Category: WordPress Security
What to do if you’re locked out after renaming the ‘admin’ username
When attacking WordPress websites, guessing usernames and passwords is still a commonly used method to gain access to a WordPress back-end. It goes without saying, that using easy to guess passwords like ‘12345’ or ‘Welcome2022’ will make it really easy for attackers to login to your administrator account. The same goes for usernames; using easy to guess usernames like ‘Admin’ will make it too easy for attackers. This is why Really Simple SSL allows you to prevent usage of the
Configuring recommended Security Headers
Security headers are a powerful way to strengthen SSL and to further secure the connection between site visitors and the webserver. Security Headers can be considered ‘instructions’ for the webbrowser. For example, the X-Frame-Options header will tell the browser if the page or site is allowed to be loaded in an iFrame. We will discuss possible and recommended configurations for the four Recommended Security Headers within Really Simple SSL Pro: The Recommended Recurity Headers block within Really Simple SSL Pro
Configuring the Content Security Policy
To enable a Content Security Policy in Really Simple Security Pro, start by navigating to Security -> Settings (in the top menu bar) -> Security Headers -> Content Security Policy. Getting started with the Content Security Policy #1: Upgrade-Insecure-Requests If your site is working correctly over SSL/HTTPS, you should enable the “Upgrade Insecure Requests” slider to ensure that all requests made to your site are performed over HTTPS (even if their links do not explicitly specify “https://“). #2: Frame Ancestors
Locked out after renaming the admin username
When attacking WordPress websites, guessing usernames and passwords is still a commonly used method to gain access to a WordPress back-end. It goes without saying, that using easy to guess passwords like ‘12345’ or ‘Welcome2022’ will make it really easy for attackers to login to your administrator account. The same goes for usernames; using easy to guess usernames like ‘Admin’ will make it too easy for attackers. This is why Really Simple SSL allows you to prevent usage of the
Configuring the Permissions Policy
The permissions policy controls which browser features can be used on your website. This is true for both your own content, or embedded content. If you do not use certain browser features, it is strongly advised to fully disallow these features. NB. The Geolocation API can still be used in some instances whereby a map is embedded a geolocation is used to center the map for example. Please make sure you test your website afterwards. Which option to choose? For