WordPress PCI compliance for e-commerce & business sites
If you have an e-commerce or business WordPress site, most probably you’ve already heard of PCI DSS and PCI compliance. As an online merchant / seller your WordPress website has to be compliant to the PCI DSS regulations, otherwise you risk being fined. Even if you use a third party payment gateway such as PayPal […]
Handling WordPress failed login attempts on your site
This article explains why many WordPress websites have a lot of failed login attempts. It also explains what you can do to protect your WordPress website from failed login attacks.
How to clean a hacked WordPress website or blog
Whether your WordPress website has been hacked and you’re currently in damage control, or whether you’re preparing for the worst, this article will guide you through the process of cleaning a hacked WordPress website. The process is documented in an easy to follow step-by-step format to help you accomplish the following: Gain back control of […]
WordPress HTTPS, SSL & TLS – a guide for website administrators
When you visit a website, your browser (also known as a client) sends a HTTP request to a web server. Once the web server sends an HTTP response, the browser can then render the page to your screen. However, HTTP traffic has a problem; it is a plaintext protocol. This makes it susceptible to snooping […]
Password Policy Manager 2.3.4: improved plugin interoperability & bug fixes
Today we are in the third week of 2021, and we are happy to announce the third plugin update of the year: Password Policy Manager 2.3.4. This update features better interoperability with third party plugins, a few minor improvements, and a number of bug fixes. Let’s dive right into the below highlight to see what […]
Website File Changes Monitor 1.7.1: improved UX & other minor improvements
Today we are happy to announce the release of Website File Changes Monitor 1.7.1. This is a minor but must-install followup to update 1.7.0. In this update we have improved several aspects of the plugin’s user experience (UX) and also addressed a few issues reported in update 1.7.0. Below is a highlight of what is […]
Interview with Ryan Dewhurst, founder of WPScan
Ryan Dewhurst is an ethical hacker and penetration tester who has dedicated many years in helping people in the WordPress community improve the security posture of their websites and protect them from malicious attackers. Ryan is the founder of WPScan, a free, black box WordPress security scanner written for security professionals and blog maintainers to […]
Statistics highlight the biggest source of WordPress vulnerabilities
WordPress vulnerabilities statistics show that the main source of WordPress vulnerabilities are in WordPress plugins. These vulnerabilities statistics also show how important it is to always run the latest version of WordPress core, plugins and themes.
How to use WordPress user roles for improved WordPress security
Learn more about WordPress user roles and what capabilities users have when assigned to a specific WordPress user role. With WordPress user roles, the WordPress owner can have control of what the users can and cannot do on the WordPress installation.
PPMWP 2.3.1: improved support for third party plugins
Today we are excited to announce update 2.3.1 of the Password Policy Manager plugin. The highlight of this update is improved support for other third party plugins, such as login redirects, e-Commerce and membership type plugins. Even though this update is a maintenance release, it still packs a punch. Let’s dive right in to see […]