Category: WordPress Security

Penetration testing for WordPress websites

WordPress powers a lot of websites on the Internet. So it’s no surprise that seasoned attackers and “script-kiddies” like to target WordPress websites. Whether you’re a webmaster, or a security professional, when tasked with assessing the security posture of a WordPress website, it tends to help to be aware of common security pitfalls attackers typically take advantage of.

Strong WooCommerce passwords – enforcing policies without deterring customers

Keeping your eCommerce store secure is a must. Not only is it an important source of income for your business, but it also contains sensitive customer information, such as billing details and credit card numbers. Strong passwords can prevent many cyber attacks, but you’ll need a way to enforce them without deterring customers.

Using WPScan to find WordPress vulnerabilities on your website

WPScan is a black box WordPress Security Scanner written in Ruby. Ideal for penetration testers, security professionals and WordPress administrators WPScan can find security weaknesses within a WordPress blog or website.

Top reasons why WordPress websites get hacked (and how you can stop it)

Hacking is the process of finding flaws in a system, and exploiting them to bypass security controls. ‘Ethical’ hackers use this process to learn about a system and find its weaknesses. However, malicious or ‘black hat’ hacking is also common. It is often used to break into websites.

Email Security: How Basic Frameworks Help WordPress Site Owners

When you factor in the age of the technology and the incentive for hackers to attempt fraud, it’s easy to see why it continues to bother businesses and individuals alike. It’s actually more of a concern now than ever before, because the advent of multi-factor authentication, cloud storage, digital ecosystems and social logins has left many of us relying on the safety of our email addresses simply to get through the day.

The Top 5 Activity Log Plugins for WordPress

In this post, we’ll talk a little more about why you should consider adding a WordPress activity log plugin to your website. Then we’ll explore five of the top options, before showing you how to get started with WP Activity Log, the plugin which we chose to work with.

Best Two-Factor Authentication Plugins for WordPress

Two-Factor Authentication (2FA) or Two-Step Verification is an additional layer of security you add to your WordPress login pages to further harden the overall security of your WordPress site. With 2FA it is virtually impossible for attackers to hijack your WordPress user, even if they guess the password.

WordPress REST API and the Security Worries

The infrastructure of the WordPress REST API will be included in the core of WordPress version 4.4. The release of WordPress version 4.5 will also include a number of endpoints for the REST API. The addition of this new functionality in WordPress core has raised a few eyebrows. Many are already concerned and as usual, WordPress security is the […]

WordPress username disclosure, is it a vulnerability or not?

It is very easy to identify the usernames on an out of the box WordPress installation. Though, there are several WordPress hardening techniques you can implement to hide the usernames, such as the ones mentioned below. However, these only make it a bit more difficult to guess the usernames, but they do not solve the […]

WordPress Firewalls – How They Work & Enhance The Security Of Your WordPress Site

A WordPress website firewall (also known as a Web Application Firewall) helps you protect your WordPress websites and blogs from malicious hacker attacks, though it is not a bullet broof solution. This article explains how they work and discusses their pros and cons.

Our other plugins