Exposed backup and unreferenced files and how to find them
Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe.
Hardening PHP for WordPress
WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress.
How to clean a hacked WordPress website or blog
Whether your WordPress website has been hacked and you’re currently in damage control, or whether you’re preparing for the worst, this article will guide you through the process of cleaning a hacked WordPress website. The process is documented in an easy to follow step-by-step format to help you accomplish the following:
WordPress HTTPS, SSL & TLS – a guide for website administrators
When you visit a website, your browser (also known as a client) sends a HTTP request to a web server. Once the web server sends an HTTP response, the browser can then render the page to your screen. However, HTTP traffic has a problem; it is a plaintext protocol. This makes it susceptible to snooping and meddling.
5 best WordPress security plugins for complete site security
Your WordPress site’s security should be one of your top concerns as a webmaster. However, there’s no such thing as a ‘set and forget’ approach with security. In actual fact, your security arrangements should form part of a never-ending process. You need to continually harden, monitor, improve, and test your WordPress security arrangements.
WordPress file permissions: the guide to configuring secure website & web server permissions
WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions.
Using the Google Authenticator app for WordPress 2FA
When you manage a WordPress website, one of the most important aspects of security is authentication, a.k.a. how you login to your website. There are several ways how to harden the authentication to improve the defence in depth of your WordPress login mechanism. One of them is to implement two-factor authentication (2FA).
Choosing the right HTTPS certificate for your WordPress website
In our previous post WordPress HTTPS, SSL and TLS – a guide for website administrators, we explained what HTTPS and all the other technical terms are, and how it works. In this article, we discuss HTTPS certificates, the different ways you may acquire one for your WordPress website, and why you should or shouldn’t pay for one.
4 reasons password policies are vital for WordPress users
For every user or account you have you should use a unique and difficult password. That’s a given, but you’d be surprised at how many people don’t give a second though to password security.
What is file integrity monitoring & why you need it on your WordPress website?
This post explains how File integrity monitoring (FIM) helps you answer such questions. We will see how a file integrity monitor plugin is instrumental in helping you better manage your WordPress site’s files. Detecting issues at an early stage is very important – it allows you to mitigate and limit the attack’s or problem’s damage.