Who’s Patched Heartbleed & Who Hasn’t

Internet security company Securi has conducted a study of thousands of sites to see who has patched their vulnerabilities to Heartbleed and who hasn’t.

By checking the Alexa ranking of websites, Securi found that pretty much all major websites had, by now, patched their sites but there are still plenty of sites within the top 100,000 that hadn’t acted yet.

Top 1,000 sites: 0 sites vulnerable (all of them patched)
Top 10,000 sites: 53 sites vulnerable (only 0.53% vulnerable)
Top 100,000 sites: 1595 sites vulnerable (1.5% still vulnerable)
Top 1,000,000 sites: 20320 sites vulnerable (2% still vulnerable)

“We were glad to see that the top 1,000 sites in the world were all properly patched, and that just 0.53% of the top 10k still had issues,” Securi said. “However, as we went to less popular (and smaller) sites, the number of unpatched servers grew to 2%. That is not surprising, but we expected better.”

If you run a small site, make sure you address any issues you may have and you can use this site checker to see if your site has been affected by Heartbleed.