WordPress, the most popular CMS, runs on MySQL, the most popular database out there. Spending some time to ensure your MySQL installation and WordPress database configuration installation is adequately hardened against common attack vectors can help you reduce risks. This is especially true if you are managing your MySQL server yourself.

If you own an eCommerce store, you’ve probably heard of GDPR. However, you may not be fully conversant with GDPR law and have a lot of questions in your mind. Our goal with this article is to address all your GDPR concerns for your WooCommerce website and help you ensure GDPR compliance for your business.

A security breach can be expensive. Many studies and statistics put the average of a security breach in the millions of dollars. This figure, however, does not mean much without context. Indeed, it can be complicated to derive an average cost for a security breach.

Due to their function, web servers are different from many other devices in a typical network environment—they are not only exposed to the internet by design, but they likely serve web traffic to complete strangers.

In this article, we will be going on a CAPTCHA exploration journey, starting at its inception, all the way through the various iterations it went through to become what it is today. We will also be looking at how WordPress websites can leverage what CAPTCHA has to offer to increase WordPress security, reliability, and reputation.

Logs provide the foundational data to support performance, user and technical monitoring on your WordPress sites and the web servers they run. With them you can understand who changed what and when.

Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe.

WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress.

Email is arguably the most common electronic communication medium on Earth. It’s used for everything, from communication to alert notifications, to password reset flows and email-based Two-factor Authentication (2FA).

WordPress is massively popular. Around every one in five sites on the Internet uses WordPress in some form. Be that to run a humble blog, or a multi-site Content Management System (CMS) or e-commerce site. As a result, it is no surprise that WordPress websites are a very popular target for both experienced hackers and script-kiddies alike.

Like any other web application with a login form, WordPress submits your username and password in an HTTP request when logging in. By default, HTTP is not an encrypted protocol. That means that unless your WordPress website is using HTTPS, the communication between you and the web server is susceptible to eavesdropping.

Every time you log into the WordPress dashboard, you are probably greeted with a few message at the top of your screen. These messages are called WordPress admin notices. Contrary to what many WordPress users might think – that they’re an annoyance without an ‘off’ switch – they can be incredibly useful. At least, that is if you know how to manage them effectively.

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions.

WordPress powers a lot of websites on the Internet. So it’s no surprise that seasoned attackers and “script-kiddies” like to target WordPress websites. Whether you’re a webmaster, or a security professional, when tasked with assessing the security posture of a WordPress website, it tends to help to be aware of common security pitfalls attackers typically take advantage of.

This WordPress tutorials explains how you can configure the WordPress automatic update to ensure that your websites and blogs always run on the latest, most stable and secure WordPress version. It also explains how to enable automatic updating of WordPress plugins and theme.

Hacking is the process of finding flaws in a system, and exploiting them to bypass security controls. ‘Ethical’ hackers use this process to learn about a system and find its weaknesses. However, malicious or ‘black hat’ hacking is also common. It is often used to break into websites.

Plugins are a great aspect of using WordPress. However, at some point, you’ll need to uninstall or deactivate a plugin for one reason or another. This might present a problem, in that, the default method for deactivating WordPress plugins might not be always available.

For every user or account you have you should use a unique and difficult password. That’s a given, but you’d be surprised at how many people don’t give a second though to password security.

As an owner  or contributor to a few WordPress sites you are subscribed to an overwhelming number of online services and websites. And even though you agree with the above statement, it is very difficult for you to follow this security best practice, even though you enforce strong WordPress password policies on your sites.

WordPress security is a continuous process of hardening > Monitoring > Testing > Improving. So automation is a must, and that is why you need to use multiple tools, such as a WordPress activity log plugin and an online WordPress security service such as Sucuri.

It is impossible to ignore security when it comes to managing WordPress sites and blogs. In fact many business site administrators choose a secure WordPress web host for their sites. On top of that, they install a WordPress firewall plugin or service, and keep a log of what is happening one their site with a comprehensive WordPress activity log plugin.