Category: WordPress Security

The different types of CAPTCHA checks for WordPress websites

Since CAPTCHA was first introduced, it has undergone various iterations and evolutions. With each step, the aim always has been to make it easier for humans and more challenging for non-humans to pass the test. Over time, this led to several different types of CAPTCHA checks being used. CAPTCHA tests must also consider accessibility features such as screen readers used by visually impaired people. Since these function like a bot, it can make the entire process somewhat counterintuitive. Even so, this has been one of the motivators behind the evolution of CAPTCHA checks.

What is the difference between CAPTCHA, ReCAPTCHA, and NoCAPTCHA?

If you’ve been thinking about adding CAPTCHA to your WordPress website (or have recently installed our amazing CAPTCHA 4WP plugin), you’ll undoubtedly have come across the many different versions and iterations of the word CAPTCHA. If you find all of these versions confusing, don’t worry; you’re not alone. In this article, we will be looking […]

Configuring HTTP security headers on WordPress

Most modern browsers support a variety of HTTP security headers to improve the security of your WordPress website, better protect your visitors from classes of browser attacks such as clickjacking, cross-site scripting, and other common attacks, and even improve your site’s visitors’ privacy online. This article gives an overview of what these HTTP security headers […]

What is CAPTCHA?

I have a venerable obsession with efficiency and productivity. I want to do and see many things, but time is, and always will be, an issue. Problems often crop up, threatening to derail the order of things through which efficiency and productivity prosper. Hence, I developed systems to deal with these problems as quickly and […]

What to take away from GoDaddy’s hack of November 2021

On the 6th of September 2021, as-of-yet unknown actors breached and gained access to data of 1,200,000 GoDaddy customers. GoDaddy noticed the breach on November the 17th, some 36 days later. The breach was reported to the SEC some five days later and 41 days after the fact. While investigations are still ongoing, we do […]

How to block failed login attempts on WordPress

This article explains why many WordPress websites have a lot of failed login attempts. It also explains what you can do to protect your WordPress website from failed login attacks.

Applying the principle of least privilege for improved WordPress security

Even though the principle of least privileges is very popular in the IT security industry, many WordPress users still do not apply this principle because “things do not work out of the box”. Though by applying it you can improve the security of your WordPress blogs and websites.

WordPress PCI compliance for e-commerce & business sites

If you have an e-commerce or business WordPress site, most probably you’ve already heard of PCI DSS and PCI compliance. As an online merchant / seller your WordPress website has to be compliant to the PCI DSS regulations, otherwise you risk being fined. Even if you use a third party payment gateway such as PayPal […]

Hardening PHP for WordPress

WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress. Heads up – Be careful when making changes to your PHP settings. Incorrect settings and […]

PCI compliance and WooCommerce – All you need to know

Whether you’re building, maintaining, or operating an eCommerce website, you need to be aware of your security responsibilities. Luckily, there are standards and regulations that can help you keep online stores, such as those built with WooCommerce, safe and secure. The most notable among these is the Payment Card Industry Data Security Standard (PCI-DSS). Do […]

Our other plugins