User management is a difficult task and it is a webmasters’ and systems administrators’ nightmare. If not done properly, it can lead to a number of security issues. For example there have been cases where employees still had access to confidential business data, months and sometimes even years after leaving their job. These type of user management… Read More
We’ve all heard it on the news; hackers want to hack websites to steal credit card and confidential user information for their own financial gains. So why on earth would anyone want to hack into your hobby WordPress website about cute little kittens, or your small business website, even when it does not hold any sensitive… Read More
Contact and other type of web forms on websites are typically used to capture leads and build a mailing list for your business’ email marketing strategy. Web forms are also the most commonly exploited attack surface on websites, since they allow users to input data that is then stored into a database or some other… Read More
This article explains why many WordPress websites have a lot of failed login attempts. It also explains what you can do to protect your WordPress website from failed login attacks.
WordPress backup files and old unused files typically contain a wealth of sensitive information. When stored onsite such files can easily be discovered and downloaded by malicious hackers. Hackers use the information they contain to craft an attack against your website.
This article includes an email thread of emails that I exchanged with a spammer who claims his company provides SEO services and they can help me rank my website on Google’s first page. As you will see, there are a lot of lessons to be learnt from trying to deal with scam and spam businesses.
This article looks into how many vulnerabilities other popular web software has had when compared to WordPress to try and compare if WordPress’ reputation as a very insecure web application is true or not.
Read this article for a detailed list of all the other software components that make up a WordPress website. By knowing what your WordPress website is made of, and on which platform it is running you will be able to take a more holistic approach to WordPress security.
This article gives an overview of the four main WordPress security principles highlighted in the WordPress security wheel. By adhering to these principles, WordPress website owners can improve the security of their websites, thus ensuring they are not vulnerable to malicious WordPress hack attacks.
This WordPress security glossary includes a list of terms and keywords that are typically used in WordPress security documents. The scope of such document is to help you understand the WordPress security lingo.