Category: WordPress Security

About Vulnerabilities

This article explains how to configure vulnerability detection in Really Simple SSL and what are important things to consider. If you want to know more about our latest release, also called 7.0 Vulnerabilities, read this article about our future endeavour’s for Really Simple SSL. When you enable vulnerability detection and save settings, a pop-up will appear to configure your website and runs a first scan. Notifications You can configure when and how to show the notifications based on the minimum

Leon Wimmenhoeve May 1, 2023

About custom login URLs

We have added a new feature under Advanced Hardening. You can now change your default login URL to a custom login URL. This will mitigate bot attacks on default WordPress login URLs. This features come with another, background process, that is also important to note: Email notifications. The setting for email notifications can be found under General. If you ever forget the login URL, you can use a parameter as explained below to receive an email with your custom login

Leon Wimmenhoeve March 28, 2023

Content security policy maximum size exceeded

The maximum size available for http headers on your website depends on the webserver that runs your website. For most webservers like Apache and Lightspeed the limit is 8192 bytes but the default configuration of Nginx sets this limit to 4096 bytes. When your website is running Nginx with the default configuration, available space for HTTP headers is limited. In most cases this will be fine but if you have a large Content Security Policy it might result in the

Leon Wimmenhoeve February 28, 2023

Renaming a WordPress database prefix

Changing the WordPress database prefix is not a direct solution for certain vulnerabilities, however it can be categorised as ‘Security through Obscurity”. Changing the defaults in your WordPress configuration, from disabling certain features, removing unnecessary data like feedback on login attempts and software versions, will help in making your website less vulnerable if WordPress as a platform is targeted. In reality, websites are rarely specific targets. What is mostly targeted are flaws and vulnerabilities in popular frameworks. And WordPress is

Leon Wimmenhoeve December 19, 2022

Debug.log has been relocated, but where?

By default the debug.log file is written to a standard folder and filename: /wp-content/debug.log This standard will be available on 99% of the websites. And because /wp-content/ is a publicly accessible folder (It also has your uploads folder with images, for example), the debug.log might be an interesting file for anyone with malicious intent, if accessible. But why? The debug.log might contain important or confidential information. If it extends to plugins that handle more sensitive data like usernames, passwords, emails, payment credentials,

Leon Wimmenhoeve December 19, 2022

Recent

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Categories

Most popular