Archives: Definitions

TLS stands for Transport Layer Security. It is a protocol used to encrypt data that is transmitted over the internet. TLS is used to encrypt all kinds of transmissions, for example via FTP, email (IMAP and SMTP), and within the context of Really Simple SSL: securing the connection between the browser (client) and a website (server). TLS encryption is used to prevent exposure of the transmitted data, whether it be files, email messages or for example payment information or passwords. Nowadays when

HTTP cookies are small packets of data stored in your browser. This data may contain sensitive data like passwords or user information and is therefore vulnerable for attacks. To limit vulnerability you can ‘secure’ your cookies by adding specific attributes to the set cookies, making it harder to manipulate by outsiders. Really Simple SSL uses the HttpOnly, secure and use_only_cookies parameters to make cookies more secure. Since Really Simple SSL helps you in securing your website by switching your site to

User Enumeration Attacks are techniques with the purpose of finding valid login credentials such as usernames. Although not directly a vulnerability, standard or easy to automatically detect user names make it a easier for attackers to launch brute-force authentication attacks. Security experts will commonly refer to hiding usernames as “Security by Obscurity” which has a negative connotation. We however believe that any security measure that does not interfere with the functionality of your site while thwarting at least some automated

The X-Content-Type-Options header is commonly used to help protect against attacks that rely on MIME-type sniffing. Browsers will sometimes attempt to guess the type of a file, even if the server has already declared it based on its contents. This can lead to security issues when user-supplied files are served, especially on forums or similar platforms which contain user-generated content. For example: an attacker uploads a file that looks like an image, but it actually contains some malicious JavaScript. If

Note: The X-Frame-Options header is being replaced with the more flexible Frame Ancestors directive (part of the Content Security Policy). When you enable the Frame Ancestors header in Really Simple Security Pro (Security -> Settings -> Security Headers -> Content Security Policy), the plugin will automatically set the appropriate X-Frame-Options header. X-Frame-Options is a Security Header that allows the website administrator to determine whether their site can be embedded using mechanisms such as an <iframe>, <embed> or <object>. iFrames are commonly used