WordPress Security Blog

How to clean a hacked WordPress website or blog

Whether your WordPress website has been hacked and you’re currently in damage control, or whether you’re preparing for the worst, this article will guide you through the process of cleaning a hacked WordPress website. The process is documented in an easy to follow step-by-step format to help you accomplish the following: Gain back control of […]

How to choose the best WordPress web hosting provider

You’re searching the web for information on how to choose the best WordPress web hosting service, right? You’re determined that your website host will help search engines prioritize your website above other slower, less reliable and less secure websites. But, how do you decide? This blog post defines the four main types of WordPress web […]

WordPress HTTPS, SSL & TLS – a guide for website administrators

When you visit a website, your browser (also known as a client) sends a HTTP request to a web server. Once the web server sends an HTTP response, the browser can then render the page to your screen. However, HTTP traffic has a problem; it is a plaintext protocol. This makes it susceptible to snooping […]

WordPress security & hardening, the definitive guide

WordPress is massively popular. Around every one in five sites on the Internet uses WordPress in some form. Be that to run a humble blog, or a multi-site Content Management System (CMS) or eCommerce site. As a result, it is no surprise that WordPress websites are a very popular target for both experienced hackers and […]

Password Policy Manager 2.3.4: improved plugin interoperability & bug fixes

Today we are in the third week of 2021, and we are happy to announce the third plugin update of the year: Password Policy Manager 2.3.4. This update features better interoperability with third party plugins, a few minor improvements, and a number of bug fixes. Let’s dive right into the below highlight to see what […]

2020 Year in Review: the best of WP White Security

2020 has been a challenging year for many. However, we have been very lucky and even though it was challenging, we’ve made the best out of it, and we turned it into a big one! So we wanted to take the time and look back at everything that happened at WP White Security. With remote […]

Website File Changes Monitor 1.7.1: improved UX & other minor improvements

Today we are happy to announce the release of Website File Changes Monitor 1.7.1. This is a minor but must-install followup to update 1.7.0. In this update we have improved several aspects of the plugin’s user experience (UX) and also addressed a few issues reported in update 1.7.0. Below is a highlight of what is […]

Hacking WordPress websites & stealing WordPress passwords

A detailed explanation of how attackers use Man-in-the-Middle (MitM) to hack WordPress websites and login credentials. This article is for educational purposes only. Like any other web application with a login form, WordPress submits your username and password in an HTTP request when logging in. By default, HTTP is not an encrypted protocol. That means […]

Admin Notices Manager 1.1: choose which admin notices you see & which not

We can all agree that 2020 was a difficult year. That’s why we are excited to start 2021 with our very first update of the Admin Notices Manager plugin. In this update we added the ability to choose which type of admin notices to show as normal on the WordPress dashboard, in the plugin pop-up, […]

Interview with Ryan Dewhurst, founder of WPScan

Ryan Dewhurst is an ethical hacker and penetration tester who has dedicated many years in helping people in the WordPress community improve the security posture of their websites and protect them from malicious attackers. Ryan is the founder of WPScan, a free, black box WordPress security scanner written for security professionals and blog maintainers to […]

Our other plugins