Penetration testing for WordPress websites
WordPress powers a lot of websites on the Internet. So it’s no surprise that seasoned attackers and “script-kiddies” like to target WordPress websites. Whether you’re a webmaster, or a security professional, when tasked with assessing the security posture of a WordPress website, it tends to help to be aware of common security pitfalls attackers typically […]
Should maintained plugins be suspended from the WordPress repository when there is a security issue?
On 27th February 2020, at 9:34PM (CET) we received an email notifying us that our plugin WP Security Audit Log was “temporarily withdrawn from the WordPress.org Plugin directory due to an exploit”. We submitted a fix on Friday, 28th February 2020, at 4:08PM. It only took us 16.5 hours to release the fix. We would […]
PPMWP 2.1: the new dormant users policy & support for post login redirects
Password Policy Manager for WordPress 2.1 is out today! In this plugin update we added a new policy to disable dormant users, support for post login redirect plugins, and several other improvements. This post highlights all that is new and improved in the latest version of Password Policy Manager for WordPress. The dormant WordPress users […]
Why your WordPress e-commerce solution has to be secure (and how to do it)
There’s plenty you need to do to ensure your e-commerce store offers the best possible User Experience (UX). This means keeping WordPress and all other software up-to-date, optimizing your store, and of course, ensuring it’s safe to use and secure. By safe to use, we mean making your best to protecting your customer’s data. Also […]
Setting up 2FA on WordPress with the Google Authenticator app
Whenever you implement a security measure, you should also have some sort of fallback. You do not want to be compromised by the failure of a single component. This is known as defense in depth. When you manage a WordPress website, one of the most important aspects of security is authentication, a.k.a. how you login […]
How to eliminate false positives in file integrity monitoring on WordPress
File integrity monitoring (FIM) allows you to quickly detect file changes on your WordPress site. It is an important part of securing a WordPress site and the way it works is very simple: it compares baseline cryptographic hashes to the current hash of the monitored files. When a change happens, you get an alert. However, […]
Configuring WordPress automatic updates
This WordPress tutorials explains how you can configure the WordPress automatic update to ensure that your websites and blogs always run on the latest, most stable and secure WordPress version. It also explains how to enable automatic updating of WordPress plugins and theme.
Strong WooCommerce passwords – enforcing policies without deterring customers
Keeping your eCommerce store secure is a must. Not only is it an important source of income for your business, but it also contains sensitive customer information, such as billing details and credit card numbers. Strong passwords can prevent many cyber attacks, but you’ll need a way to enforce them without deterring customers. By creating […]
Using WPScan to find WordPress vulnerabilities on your website
WPScan is a black box WordPress Security Scanner written in Ruby. Ideal for penetration testers, security professionals and WordPress administrators WPScan can find security weaknesses within a WordPress blog or website.
Why you need both Two-factor Authentication & strong passwords on WordPress sites
Two-factor authentication (2FA) is an important part of maintaining the security of a WordPress site. However, 2FA alone isn’t enough to harden your WordPress site authentication. Strong passwords are also an important part, even when using two-factor authentication. In this article we review 2FA, explain how hackers are bypassing it in some cases, and provide […]