And on a server very close by. There is a certain level of protection on these servers. Ensuring that one site is safe from another. Under normal operation, this wall between sites is sufficient. It can however be violated. Each instance of the website runs on the same machine. This vulnerability can allow attempts to access data on other sites to be made by a malicious site.
The web hosts are responsible for deploying the Spectre Meltdown patches in this case. With your web host, you should follow up. And make sure they’ve got a plan for this.
Managed WordPress Hosting – WP Engine, Pantheon, etc.
Traditionally, managed WordPress hosting is regarded as better hosting. And it is even a safer option than shared hosting. The sites are hosted on the big cloud provider by most of the popular Managed WordPress Hosting providers. AWS, Digital Ocean, Google Cloud and others are among those providers. The risk of one site being able to affect another site is reduced by managed hosting. Other sites on the same server are like that. This case is distinct, however as Spectre and Meltdown are hardware bugs. Are you a host in a dedicated container? Know that multiple containers on the same machine may be running. This puts you at the same risk as a shared host site.
Many cloud platforms have their underlying platforms fixed already. A plan for the same was also laid out by some others. Meltdown or spectre meltdown patch software patches will also need to be applied by the managed web hosts. They’re going to have to do that with their own systems, too.
Cloud Hosting – Digital Ocean, AWS etc.
By renting virtual servers from cloud hosting platforms, a few of us run our sites. These cloud platforms allow a physical server to be shared by multiple clients. The customer can instal an operating system of their own. And then manage on top of this the entire stack. Giving complete flexibility to them. There’s a common underlying server. Therefore, meltdown vulnerability or vulnerability to the spectrum can be exploited.
The major cloud services patch their platforms quickly. You are accountable, however for maintaining your own virtual server. You should as soon as possible, update your OS.
Privately-owned and maintained server hosting is not a popular choice. Due to the complexity and cost, this is. You are at minimal risk from this bug, though if you happen to do so. We would also recommend keeping the OS updated, however.
Can I know if my site is under attack?
Unfortunately, it is doubtful that you will know if you are being attacked. There are bugs in the hardware that can result in data stealing. In conventional log archives, too without leaving any traces. The assault is irrespective of the framework of operation. And it does not depend on any bugs in software protection. These vulnerabilities operate on chips, handheld devices, and server services for personal computers. It could be possible for you and your guests to steal info. But it relies upon the technology of the hosting provider.
How can I fix it?
Sadly, at the moment, there is not anything else you can do. Almost everybody is affected by this error. Vendors of the Operating System have also begun rolling out fixes. These are however, stopgap patches and performance expenses. Meltdown attacks or Meltdown Spectre fixes are predicted to have effects on CPU performance of 5 to 30 percent. Whereas Spectre (and variations of Spectre) won’t be patched any time soon. We hope we’ll take steps from chip manufacturers like Intel and AMD. That will assist in dealing with these kinds of future attacks. And some sort of chip fault will prevent it.
There has been a reasonable amount of debate lately about the Intel processor architecture vulnerability and what is known as the Intel Spectre meltdown or Intel meltdown. You’ll be able to protect your PC with stable Intel chips and an AMD cpu.
Whom should I contact for help?
The deployment of Spectre and Meltdown patches or Meltdown and Spectre patches has already begun by major hosting firms. As a site administrator, the hosting company communicates with the hosting provider on their system state. Tell them directly to deploy patches if they haven’t already. Check with them as an end customer, what these fixes mean to you. Will it impact the output of the site? Would the end users make these results visible?
But what are the Meltdown and Spectre attacks or the weakness of Spectre explained anyway?
Google Project Zero revealed the bug as:
The following sentence outlines the Meltdown or Spectre exploits. They are an example of side channel vulnerabilities, or side channel attacks, as a matter of fact.
Statements were published by big corporations such as Amazon, Google, and AMD in January. They ensure their users that their new releases of software are stable. Many other giants have not spoken yet, including Apple. On your machine, use antivirus apps. Get a Spectre Meltdown Checker on your computer as well. More information on Project Zero news and updates can also be found on Google’s Blogspot team.
Below is a list of the newly discovered attacks:
Meltdown-PK (Protection Key Bypass)
Meltdown-BR (Bounds Check Bypass)
Hope that much of your questions are answered by this blog written by our study teams. Watch out for more security alerts in this room, as well as a full WordPress security guide.