Category: WordPress Security

W3 Total Cache and Security Headers

Disk: Enhanced mode blocks security headers If you are using W3 Total Cache in “Disk: Enhanced” mode, setting security headers in Really Simple SSL will not work correctly. Really Simple SSL sets security headers using PHP and the “Disk: Enhanced” mode in W3 Total Cache completely bypasses PHP and serves static HTML only. This means W3 Total Cache “Disk: Enhanced” mode is incompatible with the security headers functionality in Really Simple SSL. To use Really Simple SSL’s security headers functionality

Leon Wimmenhoeve August 18, 2023

Rogue admin protection for WordPress

To protect your website against the creation of rogue admins, simply enable the “Restrict creation of administrators” setting under advanced hardening in Really Simple SSL Pro.

Leon Wimmenhoeve August 4, 2023

Implementing Content Security Policy (CSP) on WordPress

Implementing a Content Security Policy is an essential way to protect your website from common attacks. What is Content Security Policy Content Security Policy enhances the security of web applications, reduces the attack surface, and protects users from various forms of web-based attacks such as Cross-Site Scripting (XSS), Clickjacking, data and code injection attacks. In this article, we will explore the significance of CSP and delve into the step-by-step process of implementing it on a WordPress website to enhance security

Leon Wimmenhoeve July 28, 2023

How to protect your WordPress account

According to Forbes, at least 30.000 websites are hacked daily, with a WordPress market share of 40%, which means at least 12.000 WordPress sites get compromised daily. The two leading causes of these hacks are vulnerable software and compromised accounts. Source Ensuring you are always running the latest version of WordPress and plugins and themes will prevent many of these hacks. Still, statistics suggest only about 50% of hacked WordPress sites were running outdated software. Taking into account that there

Leon Wimmenhoeve July 6, 2023

Number of reported WordPress Plugin & Theme vulnerabilities doubled in the first 6 months of 2023

We recently introduced vulnerability detection in Really Simple SSL and have been working on a database of vulnerabilities sourced from the open WordPress Vulnerability Database API project (https://www.wpvulnerability.com) since the beginning of 2023. We have been monitoring WordPress plugin and Theme vulnerabilities for years and have seen an increase in reported vulnerabilities yearly. Having access to detailed information in our own database enabled us to look closer into the details and numbers. We were surprised to find the number of

Leon Wimmenhoeve June 21, 2023

Recent

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Categories

Most popular