Author: Jarno Vos
Login protection as essential security
Your WordPress login page is publicly accessible to anyone who knows your domain. That means it gets hit by automated bots running through username and password combinations every day. Most attacks on WordPress sites start right here. Login protection covers a few critical variables: limiting how many login attempts are allowed, changing or hiding the login URL so bots cannot easily find it, and adding a second verification step (2FA) so a stolen password alone isn’t enough to break in.
Why WordPress is (in)secure
WordPress is a free and open-source content management system (CMS) that leads the global market as the most used CMS. According to W3Techs, about ~43% of all websites run on WordPress; which includes those of some of the largest companies in the world. It boasts a large community of users and developers who actively contribute to the project, greatly benefiting the platform’s reliability and security. Still, you might occasionally hear that WordPress is perceived as a target for hackers, which
Staying ahead of vulnerabilities
There are many high quality plugins available on the WordPress Plugin Directory, offering a lot of flexibility to customize WordPress to your needs without having to write any code yourself. However, installing third-party plugins and themes also means that you’re trusting code from another developer to run on your website. And since even the best developer could accidentally introduce a security vulnerability; it’s impossible to rule out the possibility of a vulnerability being discovered in a plugin/theme that you use
Password has been found in a data breach
You might have encountered the following warning when trying to create a new account on a WordPress website, or when changing the password of an existing account: “Warning: This password has been found in (X) data breaches. Please choose a different password.” This message appears due to an active security measure on the website where you tried to register, which is designed to prevent accounts from being hacked due to the use of previously breached credentials. What does this warning mean?
Preventing the use of compromised passwords
Re-using passwords that have previously been breached poses a significant security risk to the accounts on your WordPress website. It might allow a hacker to perform a successful credential stuffing attack, whereby they attempt using previously breached usernames and passwords to gain access to accounts on various websites. Really Simple Security now offers a powerful compromised password check feature to protect you against these types of attacks. This setting prevents users from using passwords that had previously been exposed in