Articles from Mark Grima

About Mark Grima

Mark likes to experiment with WordPress and building, or breaking websites with it. Since he is experimenting with WordPress and likes to write he is documenting things that he has learnt, the plugins he uses etc. When not dealing with WordPress sites you'll find Mark in some of the town's best cafes with his friends.

Why you should use a log management service?

Logs provide the foundational data to support performance, user and technical monitoring on your WordPress sites and the web servers they run. With them you can understand who changed what and when. You can then use this log data to troubleshoot technical and administrative issues, increase user accountability, and improve the security of your WordPress […]

Exposed backup and unreferenced files and how to find them

Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe. From ensuring passwords meet specific criteria to hardening PHP, these processes can go a long way in helping you ensure you run a […]

Hardening PHP for WordPress

WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress. Heads up – Be careful when making changes to your PHP settings. Incorrect settings and […]

WordPress email deliverability and how to improve it

Email is arguably the most common electronic communication medium on Earth. It’s used for everything, from communication to alert notifications, to password reset flows and email-based Two-factor Authentication (2FA). As a website owner sending email from your WordPress site, there are a few issues you’ll likely encounter. If you simply try and install a plugin […]

Can your WordPress website users damage your business?

Can your employees be a threat? Yes, quite possibly, but in the main unwittingly. I wrote recently on the statistics which highlight the biggest source of WordPress vulnerabilities. However, another sizeable constituent part of your infrastructure is equally vulnerable, if not more so, and which we all too often overlook – our users – who […]

WordPress security & hardening, the definitive guide

WordPress is massively popular. Around every one in five sites on the Internet uses WordPress in some form. Be that to run a humble blog, or a multi-site Content Management System (CMS) or e-commerce site. As a result, it is no surprise that WordPress websites are a very popular target for both experienced hackers and […]

Hacking WordPress websites & stealing WordPress passwords

A detailed explanation of how attackers use Man-in-the-Middle (MitM) to hack WordPress websites and login credentials. This article is for educational purposes only. Like any other web application with a login form, WordPress submits your username and password in an HTTP request when logging in. By default, HTTP is not an encrypted protocol. That means […]

Why WordPress admin notices matter (and how to manage them effectively)

Every time you log into the WordPress dashboard, you are probably greeted with a few message at the top of your screen. These messages are called WordPress admin notices. Contrary to what many WordPress users might think – that they’re an annoyance without an ‘off’ switch – they can be incredibly useful. At least, that […]

WordPress file permissions: the guide to configuring secure website & web server permissions

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions. It is crucial to get file permissions right. Setting incorrect file permissions can open your website up for attack. Incorrect file permissions can […]

The WordPress security process; Test, Harden, Monitor, Improve

WordPress security is not unlike many other areas of IT security. It’s not a one time fix. It is something that is never actually finished. Whilst there are several steps you can take to improve your WordPress security, your site and business requirements will change. So adopting a point-in-time security assessment will only give you […]

Our other plugins