WordPress Security Blog

Why You Need CAPTCHA on Your WordPress Website

You’re about to make an online purchase but all of a sudden you’re asked to decode a strangely twisted word, make a simple calculation, or identify which images presented include a bus. What just happened? What is this popup that looks like a cross between a game and a test – but that’s definitely wasting your time?

You were confronted with a CAPTCHA or Completely Automated Public Turing test to tell Computers and Humans Apart. It’s a method used by website owners to identify human visitors and users, then enable logged in users to make purchases, view pages, or create accounts. It also works as a way to block bots and fraudulent users.

Black Friday deals 2022

This Black Friday, we are offering an amazing 50% discount on all new plugin subscriptions. This is the perfect opportunity to shore up your WordPress security and administration (at a hefty discount) as we head into a busy festive season.

Participate in our WordPress administration survey and win

Following the success of our WordPress security survey, we are launching another survey – this time addressing WordPress administration. The purpose of this survey is to get an understanding of how our customers and readers undertake basic WordPress administration tasks.

GDPR and WordPress

GDPR stands for General Data Protection Regulation. It is an extensive EU (European Union) regulation that represents the minimum requirements for anyone handling the data of EU citizens. The regulation has 99 articles, split into 11 chapters. While this might sound intimidating, breaking it down can help us understand its key points and how it affects WordPress websites.

A look at WordPress auto updates statistics in 2022

WordPress auto-updates can be quite a divisive topic. When enabled, auto-updates can ensure that you get the latest updates as soon as they become available. This can help you mitigate certain risks, such as security holes, as fast as possible. Yet, untested updates can break your website – so what’s the deal? Should auto-updates be enabled or disabled? The answer is not so simple.

An analysis of the Cisco 2022 hack

On the 24th of May, 2022, Cisco was made aware by its security teams that there had been a breach. The attacker had managed to gain access, escalate their privileges, install remote access and hacking software, and take steps to maintain access to the systems. They managed to do all of this one step at a time. As we shall see, this should have been easily preventable.

WordPress security survey results 2022

We recently ran a survey to get a better understanding of the state of WordPress security. The survey was open to everyone and included several WordPress security-related questions. This report details our findings.

CISA’s list of bad practices that harm WordPress security

CISA, which stands for Cybersecurity & Infrastructure Security Agency, is a US federal agency operating under the Department of Homeland Security. Established in 2018, it supersedes the NPPD – National Protection and Programs Directorate and is tasked with improving cybersecurity against attacks originating from both private and state-backed hackers.

WordPress Password Protection – A Complete Guide

What are the best methods of WordPress password protection for website administrators? This blog post examines the top password security options, such as strong password policies, password managers, two-factor authentication, educating users, and the use of other, wider safeguards.

Participate in our WordPress security survey and win

We are launching our very first WordPress security survey. The aim of this survey is to understand how WordPress administrators and owners view and manage basic security tasks on their WordPress websites. While we have carried out surveys in the past, this survey is perhaps more ambitious than what we have previously done.

Our other plugins