Archives: Instructions

About custom login URLs

We have added a new feature under Advanced Hardening. You can now change your default login URL to a custom login URL. This will mitigate bot attacks on default WordPress login URLs. This features come with another, background process, that is also important to note: Email notifications. The setting for email notifications can be found under General. If you ever forget the login URL, you can use a parameter as explained below to receive an email with your custom login

Leon Wimmenhoeve March 28, 2023

Configuring recommended Security Headers

Security headers are a powerful way to strengthen SSL and to further secure the connection between site visitors and the webserver. Security Headers can be considered ‘instructions’ for the webbrowser. For example, the X-Frame-Options header will tell the browser if the page or site is allowed to be loaded in an iFrame. We will discuss possible and recommended configurations for the four Recommended Security Headers within Really Simple SSL Pro: The Recommended Recurity Headers block within Really Simple SSL Pro

Leon Wimmenhoeve December 14, 2022

Using the Mixed Content Scan

If your site has a valid SSL certificate but is still reported as insecure in browsers, this could be because it contains “Mixed Content” (HTTP content loaded on a HTTPS website). The built-in Mixed Content fixer in Really Simple SSL will dynamically fix all of the Mixed Content in the HTML of your site. If you have the Mixed content fixer enabled, but your site is still marked as insecure: you possibly have a type of mixed content that could

Leon Wimmenhoeve December 14, 2022

Configuring the Content Security Policy

To enable a Content Security Policy in Really Simple Security Pro, start by navigating to Security -> Settings (in the top menu bar) -> Security Headers -> Content Security Policy. Getting started with the Content Security Policy #1: Upgrade-Insecure-Requests If your site is working correctly over SSL/HTTPS, you should enable the “Upgrade Insecure Requests” slider to ensure that all requests made to your site are performed over HTTPS (even if their links do not explicitly specify “https://“). #2: Frame Ancestors

Leon Wimmenhoeve November 4, 2022

Configuring the Permissions Policy

The permissions policy controls which browser features can be used on your website. This is true for both your own content, or embedded content. If you do not use certain browser features, it is strongly advised to fully disallow these features. NB. The Geolocation API can still be used in some instances whereby a map is embedded a geolocation is used to center the map for example. Please make sure you test your website afterwards. Which option to choose? For

Leon Wimmenhoeve November 2, 2022

Recent

Configuring Really Simple Security with WP-CLI

How to Fix The “Link you followed has Expired” error on WordPress

404 Not Found errors detected on your homepage

Protecting site visitors with Security Headers

Hardening your website’s security

Why WordPress is (in)secure

Staying ahead of vulnerabilities

Our journey towards Really Simple Security

Categories

Most popular