Category: WordPress Security Tutorials & Tips

WordPress file permissions: the guide to configuring secure website & web server permissions

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions. It is crucial to get file permissions right. Setting incorrect file permissions can open your website up for attack. Incorrect file permissions can […]

Secure your WordPress login with these easy-to-use plugins

When it comes to managing your WordPress site, keeping your login secure and working well should be of top priority. Whether you operate an eCommerce store, or a membership site, making sure that your users utilize a strong username and password combination is essential to securing your website against outside threats and hacking attempts. And […]

Why your WordPress e-commerce solution has to be secure (and how to do it)

There’s plenty you need to do to ensure your e-commerce store offers the best possible User Experience (UX). This means keeping WordPress and all other software up-to-date, optimizing your store, and of course, ensuring it’s safe to use and secure. By safe to use, we mean making your best to protecting your customer’s data. Also […]

Using the Google Authenticator app for WordPress 2FA

Whenever you implement a security measure, you should also have some sort of fallback. You do not want to be compromised by the failure of a single component. This is known as defense in depth. When you manage a WordPress website, one of the most important aspects of security is authentication, a.k.a. how you login […]

How to eliminate false positives in file integrity monitoring on WordPress

File integrity monitoring (FIM) allows you to quickly detect file changes on your WordPress site. It is an important part of securing a WordPress site and the way it works is very simple: it compares baseline cryptographic hashes to the current hash of the monitored files. When a change happens, you get an alert. However, […]

Choosing the right HTTPS certificate for your WordPress website

In our previous post WordPress HTTPS, SSL and TLS – a guide for website administrators, we explained what HTTPS and all the other technical terms are, and how it works. In this article, we discuss HTTPS certificates, the different ways you may acquire one for your WordPress website, and why you should or shouldn’t pay […]

WordPress HTTPS, SSL & TLS – A Guide For Website Administrators

When you visit a website, your browser (also known as a client) sends a HTTP request to a web server. Once the web server sends an HTTP response, the browser can then render the page to your screen. However, HTTP traffic has a problem; it is a plaintext protocol. This makes it susceptible to snooping […]

Prevention is the way to go when it comes to WordPress security

A common misconception is that malicious hackers only target websites with large income, or those that store valuable sensitive information. However, WordPress websites generally get a lot of unwanted attention, which is why it’s important to take preventive measures from the get-go. The good news is that (on top of basic measures such as having […]

4 Reasons Password Policies Are Vital for WordPress Users

For every user or account you have you should use a unique and difficult password. That’s a given, but you’d be surprised at how many people don’t give a second though to password security. This means that, in many cases, the safest approach is to not leave password safety up to your users. Instead, you […]

What Is WordPress File Integrity Monitoring & Why Your WordPress Needs It?

Have you ever had to clean your WordPress website from a malware infection? Do you know how to find out which code was compromised? Do you know if your developers or agency left backup and leftover files on your website that can leave you exposed? This post explains how File integrity monitoring (FIM) helps you […]