Category: WordPress Security Tutorials & Tips

Keeping your WordPress secure involves a continuous process of testing, hardening, monitoring, and improving. There are several things WordPress administrators can take care of to help them ensure their websites are safe.

WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress.

Whether your WordPress website has been hacked and you’re currently in damage control, or whether you’re preparing for the worst, this article will guide you through the process of cleaning a hacked WordPress website. The process is documented in an easy to follow step-by-step format to help you accomplish the following:

When you visit a website, your browser (also known as a client) sends a HTTP request to a web server. Once the web server sends an HTTP response, the browser can then render the page to your screen. However, HTTP traffic has a problem; it is a plaintext protocol. This makes it susceptible to snooping and meddling.

Your WordPress site’s security should be one of your top concerns as a webmaster. However, there’s no such thing as a ‘set and forget’ approach with security. In actual fact, your security arrangements should form part of a never-ending process. You need to continually harden, monitor, improve, and test your WordPress security arrangements.

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions.

When you manage a WordPress website, one of the most important aspects of security is authentication, a.k.a. how you login to your website. There are several ways how to harden the authentication to improve the defence in depth of your WordPress login mechanism. One of them is to implement two-factor authentication (2FA).

In our previous post WordPress HTTPS, SSL and TLS – a guide for website administrators, we explained what HTTPS and all the other technical terms are, and how it works. In this article, we discuss HTTPS certificates, the different ways you may acquire one for your WordPress website, and why you should or shouldn’t pay for one.

For every user or account you have you should use a unique and difficult password. That’s a given, but you’d be surprised at how many people don’t give a second though to password security.

This post explains how File integrity monitoring (FIM) helps you answer such questions. We will see how a file integrity monitor plugin is instrumental in helping you better manage your WordPress site’s files. Detecting issues at an early stage is very important – it allows you to mitigate and limit the attack’s or problem’s damage.