WP Engine late Wednesday sent its customers an urgent security notification regarding an “exposure involving some of our customers’ credentials.” The company urged its customers to immediately update the passwords associated with their WP Engine accounts.
According to the security notice, there is no evidence to suggest that this information has been used inappropriately.
“Out of an abundance of caution, we are proactively taking security measures across our entire customer base.
We have begun an investigation, however there is immediate action we are taking. Additionally, there is action that requires your immediate attention.”
WP Engine said its customers should update the following passwords associated with their accounts:
- WP Engine User Portal
- Original WP-Admin Account
- Password Protected Installs and Transferable Installs
WP Engine said it has automatically reset passwords associated with the WordPress database. The notice stated that they are currently conducting a thorough investigation.
“We share your frustration that we cannot provide answers to many of your questions. However, because this is an active, on-going investigation, including federal law enforcement, we are limited in what we can share at this time.”
Up-to-date information will continue to be posted to WP Engine’s security update page.