Articles from Robert Abela

File integrity monitoring (FIM) allows you to quickly detect file changes on your WordPress site. It is an important part of securing a WordPress site and the way it works is very simple: it compares baseline cryptographic hashes to the current hash of the monitored files. When a change happens, you get an alert. However, […]

Keeping your eCommerce store secure is a must. Not only is it an important source of income for your business, but it also contains sensitive customer information, such as billing details and credit card numbers. Strong passwords can prevent many cyber attacks, but you’ll need a way to enforce them without deterring customers. By creating […]

WPScan is a black box WordPress Security Scanner written in Ruby. Ideal for penetration testers, security professionals and WordPress administrators WPScan can find security weaknesses within a WordPress blog or website.

Two-factor authentication (2FA) is an important part of maintaining the security of a WordPress site. However, 2FA alone isn’t enough to harden your WordPress site authentication. Strong passwords are also an important part, even when using two-factor authentication. In this article we review 2FA, explain how hackers are bypassing it in some cases, and provide […]

These last few weeks we have been busy working on our file integrity monitor plugin for WordPress: Website File Changes Monitor. In this update we focused on improving the coverage of the plugin, so it can detect file changes which it didn’t before. Let’s dive in and see what is new in update 1.4. Detect changes […]

Today we are announcing Password Policy Manager 2.0! We are very excited about this release. Finally, WordPress multisite network administrators can also enforce strong password policies. In this update we have also added the new first time login password change policy. In addition to these new features, we have added several other plugin improvements, as […]

A Distributed Denial of Service (DDoS) is a type of Denial of Service (DoS) attack in which the attack comes from multiple hosts as opposed to one, making them very difficult to block. As with any DoS attack, the objective is to make a target unavailable by overloading it in some way. Generally, a DDoS […]

In our previous post WordPress HTTPS, SSL and TLS – a guide for website administrators, we explained what HTTPS and all the other technical terms are, and how it works. In this article, we discuss HTTPS certificates, the different ways you may acquire one for your WordPress website, and why you should or shouldn’t pay […]

When you visit a website, your browser (also known as a client) sends a HTTP request to a web server. Once the web server sends an HTTP response, the browser can then render the page to your screen. However, HTTP traffic has a problem; it is a plaintext protocol. This makes it susceptible to snooping […]

So far we have only interviewed people who understand and work in application and WordPress security. We have always heard the vendors’ voice. However, in this interview we took a different approach. We interviewed Ivica Delic, a WordPress professional about security. The scope of this interview is to better understand how WordPress professionals, to whom […]