Category: WordPress Security
Our journey towards Really Simple Security
Really Simple SSL has rebranded to Really Simple Security as of version 9.0. Rogier Lankhorst originally launched Really Simple SSL in 2015 as a simple and performant solution to migrate WordPress sites to HTTPS/SSL. Back in 2015, getting WordPress sites up and running over HTTPS/SSL was often a cause for headaches. Website owners had to configure various aspects such as enabling a (performant) redirect from http to https, getting rid of mixed content and account for server-specific variables; to adjust
Enable an efficient and performant firewall
If you’ve ever inspected the access logs of a live WordPress website before, you will undoubtedly have encountered requests from bots; scanning for potentially weak parts of the site that they can further try to exploit. This is where the Really Simple Security Firewall comes into play, which can lock out such malicious traffic from reaching your WordPress site. It can be used to swiftly block malicious actors that attempt to launch attacks against your site. In this article, we will
Suspected bots causing 404 errors
You might have received the following notice in your Really Simple SSL Dashboard about suspected bots triggering large numbers of “404 Not Found” errors on your site: This article explains why the plugin has built-in detection for large amounts of 404 pages being triggered, and the reasons why these are unlikely to be triggered by legitimate (human) visitors; but rather by bots. Finally, we will cover how to configure the Firewall in Really Simple SSL Pro to block bots that
LiteSpeed Cache and Security Headers
If you are using LiteSpeed cache you may have problems updating your security headers. This is because LiteSpeed cache will prevent the loading of our advanced-headers.php file. The solution for this is to add rsssl_after_saved_fields to the “Purge All Hooks” list in the LiteSpeed cache settings. This will purge the LiteSpeed cache on every save of the Really SImple SSL settings. NOTE: This will not work for CSP learning mode because learning mode changes the headers without a manual save
How valuable is your website?
Thousands of websites get hacked every day. It may not have happened to you, but there is no reason for cybercriminals not to try. People often think it won’t happen to their website because there is nothing to gain for an attacker. You may not be running a webshop, you’re not storing any confidential or valuable data on your website, and you are not even bothered about losing your website because you’re hardly getting any visitors. No one would care