Category: WordPress Security

Best Practices for Secure Web Forms on Your WordPress Website

Contact and other type of web forms on websites are typically used to capture leads and build a mailing list for your business’ email marketing strategy. Web forms are also the most commonly exploited attack surface on websites, since they allow users to input data that is then stored into a database or some other […]

Dealing with Failed Logins on Your WordPress

This article explains why many WordPress websites have a lot of failed login attempts. It also explains what you can do to protect your WordPress website from failed login attacks.

The Security Risks of Storing WordPress Backup Files & Old Files Onsite

WordPress backup files and old unused files typically contain a wealth of sensitive information. When stored onsite such files can easily be discovered and downloaded by malicious hackers. Hackers use the information they contain to craft an attack against your website.

Get Your Website on Google’s First Page – An Email Exchange with a SEO Specialist, or Not?

This article includes an email thread of emails that I exchanged with a spammer who claims his company provides SEO services and they can help me rank my website on Google’s first page. As you will see, there are a lot of lessons to be learnt from trying to deal with scam and spam businesses.

Crunching the Numbers – Too Many WordPress Vulnerabilities Can Only Mean Good Things

This article looks into how many vulnerabilities other popular web software has had when compared to WordPress to try and compare if WordPress’ reputation as a very insecure web application is true or not.

Beyond WordPress Security – Managine & Securing All the Other Non-WordPress Components

Read this article for a detailed list of all the other software components that make up a WordPress website. By knowing what your WordPress website is made of, and on which platform it is running you will be able to take a more holistic approach to WordPress security.

The Four Principles of WordPress Security; Harden, Monitor, Test, Improve

This article gives an overview of the four main WordPress security principles highlighted in the WordPress security wheel. By adhering to these principles, WordPress website owners can improve the security of their websites, thus ensuring they are not vulnerable to malicious WordPress hack attacks.

WordPress REST API and the Security Worries

The infrastructure of the WordPress REST API will be included in the core of WordPress version 4.4. The release of WordPress version 4.5 will also include a number of endpoints for the REST API. The addition of this new functionality in WordPress core has raised a few eyebrows. Many are already concerned and as usual, WordPress security is the […]

WordPress Username Disclosure, Vulnerability or Not?

By default it is very easy to guess a WordPress username. Is this WordPress username disclosure a vulnerability or not? Many software vendors such as Microsoft and Cisco had similar issues in the past and they fixed it. Yet in the WordPress ecosystem this is not considered as a vulnerability.

Introduction to Two-factor Authentication for WordPress

An introduction to two-factor authentication and how it improves the security of your WordPress websites.