WordPress Security Blog

Interview with Code Risk – A Free Source Code Analysis Service For WordPress Plugins

Vulnerabilities in WordPress plugins have been the cause of more site hacks than vulnerabilities in WordPress core. One of the reasons why this is happening is lack of resources. Software will always have vulnerabilities, though the WordPress core code is vetted by thousands of people. Also, the foundation has resources allocated to ensure that the […]

How to Vet an Employee Before Granting Admin Access on WordPress

In the grand pantheon of nerve-wracking activities that go into growing a business, handing out admin access to someone else might not seem like a top-tier contender, but it’s actually a very awkward milestone — particularly if you’ve previously run everything yourself. Your WordPress website is your creation, the product of your hard work. Ceding […]

Force Strong Passwords on Users to Improve WordPress Security

It is impossible to ignore security when it comes to managing WordPress sites and blogs. In fact many business site administrators choose a secure WordPress web host for their sites. On top of that, they install a WordPress firewall plugin or service, and keep a log of what is happening one their site with a […]

Malcare WordPress Site Security Service Reviewed

According to statistics published by WPMUDEV in 2017, malicious hackers attack WordPress websites with over 90,978 attacks per minute. Therefore every WordPress site must have some sort of security hardening and service protecting it. Even if it is small and not popular, your WordPress website is always a target. Being a geek, when I started […]

The Guide to WordPress Password Security

Weak passwords are one of the biggest threats that put the security of a WordPress site at risk. As an internet user, or if you guest author on a WordPress site you have definitely been told to use complex passwords, to use a different password for every website or service you are subscribed to, and […]

The Top 5 Activity Log Plugins for WordPress

Managing a WordPress website can be time-consuming and difficult, especially if you have a lot of content and users. Fortunately, you can use a simple but powerful WordPress activity log plugin to keep track of everything that happens on your site. The benefits of using an activity log plugin include: Greater control over your site […]

Announcing the Plugin Password Policy Manager for WordPress

WordPress has come a long way in helping administrators run more secure sites, though weak passwords are still a big issue. That is why we still see so many successful WordPress brute force attacks. Though there is light at the end of the tunnel! We have developed a plugin to help WordPress site owners like you […]

OWASP & WordPress – Improving WordPress Security With OWASP Top 10

WordPress security can be an intimidating subject to those who are new to WordPress, and to having a website. The good news is that compliance and standards such as the OWASP Top 10 list can help businesses get started with WordPress security.   This article explains what is the OWASP Top 10 list and how […]

The different types of WordPress web hosts and their pros & cons

There are many things to consider when looking for a web host for your WordPress website or multisite network. But the first decision you have to make before you look into the specifics is determine the the type of WordPress web host do you need for your website, of which there are four. This post introduces […]

WordPress security issues caused by sharing WordPress login details

A WordPress security best practice that is easy to implement is having a unique WordPress login (username and password) for every person who accesses your website or multisite network. Sharing the same WordPress login details with groups of people can lead to a number of security issues and increases the maintenance of the website, as […]