Category: WordPress Security

WordPress powers a lot of websites on the Internet. So it’s no surprise that seasoned attackers and “script-kiddies” like to target WordPress websites. Whether you’re a webmaster, or a security professional, when tasked with assessing the security posture of a WordPress website, it tends to help to be aware of common security pitfalls attackers typically take advantage of.

Keeping your eCommerce store secure is a must. Not only is it an important source of income for your business, but it also contains sensitive customer information, such as billing details and credit card numbers. Strong passwords can prevent many cyber attacks, but you’ll need a way to enforce them without deterring customers.

WPScan is a black box WordPress Security Scanner written in Ruby. Ideal for penetration testers, security professionals and WordPress administrators WPScan can find security weaknesses within a WordPress blog or website.

Hacking is the process of finding flaws in a system, and exploiting them to bypass security controls. ‘Ethical’ hackers use this process to learn about a system and find its weaknesses. However, malicious or ‘black hat’ hacking is also common. It is often used to break into websites.

When you factor in the age of the technology and the incentive for hackers to attempt fraud, it’s easy to see why it continues to bother businesses and individuals alike. It’s actually more of a concern now than ever before, because the advent of multi-factor authentication, cloud storage, digital ecosystems and social logins has left many of us relying on the safety of our email addresses simply to get through the day.

In this post, we’ll talk a little more about why you should consider adding a WordPress activity log plugin to your website. Then we’ll explore five of the top options, before showing you how to get started with WP Activity Log, the plugin which we chose to work with.

Two-Factor Authentication (2FA) or Two-Step Verification is an additional layer of security you add to your WordPress login pages to further harden the overall security of your WordPress site. With 2FA it is virtually impossible for attackers to hijack your WordPress user, even if they guess the password.

The infrastructure of the WordPress REST API will be included in the core of WordPress version 4.4. The release of WordPress version 4.5 will also include a number of endpoints for the REST API. The addition of this new functionality in WordPress core has raised a few eyebrows. Many are already concerned and as usual, WordPress security is the […]

It is very easy to identify the usernames on an out of the box WordPress installation. Though, there are several WordPress hardening techniques you can implement to hide the usernames, such as the ones mentioned below. However, these only make it a bit more difficult to guess the usernames, but they do not solve the […]

A WordPress website firewall (also known as a Web Application Firewall) helps you protect your WordPress websites and blogs from malicious hacker attacks, though it is not a bullet broof solution. This article explains how they work and discusses their pros and cons.