Password has been found in a data breach
You might have encountered the following warning when trying to create a new account on a WordPress website, or when changing the password of an existing account: “Warning: This password has been found in (X) data breaches. Please choose a different password.” This message appears due to an active security measure on the website where you tried to register, which is designed to prevent accounts from being hacked due to the use of previously breached credentials. What does this warning mean?
Preventing the use of compromised passwords
Re-using passwords that have previously been breached poses a significant security risk to the accounts on your WordPress website. It might allow a hacker to perform a successful credential stuffing attack, whereby they attempt using previously breached usernames and passwords to gain access to accounts on various websites. Really Simple Security now offers a powerful compromised password check feature to protect you against these types of attacks. This setting prevents users from using passwords that had previously been exposed in
Our journey towards Really Simple Security
Really Simple SSL has rebranded to Really Simple Security as of version 9.0. Rogier Lankhorst originally launched Really Simple SSL in 2015 as a simple and performant solution to migrate WordPress sites to HTTPS/SSL. Back in 2015, getting WordPress sites up and running over HTTPS/SSL was often a cause for headaches. Website owners had to configure various aspects such as enabling a (performant) redirect from http to https, getting rid of mixed content and account for server-specific variables; to adjust
Enable an efficient and performant firewall
If you’ve ever inspected the access logs of a live WordPress website before, you will undoubtedly have encountered requests from bots; scanning for potentially weak parts of the site that they can further try to exploit. This is where the Really Simple Security Firewall comes into play, which can lock out such malicious traffic from reaching your WordPress site. It can be used to swiftly block malicious actors that attempt to launch attacks against your site. In this article, we will
Suspected bots causing 404 errors
You might have received the following notice in your Really Simple SSL Dashboard about suspected bots triggering large numbers of “404 Not Found” errors on your site: This article explains why the plugin has built-in detection for large amounts of 404 pages being triggered, and the reasons why these are unlikely to be triggered by legitimate (human) visitors; but rather by bots. Finally, we will cover how to configure the Firewall in Really Simple SSL Pro to block bots that