Category: WordPress Security
Password has been found in a data breach
You might have encountered the following warning when trying to create a new account on a WordPress website, or when changing the password of an existing account: “Warning: This password has been found in (X) data breaches. Please choose a different password.” This message appears due to an active security measure on the website where you tried to register, which is designed to prevent accounts from being hacked due to the use of previously breached credentials. What does this warning mean?
Preventing the use of compromised passwords
Re-using passwords that have previously been breached poses a significant security risk to the accounts on your WordPress website. It might allow a hacker to perform a successful credential stuffing attack, whereby they attempt using previously breached usernames and passwords to gain access to accounts on various websites. Really Simple Security now offers a powerful compromised password check feature to protect you against these types of attacks. This setting prevents users from using passwords that had previously been exposed in
Our journey towards Really Simple Security
Really Simple SSL has rebranded to Really Simple Security as of version 9.0. Rogier Lankhorst originally launched Really Simple SSL in 2015 as a simple and performant solution to migrate WordPress sites to HTTPS/SSL. Back in 2015, getting WordPress sites up and running over HTTPS/SSL was often a cause for headaches. Website owners had to configure various aspects such as enabling a (performant) redirect from http to https, getting rid of mixed content and account for server-specific variables; to adjust
Enable an efficient and performant firewall
If you’ve ever inspected the access logs of a live WordPress website before, you will undoubtedly have encountered requests from bots; scanning for potentially weak parts of the site that they can further try to exploit. This is where the Really Simple Security Firewall comes into play, which can lock out such malicious traffic from reaching your WordPress site. It can be used to swiftly block malicious actors that attempt to launch attacks against your site. In this article, we will
Disabling LLA (Limit Login Attempts) when you are locked out
Really Simple Security Pro includes Limit Login Attempts functionality to protect your site against brute force login attacks. Repeated attempts to login using incorrect credentials will be blocked automatically. However, it could be that you’ve accidentally triggered too many invalid Login Attempts yourself, and that you’re (temporarily) locked out of your WordPress Account as a result. Renaming the really-simple-ssl-pro folder in the wp-content/plugins/ directory will allow you to regain access to the site; but as this would deactivate the plugin entirely,