As many are aware, CloudFlare launched Universal SSL several months ago. We saw lots of customers sign up and start using these new, free SSL certificates. For many customers that didn’t already have an SSL certificate, they were able to use “Flexible SSL”.
If you are a CloudFlare Pro or above customer you enjoy the protection of the CloudFlare WAF. If you use one of the common web platforms, such as WordPress, Drupal, Plone, WHMCS, or Joomla, then it's worth checking if the relevant CloudFlare WAF ruleset is enabled.
As we've said before, lots of our users run WordPress on their websites and its popularity makes it a big target. So when a new vulnerability is discovered, acting quickly is prudent.
At CloudFlare a lot of our customers use WordPress, that's why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for our Web Application Firewall.
The team at the research firm Sucuri announced a serious vulnerability to W3TC and WP Super Cache this afternoon. (Update: it appears the vulnerability was first reported on WordPress.org about a month ago.)