WordPress affected by the log4j CVE-2021-44228 exploit?

Share on facebook
Share on google
Share on twitter
Share on linkedin
Photo by Twitter @ethmessages on Unsplash

Highlights:

  • CVE-2021-44228 (LogJam / Log4Shell) tracks a remote code explotation (RCE) in the popular log4j Java library
  • WordPress isn’t written in Java and doesn’t use log4j
  • Your Wordify sites aren’t affected

Free WP Hosting for Developers

Sign Up for Wordify DevSites

Many of our clients have asked if they are affected by this and if they should take any action. We’re happy to confirm, Wordify and the WordPress sites we host are not affected by this issue.

It would have been hard to miss that a recent exploit in log4j, a popular java logging library, has been exploited in the wild and creating a lot of headlines. CVSS rated the exploit as a 10/10 in severity which highlights the severity of the issue and explains why the issue is attracting so much attention.

Is WordPress affected by the log4j exploit?

The short answer is, no. WordPress is a PHP application and as log4j is a Java library for logging, it’s not in use.

The longer answer is that if you’re using a Java application somewhere in either the hosting stack or a custom application that works in conjunction with WordPress, then you might be affected.

Is Apache Web Server affected?

No. log4j is an Apache Software Foundation project but isn’t directly connected to the Apache webserver in any other way. The Apache Software Foundation is a huge collection of community-led open-source projects including; Apache (HTTP server), Casandra, Netbeans, Subversion and many more popular applications.

Where can I learn more about log4j CVE-2021-44228?

Here’s some useful resources/links:

Leave a Comment

Your email address will not be published.