• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
SangFroid Web Home Page

SangFroid Web, LLC

Alpharetta & Atlanta Web Design for Business Owners and Solo Professionals

  • Home
  • About Us
        • About

        • Our Process
        • About Us
        • Service Area

        • Where We Work
          • Alpharetta, GA
          • Atlanta, GA
          • Johns Creek , GA
          • Marietta, GA
          • Roswell, GA
          • Panama City Beach, FL
        • Reviews

        • Clutch Verified Reviews
        • Testimonials
  • Services
        • Web Presence

          Web design with Search Engine Optimization (SEO) and accessibility in mind. Web presence isn’t just about a great looking website.

        • Web Design
        • Email Marketing
        • SEO

          Many aspects of Search Engine Optimization (SEO) work together to create a website that is optimized effectively for search engines.

        • Search Engine Optimization (SEO)
        • SEO Content Strategy
        • Online Presence SEO Audit
        • Local Search

          If you have a local storefront or service-area, or your business is geographically-based then you should be investing in Local SEO.

        • Local SEO Services
        • Google Business Profile Optimization
        • Website Support

          WordPress management helps you make better use of your website, improve SEO, prevent / clean up hacks & malware infections.

        • WordPress Website Support & Maintenance
        • WordPress Hack Clean Up / Malware Removal
        • Convert Your Website to HTTPS SSL
  • Solutions
    • Business Owners
    • Marketing Managers
    • Authors
  • Portfolio
  • Articles
  • Resources
    • Guides & Case Studies
    • Articles
    • Small Business Resources
    • Local SEO Resources
    • Protection Trifecta Toolkit
    • WebCoach Newsletter
    • Ask Us A Question
  • Schedule a Call
  • Home
  • About Us
    • Our Process
    • About Us
    • Where We Work
      • Alpharetta, GA
      • Atlanta, GA
      • Johns Creek , GA
      • Marietta, GA
      • Roswell, GA
      • Panama City Beach, FL
    • Clutch Verified Reviews
    • Testimonials
  • Services
    • Web Design
    • Search Engine Optimization (SEO)
    • SEO Content Strategy
    • Local SEO Services
    • Google Business Profile Optimization
    • WordPress Website Support & Maintenance
    • WordPress Hack Clean Up / Malware Removal
    • Convert Your Website to HTTPS SSL
    • Online Presence SEO Audit
    • Email Marketing
  • Solutions
    • Business Owners
    • Marketing Managers
    • Authors
  • Portfolio
  • Articles
  • Resources
    • Guides & Case Studies
    • Articles
    • Small Business Resources
    • Local SEO Resources
    • Protection Trifecta Toolkit
    • WebCoach Newsletter
    • Ask Us A Question
  • Schedule a Call
WordPress and Log4j Vulnerability

How Does the Log4j Vulnerability Affect WordPress Websites?

Have you been asked to provide a ‘response and impact statement’ about how the log4j vulnerability affects a WordPress website? Learn more below.

December 15, 2021 by Liz Eisworth
Table of Contents

    What is the Log4j or CVE-2021-44228 / CVE-2021-45046 Vulnerability?

    On December 9, 2021, a severe remote code execution vulnerability was identified in the popular open-source java logging library "log4j" developed by Apache. This vulnerability rated a rare 9.8 of 10 severity due to the ease of exploitation, the library's widespread use in JAVA programs, universal support for JAVA in all web browsers, and the ability of JAVA programs to run on ANY computer or device.

    Technical details about the exploit can be read in the following places:

    • Digging deeper into Log4Shell
    • CVE-2021-44228 Detail

    Is My WordPress Website Vulnerable to the Log4j Exploit?

    Thus far, the Log4j vulnerabilities in the WordPress software ecosystem are limited to 4 specific plugins and 'Epsilon Framework' themes that use the vulnerable Java library.Check if your website uses any of the plugins or themes on this list noted by WordFence. The list may be updated to include more plugins as they are discovered.

    If your website doesn't use any of the listed plugins or themes, then it is not affected. The authors of the affected plugins and themes will hopefully be issuing patches quickly.

