Hacker News: Thousands of websites still vulnerable to Heartbleed

It takes roughly three steps to remediate the Heartbleed bug.
 

1. Patching: Update your software to the latest versions of OpenSSL; thankfully almost all organization have accomplished this step.
2. Creation of New Private Keys: Creating new private keys will prevent an attacker, who already exploited the flaw before patching, from being able to spy on your encrypted.
3. Reissuance of Security Certificates: This step will eliminate the ability of any attacker to spoof organizations and fool or phish their customers.

http://thehackernews.com/2017/01/heartbleed-openssl-vulnerability.html