Really Simple Security logo

Log out
Get PRO

Category: Vulnerabilities

Staying ahead of vulnerabilities

There are many high quality plugins available on the WordPress Plugin Directory, offering a lot of flexibility to customize WordPress to your needs without having to write any code yourself. However, installing third-party plugins and themes also means that you’re trusting code from another developer to run on your website. And since even the best developer could accidentally introduce a security vulnerability; it’s impossible to rule out the possibility of a vulnerability being discovered in a plugin/theme that you use

Read more
Jarno Vos September 6, 2024

Number of reported WordPress Plugin & Theme vulnerabilities doubled in the first 6 months of 2023

We recently introduced vulnerability detection in Really Simple SSL and have been working on a database of vulnerabilities sourced from the open WordPress Vulnerability Database API project (https://www.wpvulnerability.com) since the beginning of 2023. We have been monitoring WordPress plugin and Theme vulnerabilities for years and have seen an increase in reported vulnerabilities yearly. Having access to detailed information in our own database enabled us to look closer into the details and numbers. We were surprised to find the number of

Read more
Leon Wimmenhoeve June 21, 2023

Vulnerability Detection for WordPress

WP Vulnerabilities – An open-source initiative WP Vulnerabilities is an open-source, free API by Javier Casares with contributions from other open-source, freely available databases and many manual hours from moderators and security officers from other plugins, including our own security officer. Really Simple SSL mirrors the free database with its own instance to secure stability and deliverability, but of course provides the origin database with an API to enrich, or improve its current data. An open-source platform, with an enormous

Read more
Leon Wimmenhoeve May 9, 2023

Recent

Categories

Most popular

Category: Vulnerabilities

About the Firewall

The Firewall module in Really Simple Security is a powerful feature that allows you to monitor and filter requests to your WordPress site. You can activate the firewall by enabling the “Enable Firewall” slider under SSL & Security -> Settings -> Firewall. This article explains how to configure the firewall rules in Really Simple Security to identify and lock out unwanted, malicious traffic from your WordPress site. Table of Contents 404 Blocking Region Blocking User Agents IP Allowlist & Blocklist Event

Read more
Jarno Vos October 10, 2024

Using Really Simple Security with a custom wp-config.php file

Really Simple Security writes some rules to the wp-config.php file on your WordPress site, for instance, to load the Firewall and Security Headers. But it could be that your WordPress installation uses a ‘custom’ file, instead of the standard wp-config.php file on a standard WordPress installation. For example, the hosting provider Convesio uses a file called wp-convesio.php, and any changes that the Really Simple SSL plugin makes to the “standard” wp-config.php file would get overwritten & lost as a result.

Read more
Jarno Vos July 16, 2024

About File Change Detection

The File Change Detection feature (located under SSL & Security -> “Settings” -> Hardening -> File Change Detection) enables a daily scan to monitor if any changes have been made to files in WordPress Core, or files from Plugins or Themes on your site. If files are being modified without performing any updates, and without manually having modified those files via FTP this could indicate that your WordPress installation was infected by malware that targeted & modified those files on your server.

Read more
Jarno Vos May 31, 2024