WordPress Security Blog

2020 Year in Review: the best of WP White Security

2020 has been a challenging year for many. However, we have been very lucky and even though it was challenging, we’ve made the best out of it, and we turned it into a big one! So we wanted to take the time and look back at everything that happened at WP White Security. With remote […]

Website File Changes Monitor 1.7.1: improved UX & other minor improvements

Today we are happy to announce the release of Website File Changes Monitor 1.7.1. This is a minor but must-install followup to update 1.7.0. In this update we have improved several aspects of the plugin’s user experience (UX) and also addressed a few issues reported in update 1.7.0. Below is a highlight of what is […]

Hacking WordPress websites & stealing WordPress passwords

A detailed explanation of how attackers use Man-in-the-Middle (MitM) to hack WordPress websites and login credentials. This article is for educational purposes only. Like any other web application with a login form, WordPress submits your username and password in an HTTP request when logging in. By default, HTTP is not an encrypted protocol. That means […]

Admin Notices Manager 1.1: choose which admin notices you see & which not

We can all agree that 2020 was a difficult year. That’s why we are excited to start 2021 with our very first update of the Admin Notices Manager plugin. In this update we added the ability to choose which type of admin notices to show as normal on the WordPress dashboard, in the plugin pop-up, […]

Interview with Ryan Dewhurst, founder of WPScan

Ryan Dewhurst is an ethical hacker and penetration tester who has dedicated many years in helping people in the WordPress community improve the security posture of their websites and protect them from malicious attackers. Ryan is the founder of WPScan, a free, black box WordPress security scanner written for security professionals and blog maintainers to […]

How to safely add custom code to WordPress websites

Users are often looking for ways to tweak their websites, plugins and themes, or to add some modifications to an existing functionality. In most of these cases, you can do so by adding custom code to your WordPress website. There is nothing wrong with adding custom code to your website. However, there are a few […]

WFCM 1.7.0: new file integrity checks & detailed email notifications

2020 has been a very difficult year for everyone. So there is nothing better than ending the year on a high; before we leave for the holidays and enjoy some downtime, we are excited to announce the last release of this year; Website File Changes Monitor 1.7.0. In this update we added a new feature […]

How to choose the best WordPress plugins for your website

WordPress plugins are awesome and if you want your site to have a specific function, or add additional functionality, the chances are there is a plugin out there for it. If you’d like to learn more about what WordPress plugins are, refer to our WordPress plugins introduction. On the WordPress’s repository there are over 57,000 […]

What are WordPress plugins?

If you are new to WordPress, you might be wondering what are WordPress plugins and what’s their purpose. It’s a reasonably common question to ask because plugins are an important part of the WordPress ecosystem. They are essential if you want to build a website with WordPress. In this article, we explain what WordPress plugins […]

WP 2FA 1.5: Fully responsive wizard & performance updates

Today we are excited to announce update 1.5 of the WP 2FA plugin. The highlight of this update is the new fully responsive 2FA wizard and a much improved and efficient code. In this update we have also improved a lot of under the hood things. Let’s dive right in for a highlight of what’s […]

Our other plugins