A guide to hardening the web server of your WordPress website
Due to their function, web servers are different from many other devices in a typical network environment—they are not only exposed to the internet by design, but they likely serve web traffic to complete strangers. Additionally, in many situations, web servers are likely serving dynamic applications such as WordPress websites or acting as proxies towards […]
How to stay safe online as a new WordPress administrator
As a new WordPress administrator, you undoubtedly have a lot to think about and do. After all, WordPress websites are as fun and exciting as they are demanding. Even so, one thing that many new administrators do not think about enough is safety and security. To be safe online, there are two things we need […]
What is CAPTCHA?
I have a venerable obsession with efficiency and productivity. I want to do and see many things, but time is, and always will be, an issue. Problems often crop up, threatening to derail the order of things through which efficiency and productivity prosper. Hence, I developed systems to deal with these problems as quickly and […]
Why you should use a log management service?
Logs provide the foundational data to support performance, user and technical monitoring on your WordPress sites and the web servers they run. With them you can understand who changed what and when. You can then use this log data to troubleshoot technical and administrative issues, increase user accountability, and improve the security of your WordPress […]
Exposed backup and unreferenced files and how to find them
Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe. From ensuring passwords meet specific criteria to hardening PHP, these processes can go a long way in helping you ensure you run a […]
Hardening PHP for WordPress
WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress. Heads up – Be careful when making changes to your PHP settings. Incorrect settings and […]
WordPress email deliverability and how to improve it
Email is arguably the most common electronic communication medium on Earth. It’s used for everything, from communication to alert notifications, to password reset flows and email-based Two-factor Authentication (2FA). As a website owner sending email from your WordPress site, there are a few issues you’ll likely encounter. If you simply try and install a plugin […]
Can your WordPress website users damage your business?
Can your employees be a threat? Yes, quite possibly, but in the main unwittingly. I wrote recently on the statistics which highlight the biggest source of WordPress vulnerabilities. However, another sizeable constituent part of your infrastructure is equally vulnerable, if not more so, and which we all too often overlook – our users – who […]
WordPress security & hardening, the definitive guide
WordPress is massively popular. Around every one in five sites on the Internet uses WordPress in some form. Be that to run a humble blog, or a multi-site Content Management System (CMS) or e-commerce site. As a result, it is no surprise that WordPress websites are a very popular target for both experienced hackers and […]
Hacking WordPress websites & stealing WordPress passwords
A detailed explanation of how attackers use Man-in-the-Middle (MitM) to hack WordPress websites and login credentials. This article is for educational purposes only. Like any other web application with a login form, WordPress submits your username and password in an HTTP request when logging in. By default, HTTP is not an encrypted protocol. That means […]