Hardening MySQL for your WordPress site
WordPress, the most popular CMS, runs on MySQL, the most popular database out there. Spending some time to ensure your MySQL installation and WordPress database configuration installation is adequately hardened against common attack vectors can help you reduce risks. This is especially true if you are managing your MySQL server yourself.
Achieve GDPR Compliance for WooCommerce in 5 Steps
If you own an eCommerce store, you’ve probably heard of GDPR. However, you may not be fully conversant with GDPR law and have a lot of questions in your mind. Our goal with this article is to address all your GDPR concerns for your WooCommerce website and help you ensure GDPR compliance for your business.
The cost of a WordPress website security breach
A security breach can be expensive. Many studies and statistics put the average of a security breach in the millions of dollars. This figure, however, does not mean much without context. Indeed, it can be complicated to derive an average cost for a security breach.
A guide to hardening the web server of your WordPress website
Due to their function, web servers are different from many other devices in a typical network environment—they are not only exposed to the internet by design, but they likely serve web traffic to complete strangers.
What is CAPTCHA?
In this article, we will be going on a CAPTCHA exploration journey, starting at its inception, all the way through the various iterations it went through to become what it is today. We will also be looking at how WordPress websites can leverage what CAPTCHA has to offer to increase WordPress security, reliability, and reputation.
Why you should use a log management service?
Logs provide the foundational data to support performance, user and technical monitoring on your WordPress sites and the web servers they run. With them you can understand who changed what and when.
Exposed backup and unreferenced files and how to find them
Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe.
Hardening PHP for WordPress
WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress.
WordPress email deliverability and how to improve it
Email is arguably the most common electronic communication medium on Earth. It’s used for everything, from communication to alert notifications, to password reset flows and email-based Two-factor Authentication (2FA).
WordPress security & hardening, the definitive guide
WordPress is massively popular. Around every one in five sites on the Internet uses WordPress in some form. Be that to run a humble blog, or a multi-site Content Management System (CMS) or e-commerce site. As a result, it is no surprise that WordPress websites are a very popular target for both experienced hackers and script-kiddies alike.
Hacking WordPress websites & stealing WordPress passwords
Like any other web application with a login form, WordPress submits your username and password in an HTTP request when logging in. By default, HTTP is not an encrypted protocol. That means that unless your WordPress website is using HTTPS, the communication between you and the web server is susceptible to eavesdropping.
Why WordPress admin notices matter (and how to manage them effectively)
Every time you log into the WordPress dashboard, you are probably greeted with a few message at the top of your screen. These messages are called WordPress admin notices. Contrary to what many WordPress users might think – that they’re an annoyance without an ‘off’ switch – they can be incredibly useful. At least, that is if you know how to manage them effectively.
WordPress file permissions: the guide to configuring secure website & web server permissions
WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions.
Penetration testing for WordPress websites
WordPress powers a lot of websites on the Internet. So it’s no surprise that seasoned attackers and “script-kiddies” like to target WordPress websites. Whether you’re a webmaster, or a security professional, when tasked with assessing the security posture of a WordPress website, it tends to help to be aware of common security pitfalls attackers typically take advantage of.
Configuring WordPress automatic updates
This WordPress tutorials explains how you can configure the WordPress automatic update to ensure that your websites and blogs always run on the latest, most stable and secure WordPress version. It also explains how to enable automatic updating of WordPress plugins and theme.
Top reasons why WordPress websites get hacked (and how you can stop it)
Hacking is the process of finding flaws in a system, and exploiting them to bypass security controls. ‘Ethical’ hackers use this process to learn about a system and find its weaknesses. However, malicious or ‘black hat’ hacking is also common. It is often used to break into websites.
How to manually deactivate WordPress plugins
Plugins are a great aspect of using WordPress. However, at some point, you’ll need to uninstall or deactivate a plugin for one reason or another. This might present a problem, in that, the default method for deactivating WordPress plugins might not be always available.
4 reasons password policies are vital for WordPress users
For every user or account you have you should use a unique and difficult password. That’s a given, but you’d be surprised at how many people don’t give a second though to password security.
Passwords management best practices for WordPress administrators
As an owner or contributor to a few WordPress sites you are subscribed to an overwhelming number of online services and websites. And even though you agree with the above statement, it is very difficult for you to follow this security best practice, even though you enforce strong WordPress password policies on your sites.
Automated WordPress Security & Protection with Sucuri
WordPress security is a continuous process of hardening > Monitoring > Testing > Improving. So automation is a must, and that is why you need to use multiple tools, such as a WordPress activity log plugin and an online WordPress security service such as Sucuri.
Enforcing strong WordPress passwords security
It is impossible to ignore security when it comes to managing WordPress sites and blogs. In fact many business site administrators choose a secure WordPress web host for their sites. On top of that, they install a WordPress firewall plugin or service, and keep a log of what is happening one their site with a comprehensive WordPress activity log plugin.