Articles from Robert Abela

About Robert Abela

Robert Abela is the CEO and founder of WP White Security, the developers of the most comprehensive WordPress activity log plugin WP Security Audit Log, and the Password Policy Manager for WordPress plugin.

Using WPScan to find WordPress vulnerabilities on your website

WPScan is a black box WordPress Security Scanner written in Ruby. Ideal for penetration testers, security professionals and WordPress administrators WPScan can find security weaknesses within a WordPress blog or website.

Why you need both Two-factor Authentication & strong passwords on WordPress sites

Two-factor authentication (2FA) is an important part of maintaining the security of a WordPress site. However, 2FA alone isn’t enough to harden your WordPress site authentication. Strong passwords are also an important part, even when using two-factor authentication. In this article we review 2FA, explain how hackers are bypassing it in some cases, and provide […]

WFCM 1.4 – Improved file changes coverage for WordPress websites

These last few weeks we have been busy working on our file integrity monitor plugin for WordPress: Website File Changes Monitor. In this update we focused on improving the coverage of the plugin, so it can detect file changes which it didn’t before. Let’s dive in and see what is new in update 1.4. Detect changes […]

Password Policy Manager 2.0 – Multisite networks support & first time login password change

Today we are announcing Password Policy Manager 2.0! We are very excited about this release. Finally, WordPress multisite network administrators can also enforce strong password policies. In this update we have also added the new first time login password change policy. In addition to these new features, we have added several other plugin improvements, as […]

Understanding DDoS attacks: a guide for WordPress administrators

A Distributed Denial of Service (DDoS) is a type of Denial of Service (DoS) attack in which the attack comes from multiple hosts as opposed to one, making them very difficult to block. As with any DoS attack, the objective is to make a target unavailable by overloading it in some way. Generally, a DDoS […]

Choosing the right HTTPS certificate for your WordPress website

In our previous post WordPress HTTPS, SSL and TLS – a guide for website administrators, we explained what HTTPS and all the other technical terms are, and how it works. In this article, we discuss HTTPS certificates, the different ways you may acquire one for your WordPress website, and why you should or shouldn’t pay […]

WordPress HTTPS, SSL & TLS – A Guide For Website Administrators

When you visit a website, your browser (also known as a client) sends a HTTP request to a web server. Once the web server sends an HTTP response, the browser can then render the page to your screen. However, HTTP traffic has a problem; it is a plaintext protocol. This makes it susceptible to snooping […]

Interview with Ivica Delic on WordPress professionals & security

So far we have only interviewed people who understand and work in application and WordPress security. We have always heard the vendors’ voice. However, in this interview we took a different approach. We interviewed Ivica Delic, a WordPress professional about security. The scope of this interview is to better understand how WordPress professionals, to whom […]

Website File Changes Monitor 1.3 – UX improvements

Since this is only the third update of the Website File Changes Monitor plugin, we are still finding new ways how to improve the user experience (UX). Thankfully, we get a lot of valuable feedback from the plugin users on how we can make the plugin easier to use and better. Let’s jump right in […]

What is regulatory compliance & how does it affect WordPress security?

In order to do business, your WordPress website and business have to adhere to rules and regulations. These rules and regulations may take the form of laws (such as GDPR or HIPAA). They may also be compliance requirements, such as PCI DSS or ISO 27001, and may vary from one country to the other. What […]