Category: WordPress Security
Vulnerability Detection for WordPress
WP Vulnerabilities – An open-source initiative WP Vulnerabilities is an open-source, free API by Javier Casares with contributions from other open-source, freely available databases and many manual hours from moderators and security officers from other plugins, including our own security officer. Really Simple SSL mirrors the free database with its own instance to secure stability and deliverability, but of course provides the origin database with an API to enrich, or improve its current data. An open-source platform, with an enormous
DISALLOW_FILE_EDIT is defined and set to “false”
When activating the “Disable the built-in file editors” feature under Settings > Hardening in Really Simple SSL, you may receive a notice that “the DISALLOW_FILE_EDIT constant is defined and set to false” as shown in the below image. When DISALLOW_FILE_EDIT has been defined in the wp-config.php with a false value, Really Simple SSL cannot override this. The solution is to remove the following line from your wp-config.php file: define( ‘DISALLOW_FILE_EDIT’, false );
Locked out after renaming the admin username
When attacking WordPress websites, guessing usernames and passwords is still a commonly used method to gain access to a WordPress back-end. It goes without saying, that using easy to guess passwords like ‘12345’ or ‘Welcome2022’ will make it really easy for attackers to login to your administrator account. The same goes for usernames; using easy to guess usernames like ‘Admin’ will make it too easy for attackers. This is why Really Simple SSL allows you to prevent usage of the
About the Security Scan
In the last five years, Really Simple SSL has positioned itself as one of the leading authorities on Security Headers. We gave talks about the importance of Security Headers on WordCamp Europe, and have always aspired to give everyone in the (WordPress) ecosystem an easy way to configure Security Headers as it’s a fundamental part of securing the web for everyone. We have relied on securityheaders.com for a while to quickly access a list of available Security Headers on any given
How to set Security Headers on Apache and NGINX
Below we will discuss the challenges and solutions of setting security headers in a WordPress environment. Methods for setting http security headers There are different ways to set security headers on both Apache and Nginx. Usually, security headers on Apache are set in the .htaccess file in the root of your WordPress installation, for Nginx servers they are usually set in the nginx.conf file. Some servers combine Nginx and Apache so they can be set in either of those files.