WordPress Security Blog

Using the WPScan plugin to find vulnerabilities in your WordPress website

Looking after the security of your WordPress website involves a lot of different tasks. One of the tasks is to make sure that the plugins, themes and WordPress version that you are using on your website do not have any known vulnerabilities. Luckily, this task can be automated with WPScan, a free WordPress plugin. The […]

WP White Security acquires Advanced noCaptcha & invisible Captcha (v2 & v3)

We are happy to announce our first plugin acquisition as we pursue our mission to build value-driven WordPress security and admin plugins. This new acquisition will undoubtedly help us deliver more value to our customers. The Advanced noCaptcha & invisible Captcha plugin complements our existing portfolio, which offers a robust set of WordPress plugins designed […]

Password Policy Manager for WordPress Update 2.4.1 – Weekly summary email & other improvements

We are happy to announce update 2.4.1 of the Password Policy Manager for WordPress plugin. This update includes several new features and housekeeping updates designed to improve the plugin’s functionality, usability, and performance. Let’s dive right in to see what is new and improved in this update of our password security plugin for WordPress. What’s […]

Why you should use a log management service?

Logs provide the foundational data to support performance, user and technical monitoring on your WordPress sites and the web servers they run. With them you can understand who changed what and when. You can then use this log data to troubleshoot technical and administrative issues, increase user accountability, and improve the security of your WordPress […]

Exposed backup and unreferenced files and how to find them

Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe. From ensuring passwords meet specific criteria to hardening PHP, these processes can go a long way in helping you ensure you run a […]

What are log management services?

Logs are an essential part of good systems governance and management, providing administrators with a detailed view into the innermost workings of the very systems they manage. For the most part, logs are not something that is used every day, and as such, they do not always get the recognition they deserve. Even so, when […]

Admin Notices Manager 1.2: Better visibility of the notices & more new features

We are happy to announce the release of update 1.2.0 for Admin Notices Manager. This update sees the introduction of a number of new features, improvements to existing functionality, and a bug fix, designed to improve the management of admin notices. Now let’s dive right in and see all the new features and improvements in […]

Applying the principle of least privilege for improved WordPress security

Even though the principle of least privileges is very popular in the IT security industry, many WordPress users still do not apply this principle because “things do not work out of the box”. Though by applying it you can improve the security of your WordPress blogs and websites.

WordPress PCI compliance for e-commerce & business sites

If you have an e-commerce or business WordPress site, most probably you’ve already heard of PCI DSS and PCI compliance. As an online merchant / seller your WordPress website has to be compliant to the PCI DSS regulations, otherwise you risk being fined. Even if you use a third party payment gateway such as PayPal […]

WP 2FA 1.7: Refactored plugin for better performance, design, and reliability

Today we are happy to announce update 1.7.0 of the WP 2FA plugin. It has already been one year and three months since we launched the plugin, and since then, we’ve learned a lot about how the plugin is used and how it should work to best serve our users’ needs. In this update, we […]

Our other plugins