Category: WordPress Security Tutorials & Tips

Sixteen security tips for WordPress plugins & themes developers

One can never be too careful! A big part of our job as developers is to make sure the sites and plugins, we are building are secure. Businesses need faster solutions with increasingly complex functionality. While this is good progress, building complex projects also demands a proper security setup. WordPress security is one of the […]

Integrating password policies in WooCommerce account forms

Ensuring your team and also customers use strong passwords is one of the most effective tools in keeping your WordPress website, sensitive customer information and WooCommerce store secure. With WooCommerce typically having more public-facing login pages, this becomes orders of magnitude more important to maintain a secure environment. So, how can you be certain that […]

Creating a WP 2FA tab within the WooCommerce My Account dashboard

If you’re running an online business using WooCommerce, ensuring your site’s security is of paramount importance. While security requires a 360-degree approach with continuous monitoring, improving, testing, and hardening, low-hanging fruit such as user 2FA authentication can protect you from security breaches due to weak passwords. Thankfully, our WP 2FA plugin makes this a breeze. […]

Using the WPScan plugin to find vulnerabilities in your WordPress website

Looking after the security of your WordPress website involves a lot of different tasks. One of the tasks is to make sure that the plugins, themes and WordPress version that you are using on your website do not have any known vulnerabilities. Luckily, this task can be automated with WPScan, a free WordPress plugin. The […]

Exposed backup and unreferenced files and how to find them

Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe. From ensuring passwords meet specific criteria to hardening PHP, these processes can go a long way in helping you ensure you run a […]

Hardening PHP for WordPress

WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress. Heads up – Be careful when making changes to your PHP settings. Incorrect settings and […]

How to clean a hacked WordPress website or blog

Whether your WordPress website has been hacked and you’re currently in damage control, or whether you’re preparing for the worst, this article will guide you through the process of cleaning a hacked WordPress website. The process is documented in an easy to follow step-by-step format to help you accomplish the following: Gain back control of […]

WordPress HTTPS, SSL & TLS – a guide for website administrators

When you visit a website, your browser (also known as a client) sends a HTTP request to a web server. Once the web server sends an HTTP response, the browser can then render the page to your screen. However, HTTP traffic has a problem; it is a plaintext protocol. This makes it susceptible to snooping […]

5 best WordPress security plugins for complete site security

Your WordPress site’s security should be one of your top concerns as a webmaster. However, there’s no such thing as a ‘set and forget’ approach with security. In actual fact, your security arrangements should form part of a never-ending process. You need to continually harden, monitor, improve, and test your WordPress security arrangements. When it […]

WordPress file permissions: the guide to configuring secure website & web server permissions

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions. It is crucial to get file permissions right. Setting incorrect file permissions can open your website up for attack. Incorrect file permissions can […]

Our other plugins