WordPress Security Blog

WordPress Two-Factor Authentication (2FA): what is it & using it on your site

The security of your WordPress website depends on the systems you put in place to protect it and harden its security. With the sharp increase of automated password guessing, your users’ sensitive information and access to your site are more at risk than ever. This is why it’s so important to protect your WordPress site […]

WP 2FA 1.2: Multisite networks support, configurable email notifications templates & other updates

Today we are excited to release WP 2FA update 1.2. In just a month, our easy-to-use two-factor authentication (2FA) plugin has been downloaded more than 1,000 times. It received very good reception, and many of you sent us feedback. Thank you for that. The highlights of this update are support for WordPress multisite network, configurable […]

How to make your WordPress website CCPA compliant

After the introduction of GDPR back in 2018, there’s now another law that’s set to further effect WordPress webmasters in their bid to remain compliant with local data privacy regulations. Its name? The California Consumer Protection Act (or CCPA for short). This new piece of legislation is designed to provide Californians with enhanced protection with regard to […]

PPMWP 2.2: Out of the box support for custom login pages & other updates

Today we are releasing Password Policy Manager 2.2. The highlights of this update are the out of the box support for custom login pages and the plugin translations. We have also included a number of updates and fixed a number of issues in this update. These release notes highlight what is new, improved and fixed […]

WFCM 1.5: Hourly file integrity scans & other plugin improvements

In this update of the Website File Changes Monitor plugin we focused on further improving the file scanning technology. The results speak for themselves; faster scans that requires less resources. Here, you can read in more details what is new and improved in update 1.5 of our file integrity monitor WordPress plugin. Hourly file integrity […]

Say hello to WP 2FA – a new free WordPress two-factor authentication plugin

An administrator should be able to add two-factor authentication (2FA) to a WordPress site easily within minutes. The admin should also be able to configure policies to make 2FA compulsory, and users should be able setup 2FA without requiring any training or technical knowledge. We started developing WP 2FA with that in mind: develop an […]

What are the 2FA backup codes?

When you use two-factor authentication (2FA) on your WordPress website, you need the username, password, and a one-time code to login. The one-time code can be generated by an app, sent to you over email, or generated by a third party specialized device. However, how can you still login if you not have access to […]

Penetration testing for WordPress websites

WordPress powers a lot of websites on the Internet. So it’s no surprise that seasoned attackers and “script-kiddies” like to target WordPress websites. Whether you’re a webmaster, or a security professional, when tasked with assessing the security posture of a WordPress website, it tends to help to be aware of common security pitfalls attackers typically […]

Should maintained plugins be suspended from the WordPress repository when there is a security issue?

On 27th February 2020, at 9:34PM (CET) we received an email notifying us that our plugin WP Activity Log was “temporarily withdrawn from the WordPress.org Plugin directory due to an exploit”. We submitted a fix on Friday, 28th February 2020, at 4:08PM. It only took us 16.5 hours to release the fix. We would have […]

PPMWP 2.1: the new dormant users policy & support for post login redirects

Password Policy Manager for WordPress 2.1 is out today! In this plugin update we added a new policy to disable dormant users, support for post login redirect plugins, and several other improvements. This post highlights all that is new and improved in the latest version of Password Policy Manager for WordPress. The dormant WordPress users […]