Our Plugins Are Not Affected by the Log4j Security Vulnerability

By now you may have heard about the latest widespread security vulnerability involving a free piece of software called log4j. Because we do not use log4j, this particular vulnerability has not affected any of our plugins or systems.

What is log4j?

Log4j is open source software that is used by developers to log information and keep track of what happens in their applications or online services.

What’s the problem?

A previously undiscovered vulnerability exists within the log4j software that can potentially allow cyberattackers to take control of some websites that use log4j.

So The Events Calendar really isn’t affected?

We’re happy to inform our users that we have not been affected by this vulnerability. We used one of the most popular scanning tools and reviewed our codebase to detect the presence of vulnerable log4j hosts and confirmed there are none.

Website Security is scary. Here’s how you can protect yourself.

Website security isn’t as difficult to achieve as you might think. Here is a quick list of easy things you can do to keep your website safe from cyber attacks:

1. Good quality, managed hosting. Liquid Web (our parent company) and Nexcess (one of our sister companies) take web security very seriously. Read more about what they’re doing to ensure customer websites are safe: https://www.liquidweb.com/products/add-ons/server-protection/
2. SSL Certificate. Installing an SSL ensures that any data sent from your website to another location (like credit card information) is encrypted before it gets sent out. If your website doesn’t display a padlock next to the address in the address bar, ask your hosting provider about getting an SSL Certificate.
3. Strong passwords/2FA. One of the best things you can do to protect yourself is to use strong passwords for all Admin accounts, and use 2 factor authentication.
4. Security Plugin. There are several great security plugins out there. We’re pretty partial to iThemes Security ourselves. iThemes Security has many great features that will improve your security, including the aforementioned 2-Factor Authentication. 
5. Backups. Making regular backups of your site, and storing those backups somewhere other than your hosting server allows you to easily restore your website in case something irreparable happens.
6. Updates. Keeping your WordPress core, Theme, and Plugins up-to-date is a very important part of keeping your website protected from cyber attackers, especially when it comes to a popular attack called “SQL injections”.