Category: WordPress Security Tutorials & Tips

CISA’s list of bad practices that harm WordPress security

CISA, which stands for Cybersecurity & Infrastructure Security Agency, is a US federal agency operating under the Department of Homeland Security. Established in 2018, it supersedes the NPPD – National Protection and Programs Directorate and is tasked with improving cybersecurity against attacks originating from both private and state-backed hackers.

The cost of a WordPress website security breach

A security breach can be expensive. Many studies and statistics put the average of a security breach in the millions of dollars. This figure, however, does not mean much without context. Indeed, it can be complicated to derive an average cost for a security breach.

A guide to hardening the web server of your WordPress website

Due to their function, web servers are different from many other devices in a typical network environment—they are not only exposed to the internet by design, but they likely serve web traffic to complete strangers.

Still experiencing spam with CAPTCHA on WordPress? Here’s what to do

CAPTCHA is one of the best tools WordPress administrators and website owners have at their disposal in their fight against spam, such as spam comments and fake user registrations. Just like every other tool, sometimes it needs to be sharpened and serviced.

How to stay safe online as a new WordPress administrator

As a new WordPress administrator, you undoubtedly have a lot to think about and do. After all, WordPress websites are as fun and exciting as they are demanding. Even so, one thing that many new administrators do not think about enough is safety and security.

How to access WordPress Files

WordPress files and folders are the heart and soul of WordPress. Here you’ll find everything from the core code of WordPress to plugin and theme files, media, and everything in between. While you might need to access these files on a daily basis, knowing how to access and navigate the file hierarchy can come in handy when troubleshooting or carrying out WordPress security and hardening procedures.

Sixteen security tips for WordPress plugins & themes developers

Businesses need faster solutions with increasingly complex functionality. While this is good progress, building complex projects also demands a proper security setup. WordPress security is one of the most important aspects of website development. With the increasing complexity of features, many developers miss out on basic website and web application development security principles.

Integrating password policies in WooCommerce account forms

Ensuring your team and also customers use strong passwords is one of the most effective tools in keeping your WordPress website, sensitive customer information and WooCommerce store secure. With WooCommerce typically having more public-facing login pages, this becomes orders of magnitude more important to maintain a secure environment.

Creating a WP 2FA tab within the WooCommerce My Account dashboard

If you’re running an online business using WooCommerce, ensuring your site’s security is of paramount importance. While security requires a 360-degree approach with continuous monitoring, improving, testing, and hardening, low-hanging fruit such as user 2FA authentication can protect you from security breaches due to weak passwords.

Using the WPScan plugin to find vulnerabilities in your WordPress website

Looking after the security of your WordPress website involves a lot of different tasks. One of the tasks is to make sure that the plugins, themes and WordPress version that you are using on your website do not have any known vulnerabilities.

Our other plugins