Category: WordPress Security
Suspected bots causing 404 errors
You might have received the following notice in your Really Simple SSL Dashboard about suspected bots triggering large numbers of “404 Not Found” errors on your site: This article explains why the plugin has built-in detection for large amounts of 404 pages being triggered, and the reasons why these are unlikely to be triggered by legitimate (human) visitors; but rather by bots. Finally, we will cover how to configure the Firewall in Really Simple SSL Pro to block bots that
About File Change Detection
The File Change Detection feature (located under SSL & Security -> “Settings” -> Hardening -> File Change Detection) enables a daily scan to monitor if any changes have been made to files in WordPress Core, or files from Plugins or Themes on your site. If files are being modified without performing any updates, and without manually having modified those files via FTP this could indicate that your WordPress installation was infected by malware that targeted & modified those files on your server.
About Login Authentication and 2FA
Really Simple Security offers two login protection approaches. Two-Factor Authentication (2FA) requires a second verification step after entering your password, preventing unauthorized access even if your password is compromised. Method Pros Cons Email Easy setup, no additional apps needed Vulnerable if email account is compromised TOTP/Authenticator More secure, 2FA codes generated on separate device Requires app installation, risk of losing device access Passkey Login replaces passwords entirely with device-based authentication (fingerprint, facial recognition, or security key). Method Pros Cons Passkey
About File Permission Detection
All files and directories on your webserver have permissions which determine who can read, write, modify and access them. Files and directories should not have more permissions than they require; as unnecessarily elevated permissions might leave your site vulnerable to attack. Configuring appropriate permissions significantly reduces the risk of unauthorized access to your WordPress files and folders. Really Simple SSL Pro (since version 8.2.0) introduces the File Permission Detection feature, available under Settings -> SSL & Security -> “Settings” (top
About Region Restrictions
In some cases, you might want to restrict access to your site from certain regions. There are several reasons for doing so; such as complying with (privacy) regulations, or to ensure that content can only be viewed by a desired audience. And then there’s the security aspect to consider, as malicious actors often launch attacks from specific geographic regions. Blocking access from these regions helps to protect against targeted attacks originating from specific geographic areas. Really Simple SSL Pro (8.2)