Category: WordPress Security
Protecting site visitors with Security Headers
Each time you visit a website, information is exchanged between your device and the website’s server. HTTP headers play an important role in this communication, as they provide extra information about the data that is being shared. Security Headers are types of HTTP headers that are specifically designed to improve web application security. They instruct web browsers on how to handle a site’s content, to protect website visitors against common types of malicious attacks. Protecting your website visitors from malicious
Hardening your website’s security
Table of Contents Introducing WordPress Hardening Hardening – Basic Disable “anyone can register” Disable the built-in file editors Prevent code execution in the public ‘Uploads’ folder Hide your WordPress version Prevent login feedback Disable directory browsing Disable user enumeration Block the ‘admin’ username Disable XML-RPC Block user registrations when login and display name are the same Hardening – Advanced Disable HTTP methods Rename and randomize your database prefix Change debug.log file location Disable application passwords Restrict creation of administrator roles
Login protection as essential security
The login page of your WordPress site is the gateway to your website’s back-end, which makes it an attractive target for a potential attacker to try gaining access to your site. Really Simple Security comes with a variety of settings that are specifically designed to protect User Accounts and the WordPress Login Page against various types of common threats. In this article, we’ll explain how you can use the plugin to considerably improve the protection of User Accounts and the
Why WordPress is (in)secure
WordPress is a free and open-source content management system (CMS) that leads the global market as the most used CMS. According to W3Techs, about ~43% of all websites run on WordPress; which includes those of some of the largest companies in the world. It boasts a large community of users and developers who actively contribute to the project, greatly benefiting the platform’s reliability and security. Still, you might occasionally hear that WordPress is perceived as a target for hackers, which
Staying ahead of vulnerabilities
There are many high quality plugins available on the WordPress Plugin Directory, offering a lot of flexibility to customize WordPress to your needs without having to write any code yourself. However, installing third-party plugins and themes also means that you’re trusting code from another developer to run on your website. And since even the best developer could accidentally introduce a security vulnerability; it’s impossible to rule out the possibility of a vulnerability being discovered in a plugin/theme that you use