Day: September 6, 2024
Oh no! It seems we can't find what you're looking for. Please try again
This article explains how to configure vulnerability detection in Really Simple SSL and what are important things to consider. If you want to know more about our latest release, also called 7.0 Vulnerabilities, read this article about our future endeavour’s for Really Simple SSL. When you enable vulnerability detection and save settings, a pop-up will appear to configure your website and runs a first scan. Notifications You can configure when and how to show the notifications based on the minimum
We have added a new feature under Advanced Hardening. You can now change your default login URL to a custom login URL. This will mitigate bot attacks on default WordPress login URLs. This features come with another, background process, that is also important to note: Email notifications. The setting for email notifications can be found under General. If you ever forget the login URL, you can use a parameter as explained below to receive an email with your custom login
As a security measure, the ability to issue SSL certificates can be restricted to specific Certificate Authorities by using CAA records. By setting up the appropriate CAA records for your domain, you’re ensuring that Let’s Encrypt can issue certificates for your domain, while also preventing other certificate authorities from doing so without your authorization. For more info on CAA records read this arcticle When Really Simple SSL detects a CAA record that will prevent let Let’s Encrypt from issuing a
The maximum size available for http headers on your website depends on the webserver that runs your website. For most webservers like Apache and Lightspeed the limit is 8192 bytes but the default configuration of Nginx sets this limit to 4096 bytes. When your website is running Nginx with the default configuration, available space for HTTP headers is limited. In most cases this will be fine but if you have a large Content Security Policy it might result in the
Changing the WordPress database prefix is not a direct solution for certain vulnerabilities, however it can be categorised as ‘Security through Obscurity”. Changing the defaults in your WordPress configuration, from disabling certain features, removing unnecessary data like feedback on login attempts and software versions, will help in making your website less vulnerable if WordPress as a platform is targeted. In reality, websites are rarely specific targets. What is mostly targeted are flaws and vulnerabilities in popular frameworks. And WordPress is