Category: WordPress Security Readings

WordPress security issues caused by sharing WordPress login details

A WordPress security best practice that is easy to implement is having a unique WordPress login (username and password) for every person who accesses your website or multisite network. Sharing the same WordPress login details with groups of people can lead to a number of security issues and increases the maintenance of the website, as […]

Interview with Julio Potier, Developer of SecuPress

Julio Potier is the developer behind SecuPress, the WordPress plugin that makes it possible to easily secure your WordPress websites and blogs. Julio is based in France and is very active in the WordPress security scene. He is also a security consultant and teaches developers to write more secure code through his lecture and audits […]

A WordPress Digital Nomad’s Must Have – Personal VPN

WordPress has allowed many to break away from their nine to five jobs and start their own business venture, and live the digital nomad life. Being location independent and travelling around the world while still able to make money is certainly possible nowadays, especially with the adaptation of the internet and Wi-Fi in all cafes, […]

Inteview with BlogVault CEO Akshat Choudhary

During this interview Akshat explains what happened during the BlogVault security incident, how he and his team found out about it, its aftermath, and how did the public react to their announcements and transparent approach. A lot of noise is made when a popular WordPress website or service is hacked, but not much is done to […]

Top Five WordPress Users Management Guidelines

User management is a difficult task and it is a webmasters’ and systems administrators’ nightmare. If not done properly, it can lead to a number of security issues. For example there have been cases where employees still had access to confidential business data, months and sometimes even years after leaving their job. These type of user management […]

Why Would a Malicious Hacker Target Your WordPress?

We’ve all heard it on the news; hackers want to hack websites to steal credit card and confidential user information for their own financial gains. So why on earth would anyone want to hack into your hobby WordPress website about cute little kittens, or your small business website, even when it does not hold any sensitive […]

Best Practices for Secure Web Forms on Your WordPress Website

Contact and other type of web forms on websites are typically used to capture leads and build a mailing list for your business’ email marketing strategy. Web forms are also the most commonly exploited attack surface on websites, since they allow users to input data that is then stored into a database or some other […]

Dealing with Failed Logins on Your WordPress

This article explains why many WordPress websites have a lot of failed login attempts. It also explains what you can do to protect your WordPress website from failed login attacks.

The Security Risks of Storing WordPress Backup Files & Old Files Onsite

WordPress backup files and old unused files typically contain a wealth of sensitive information. When stored onsite such files can easily be discovered and downloaded by malicious hackers. Hackers use the information they contain to craft an attack against your website.

Get Your Website on Google’s First Page – An Email Exchange with a SEO Specialist, or Not?

This article includes an email thread of emails that I exchanged with a spammer who claims his company provides SEO services and they can help me rank my website on Google’s first page. As you will see, there are a lot of lessons to be learnt from trying to deal with scam and spam businesses.