    WordPress and log4j

    On the official WordPress.org forums, moderators have chimed in multiple times indicating that Log4j is not an issue for WordPress core:

    • https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/
    • https://wordpress.org/support/topic/cve-2021-44228-log4j-wordpress-affected-or-newspaper/
    • https://wordpress.org/support/topic/vulnerability-log4shell-cve-2021-44228/
    • https://wordpress.org/support/topic/log4j-vulnerability/

    What about my website hosting?

    cPanel hosting has a specific component that may be affected by Log4j.

    If your WordPress website is hosted on a cPanel hosting plan, there is one specific component of cPanel that may be affected.

    cPanel has issued a patch to fix the critical flaw in the log4j Java library found in part of the software used for email. The vulnerability itself is named, Log4Shell.

    Contact your hosting provider if you think you may be affected by this. In all likelihood, the larger hosting companies have already patched the library, but it never hurts to double check.

    Some common hosting companies we work with have issued statements or tweets concerning log4j:

    SiteGround (not affected)

    According to this support response, websites hosted on SiteGround are completely safe from the exploit because they use NGINX as the client facing web server for their systems and there’s no Log4j library configured anywhere on the hosting account. They also do not use any additional or 3rd party service that uses the vulnerable library to provide a certain service.

    This means means that, as a SiteGround customer, this vulnerability did not affect you in any way and you do not need to take any actions.

    WPEngine (not affected)

    WPEngine staff replied in this tweet that they are not affected by the log4j vulnerability.

    Liquid Web

    In this tweet response, Liquid Web indicates that the log4j plugin does not come installed by default on Liquid Web servers, but modifying default configurations could provide it. Any customers who have installed the plugin should verify their plugin security and install any updates or patches that have been issued.

    What else can you do to protect your WordPress website?

    Equip your website with a security plugin.

    You can equip your site with a security plugin such as WordFence, Sucuri Security (←this is an affiliate link) , MalCare (←so is this) , or similar security plugins. These types of plugins can help detect vulnerabilities and intrusions and also provide notifications when/if your site is using a vulnerable plugin -- so that it can be updated with the patched version.

    Make sure your plugins and core WordPress are up-to-date.

    It is a best practice to keep your plugins and WordPress up to date to ensure available patches have been applied. If you don't know if your WordPress and plugins are up to date, check out this tutorial, or you may want to consider a WordPress support plan.

    WordPress Care Plans - Keeping Your Site Safe

    Are you keeping your WordPress website protected?

    Download our guide to understand how to evaluate the success of your website, plus tips that will help you make improvements today!

    !
    !
    Send the Guide!
    Something went wrong. Please check your entries and try again.
    Category: Website Security, Wordpress
    Liz Eisworth

    About Liz Eisworth

    Liz Eisworth is the founder and lead designer of SangFroid Web located in Alpharetta, GA. As an experienced website designer and SEO strategist, Liz designs custom WordPress websites, optimizes websites for SEO, and leverages Local SEO / Google Business Profiles for business owners who are looking to improve their online presence to earn more traffic and leads. She built her first website for a business in 2003 and her first WordPress website in 2006. Learn more about Liz »

    Previous Post: Web Project Spotlight - November 2021 Project Spotlight: RhinoTech, PDVN & ChemSmart Wholesale
    Next Post:Does Your Website Need an Oil Change? WordPress Website Care & Maintenance WordPress Website Care & Maintenance Plans

    SangFroid Web Home Page

    Like Us on Facebook Connect on LinkedIn Follow us on Twitter Follow us on Instagram SangFroid on YouTube
    Search

    Contact

    SangFroid Web, LLC - Atlanta

    3365 Piedmont Rd NE #1400 | Atlanta, GA 30305
    404-496-4036 • sang@sangfroidweb.com

    SangFroid Web, LLC - Alpharetta

    11115 Kimball Crest Dr. | Alpharetta, Georgia 30022
    678-894-7040 • sang@sangfroidweb.com

    From the Blog

    • What is Google E-E-A-T in SEO?…and How to Improve It
      By Liz Eisworth
      December 19, 2022
    • Contact
    • Site Map
    • Hosting Login
    • Affiliate Disclosure
    • Privacy Policy
    • Terms of Service
    • Accessibility Statement

    © 2007 - 2023 SangFroid Web, LLC. All Rights Reserved.