WordPress Security Blog

PPMWP 2.1: the new dormant users policy & support for post login redirects

Password Policy Manager for WordPress 2.1 is out today! In this plugin update we added a new policy to disable dormant users, support for post login redirect plugins, and several other improvements. This post highlights all that is new and improved in the latest version of Password Policy Manager for WordPress. The dormant WordPress users […]

Why your WordPress e-commerce solution has to be secure (and how to do it)

There’s plenty you need to do to ensure your e-commerce store offers the best possible User Experience (UX). This means keeping WordPress and all other software up-to-date, optimizing your store, and of course, ensuring it’s safe to use and secure. By safe to use, we mean making your best to protecting your customer’s data. Also […]

Using the Google Authenticator app for WordPress 2FA

Whenever you implement a security measure, you should also have some sort of fallback. You do not want to be compromised by the failure of a single component. This is known as defense in depth. When you manage a WordPress website, one of the most important aspects of security is authentication, a.k.a. how you login […]

How to eliminate false positives in file integrity monitoring on WordPress

File integrity monitoring (FIM) allows you to quickly detect file changes on your WordPress site. It is an important part of securing a WordPress site and the way it works is very simple: it compares baseline cryptographic hashes to the current hash of the monitored files. When a change happens, you get an alert. However, […]

Configuring WordPress automatic updates

This WordPress tutorials explains how you can configure the WordPress automatic update to ensure that your websites and blogs always run on the latest, most stable and secure WordPress version. It also explains how to enable automatic updating of WordPress plugins and theme.

Strong WooCommerce passwords – enforcing policies without deterring customers

Keeping your eCommerce store secure is a must. Not only is it an important source of income for your business, but it also contains sensitive customer information, such as billing details and credit card numbers. Strong passwords can prevent many cyber attacks, but you’ll need a way to enforce them without deterring customers. By creating […]

Using WPScan to find WordPress vulnerabilities on your website

WPScan is a black box WordPress Security Scanner written in Ruby. Ideal for penetration testers, security professionals and WordPress administrators WPScan can find security weaknesses within a WordPress blog or website.

Why you need both Two-factor Authentication & strong passwords on WordPress sites

Two-factor authentication (2FA) is an important part of maintaining the security of a WordPress site. However, 2FA alone isn’t enough to harden your WordPress site authentication. Strong passwords are also an important part, even when using two-factor authentication. In this article we review 2FA, explain how hackers are bypassing it in some cases, and provide […]

WFCM 1.4 – Improved file changes coverage for WordPress websites

These last few weeks we have been busy working on our file integrity monitor plugin for WordPress: Website File Changes Monitor. In this update we focused on improving the coverage of the plugin, so it can detect file changes which it didn’t before. Let’s dive in and see what is new in update 1.4. Detect changes […]

Password Policy Manager 2.0 – Multisite networks support & first time login password change

Today we are announcing Password Policy Manager 2.0! We are very excited about this release. Finally, WordPress multisite network administrators can also enforce strong password policies. In this update we have also added the new first time login password change policy. In addition to these new features, we have added several other plugin improvements, as […]