WordPress REST API and the Security Worries

The infrastructure of the WordPress REST API will be included in the core of WordPress version 4.4. The release of WordPress version 4.5 will also include a number of endpoints for the REST API. The addition of this new functionality in WordPress core has raised a few eyebrows. Many are already concerned and as usual, WordPress security is the […]

WordPress Username Disclosure, Vulnerability or Not?

By default it is very easy to guess a WordPress username. Is this WordPress username disclosure a vulnerability or not? Many software vendors such as Microsoft and Cisco had similar issues in the past and they fixed it. Yet in the WordPress ecosystem this is not considered as a vulnerability.

Two-factor Authentication for WordPress

This blog post explains what is two-factor authentication and how it can help you improve the security of your WordPress. It also mentions a few plugins and services that can help you easily implement two-factor authentication on your WordPress websites and blogs.

Why Running Multiple WordPress Firewalls is a Bad Idea

A common question new WordPress users have is which WordPress firewall should they install. Many are told to install multiple WordPress firewalls. Does installing multiple WordPress firewalls really mean better protection? This article explains it all.

Should You Pay for WordPress Security?

Simply because WordPress is very easy to use many think that they can also maintain and secure it. WordPress security is usually under estimated and it takes more than just a plugin to secure it. Read more to see what are the typical pitfalls of why people under estimate WordPress security.

Is Responsible Disclosure of Vulnerabilities Ethical?

There have been a number of cases where even though researchers followed the rules of responsible disclosure when publishing an advisory, millions of WordPress websites were still put at risk of being hacked. This article explains why responsible disclosure is not enough and why everyone should be more ethical about disclosing details about identified vulnerabilities.

Principle of Least Privileges and WordPress Security

Even though the principle of least privileges is very popular in the IT security industry, many WordPress users still do not apply this principle because “things do not work out of the box”. Though by applying it you can improve the security of your WordPress blogs and websites.

All You Need to Know About WordPress Website Firewalls (a.k.a. Web Application Firewalls)

A WordPress website firewall (also known as a Web Application Firewall) helps you protect your WordPress websites and blogs from malicious hacker attacks, though it is not a bullet broof solution. This article explains how they work and discusses their pros and cons.

WordPress Security Bloggers – Central Source for WordPress Security News and Updates

WP Security Bloggers is a WordPress security news central. The website pulls WordPress security news and updates from a number of prominent WordPress security blogs, websites and various other security sources.

Statistics Highlight the Biggest Source of WordPress Vulnerabilities

WordPress vulnerabilities statistics show that the main source of WordPress vulnerabilities are in WordPress plugins. These vulnerabilities statistics also show how important it is to always run the latest version of WordPress core, plugins and themes.

Get Notified Instantly of Changes on Your WordPress

The WSAL Notifications Extension plugin enables WordPress administrators to setup monitoring rules so they are notified instantly via email when important changes happen on their WordPress.

Learn More