Category: WordPress Security Tutorials & Tips

A guide to hardening the web server of your WordPress website

Due to their function, web servers are different from many other devices in a typical network environment—they are not only exposed to the internet by design, but they likely serve web traffic to complete strangers. Additionally, in many situations, web servers are likely serving dynamic applications such as WordPress websites or acting as proxies towards […]

Still experiencing spam with CAPTCHA on WordPress? Here’s what to do

CAPTCHA is one of the best tools WordPress administrators and website owners have at their disposal in their fight against spam, such as spam comments and fake user registrations. Just like every other tool, sometimes it needs to be sharpened and serviced. Some TLC goes a long way in helping you keep the CAPTCHA 4WP […]

How to stay safe online as a new WordPress administrator

As a new WordPress administrator, you undoubtedly have a lot to think about and do. After all, WordPress websites are as fun and exciting as they are demanding. Even so, one thing that many new administrators do not think about enough is safety and security. To be safe online, there are two things we need […]

How to access WordPress Files

WordPress files and folders are the heart and soul of WordPress. Here you’ll find everything from the core code of WordPress to plugin and theme files, media, and everything in between. While you might need to access these files on a daily basis, knowing how to access and navigate the file hierarchy can come in […]

Sixteen security tips for WordPress plugins & themes developers

One can never be too careful! A big part of our job as developers is to make sure the sites and plugins, we are building are secure. Businesses need faster solutions with increasingly complex functionality. While this is good progress, building complex projects also demands a proper security setup. WordPress security is one of the […]

Integrating password policies in WooCommerce account forms

Ensuring your team and also customers use strong passwords is one of the most effective tools in keeping your WordPress website, sensitive customer information and WooCommerce store secure. With WooCommerce typically having more public-facing login pages, this becomes orders of magnitude more important to maintain a secure environment. So, how can you be certain that […]

Creating a WP 2FA tab within the WooCommerce My Account dashboard

If you’re running an online business using WooCommerce, ensuring your site’s security is of paramount importance. While security requires a 360-degree approach with continuous monitoring, improving, testing, and hardening, low-hanging fruit such as user 2FA authentication can protect you from security breaches due to weak passwords. Thankfully, our WP 2FA plugin makes this a breeze. […]

Using the WPScan plugin to find vulnerabilities in your WordPress website

Looking after the security of your WordPress website involves a lot of different tasks. One of the tasks is to make sure that the plugins, themes and WordPress version that you are using on your website do not have any known vulnerabilities. Luckily, this task can be automated with WPScan, a free WordPress plugin. The […]

Exposed backup and unreferenced files and how to find them

Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe. From ensuring passwords meet specific criteria to hardening PHP, these processes can go a long way in helping you ensure you run a […]

Hardening PHP for WordPress

WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress. Heads up – Be careful when making changes to your PHP settings. Incorrect settings and […]

Our other plugins