Category: WordPress Security

The WordPress security process; Test, Harden, Monitor, Improve

WordPress security is not unlike many other areas of IT security. It’s not a one time fix. It is something that is never actually finished. Whilst there are several steps you can take to improve your WordPress security, your site and business requirements will change. So adopting a point-in-time security assessment will only give you […]

WordPress Two-Factor Authentication (2FA): what is it & using it on your site

The security of your WordPress website depends on the systems you put in place to protect it and harden its security. With the sharp increase of automated password guessing, your users’ sensitive information and access to your site are more at risk than ever. This is why it’s so important to protect your WordPress site […]

Penetration testing for WordPress websites

WordPress powers a lot of websites on the Internet. So it’s no surprise that seasoned attackers and “script-kiddies” like to target WordPress websites. Whether you’re a webmaster, or a security professional, when tasked with assessing the security posture of a WordPress website, it tends to help to be aware of common security pitfalls attackers typically […]

Strong WooCommerce passwords – enforcing policies without deterring customers

Keeping your eCommerce store secure is a must. Not only is it an important source of income for your business, but it also contains sensitive customer information, such as billing details and credit card numbers. Strong passwords can prevent many cyber attacks, but you’ll need a way to enforce them without deterring customers. By creating […]

Using WPScan to find WordPress vulnerabilities on your website

WPScan is a black box WordPress Security Scanner written in Ruby. Ideal for penetration testers, security professionals and WordPress administrators WPScan can find security weaknesses within a WordPress blog or website.

Why you need both Two-factor Authentication & strong passwords on WordPress sites

Two-factor authentication (2FA) is an important part of maintaining the security of a WordPress site. However, 2FA alone isn’t enough to harden your WordPress site authentication. Strong passwords are also an important part, even when using two-factor authentication. In this article we review 2FA, explain how hackers are bypassing it in some cases, and provide […]

Understanding DDoS attacks: a guide for WordPress administrators

A Distributed Denial of Service (DDoS) is a type of Denial of Service (DoS) attack in which the attack comes from multiple hosts as opposed to one, making them very difficult to block. As with any DoS attack, the objective is to make a target unavailable by overloading it in some way. Generally, a DDoS […]

Top reasons why WordPress websites get hacked (and how you can stop it)

Hacking is the process of finding flaws in a system, and exploiting them to bypass security controls. ‘Ethical’ hackers use this process to learn about a system and find its weaknesses. However, malicious or ‘black hat’ hacking is also common. It is often used to break into websites. There are a lot of reasons why […]

How Does A VPN Work?

In recent years Virtual Private Networks (VPN) have become increasingly popular with both business and home users. And it’s reasonable to assert that this interest in VPN solutions has been amplified by the various security and privacy issues that have been highlighted in the mass media. Yet many people, even those who use VPNs on […]

PCI DSS Compliance for WordPress eCommerce & Business Sites

If you have an ecommerce or business WordPress site, most probably you’ve already heard of PCI DSS and PCI compliance. As an online merchant / seller your WordPress website has to be compliant to the PCI DSS regulations, otherwise you risk being fined. Even if you use a third party payment gateway such as PayPal […]