Author: Jarno Vos
Passkeys: no need for Limit Login Attempts?
Traditional logins with usernames and passwords are often targeted by brute-force attacks, phishing, and credential stuffing. That’s where Passkeys come in: a modern, phishing-resistant authentication method that has been gaining traction for its usability and strength. Really Simple Security Pro includes Passkey support to allow site administrators to enable (or enforce) passkey-based logins on WordPress, replacing the need for traditional passwords. This can be enforced per user role: for instance, you can require Passkeys for Administrator and Editor roles only.
Configuring Really Simple Security with WP-CLI
Table of contents What is WP-CLI? Why would you want to use it? Prerequisites and how to install How to use WP-CLI Really Simple Security WP-CLI commands What is WP-CLI? WP-CLI is a command-line interface for WordPress. It allows you to manage your WordPress site using commands in your terminal or command prompt, making it easier to automate tasks and manage your site without needing to log into the WordPress admin dashboard. Why would you want to use it? Using
How to Fix The “Link you followed has Expired” error on WordPress
When trying to upload a (large) plugin or theme to your WordPress site, you might run into the message “The link you followed has expired”. This occurs because of the max. upload file size configuration of your WordPress installation, if the file you’re uploading exceeds this limit: this error could appear. How to find the current upload limit on your WordPress site You can view what these limits are currently set to, directly within the WordPress admin interface. This information
Protecting site visitors with Security Headers
Each time you visit a website, information is exchanged between your device and the website’s server. HTTP headers play an important role in this communication, as they provide extra information about the data that is being shared. Security Headers are types of HTTP headers that are specifically designed to improve web application security. They instruct web browsers on how to handle a site’s content, to protect website visitors against common types of malicious attacks. Protecting your website visitors from malicious
Hardening your website’s security
Table of Contents Introducing WordPress Hardening Hardening – Basic Disable “anyone can register” Disable the built-in file editors Prevent code execution in the public ‘Uploads’ folder Hide your WordPress version Prevent login feedback Disable directory browsing Disable user enumeration Block the ‘admin’ username Disable XML-RPC Block user registrations when login and display name are the same Hardening – Advanced Disable HTTP methods Rename and randomize your database prefix Change debug.log file location Disable application passwords Restrict creation of administrator roles