News & Announcements
Northwoods Response to Log4j 2 and Its Impact on Our WordPress and Titan CMS Clients
(December 14, 2021) - Recently, warnings have been issued by several national cybersecurity agencies that a remote code execution flaw in Log4j 2 (CVE-2021-44228), which is a Java library for logging errors in various applications, was at severe risk of being exploited.
You may be wondering if this vulnerability impacts your WordPress or Titan CMS website. Here is what we know right now.
If your WordPress site is hosted by Northwoods and you do not have any of the four plugins noted below installed on your site, your site is not impacted by Log4j 2.
- Java is the primary point of vulnerability for Log4j 2; WordPress core is not built on Java and is therefore not itself at risk.
- However, four WordPress plugins that use Java in their code may be impacted, including:
- Kiwi Social Share
- WordPress Automatic
- Pinterest Automatic
- Publish Press Capabilities
- Northwoods does not use any of these plugins. If you have added these plugins to your website, though, we recommend checking for patches and applying them immediately.
- WP Engine, which is the hosting platform used at Northwoods, is not at risk from Log4j 2. WP Engine states:
“At WP Engine, Log4J is NOT used for any customer-facing or internet-facing systems. As such, you are covered from this vulnerability and can rest assured your website is not impacted.”
- If you self-host or host with a different provider than WP Engine, you should reach out to your point of contact for instructions or next steps to reduce your site’s potential impact.
Our team has determined that Titan CMS is not impacted by Log4j 2.
Based on the information provided by the National Vulnerability Database, which is managed by the National Institute of Standards and Technology, U.S. Department of Commerce, our team has determined that Titan CMS is not impacted by Log4j 2. Titan CMS does not use Java and does not run on Apache, which is the primary point of vulnerability for Log4j 2. Northwoods, which develops and manages Titan CMS, does not run Apache nor Log4j 2 libraries in our Microsoft Azure hosting environments.
However, we are monitoring the situation and will follow Microsoft’s recommendations related to patching any Microsoft system running Apache.
For more information, visit the Titan CMS website.
We continue to monitor Log4j 2 and will share updates if needed. In the meantime, if you have any questions, please don’t hesitate to reach out to us.
# # #
Northwoods was founded in 1997 and specializes in digital strategy, website design and development, software development, and digital marketing and advertising services. Today, we have more than 900 clients around the globe, from non-profit organizations to industrial manufacturers. Through honest guidance, outstanding service, and exceptional expertise, our team is dedicated to ensuring our clients' teams consistently meet and exceed their business goals. For more information, please contact firstname.lastname@example.org.