WordPress Security Blog

How to Use WordPress User Roles for Improved WordPress Security

Learn more about WordPress user roles and what capabilities users have when assigned to a specific WordPress user role. With WordPress user roles, the WordPress owner can have control of what the users can and cannot do on the WordPress installation.

Why a strong password policy is so important for your WordPress website

If you’ve been managing a WordPress site for a while, you may be wondering why a strong password policy is so important. Surely, users are aware that they need to use strong passwords? Unfortunately, many users knowingly use weak passwords, putting your WordPress site at risk. There are differing reasons why this continues to occur. […]

PPMWP 2.3.1: improved support for third party plugins

Today we are excited to announce update 2.3.1 of the Password Policy Manager plugin. The highlight of this update is improved support for other third party plugins, such as login redirects, e-Commerce and membership type plugins. Even though this update is a maintenance release, it still packs a punch. Let’s dive right in to see […]

WP 2FA 1.4.2: Improved 2FA policies & multisite network support

WP 2FA 1.4.2 comes with a good number of improvements. This update will benefit mostly those who want to setup two-factor authentication on a multisite network, or have multiple word user roles, such as shop manager in WooCommerce. However, there is much more to this update than just that. Let’s dive right in to see […]

The ultimate guide to WordPress user management

There’s nothing more complicated for webmasters than to manage their website users. If your website or eCommerce solution users aren’t managed correctly, they can inflict site-breaking damage and loosen up tight security protocols. While WordPress user management is vitally important, you also have to be able to run your business. You do not want to […]

WP 2FA 1.4: Support for Authy, FreeOTP, and other 2FA apps

Many have chosen to use our WP 2FA plugin because you do not have to be a developer or a security ninja to enable and require 2FA on your website. Our two-factor authentication plugin is dead easy to use. Today, we are taking it a step further; we are releasing an update in which we […]

PPMWP 2.3: Inactive users check, policies & performance updates

Today we are announcing Password Policy Manager update 2.3.0. This is an exciting release featuring the all new inactive WordPress users check. In it we also included a good number of other password policies improvements and performance updates. Let’s dive right in to see what is new and improved in this latest update of our […]

WordPress file permissions: the guide to configuring secure website & web server permissions

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions. It is crucial to get file permissions right. Setting incorrect file permissions can open your website up for attack. Incorrect file permissions can […]

WFCM 1.6: full integration with WP Activity Log

Today we are announcing two releases; Website File Changes Monitor 1.6 and  WP Activity Log 4.1.2. They are being released together because we have integrated the plugins. Let’s dive right in and see what this integration is all about, and what are the benefits to both plugins’ users. Superior file integrity monitoring scans and better […]

The WordPress security process; Test, Harden, Monitor, Improve

WordPress security is not unlike many other areas of IT security. It’s not a one time fix. It is something that is never actually finished. Whilst there are several steps you can take to improve your WordPress security, your site and business requirements will change. So adopting a point-in-time security assessment will only give you […]