Can your WordPress website users damage your business?

Can your employees be a threat? Yes, quite possibly, but in the main unwittingly. I wrote recently on the statistics which highlight the biggest source of WordPress vulnerabilities. However, another sizeable constituent part of your infrastructure is equally vulnerable, if not more so, and which we all too often overlook ... Read More
WordPress nulled plugins

WordPress security & hardening, the definitive guide

WordPress is massively popular. Around every one in five sites on the Internet uses WordPress in some form. Be that to run a humble blog, or a multi-site Content Management System (CMS) or eCommerce site. As a result, it is no surprise that WordPress websites are a very popular target ... Read More
Man in the middle attack

Hacking WordPress websites & stealing WordPress passwords

A detailed explanation of how attackers use Man-in-the-Middle (MitM) to hack WordPress websites and login credentials. This article is for educational purposes only. Like any other web application with a login form, WordPress submits your username and password in an HTTP request when logging in. By default, HTTP is not ... Read More
WordPress file permissions: the guide to configuring secure website & web server permissions

WordPress file permissions: the guide to configuring secure website & web server permissions

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions. It is crucial to get file permissions right. Setting incorrect file permissions can open your website up for ... Read More

The WordPress security process; Test, Harden, Monitor, Improve

WordPress security is not unlike many other areas of IT security. It’s not a one time fix. It is something that is never actually finished. Whilst there are several steps you can take to improve your WordPress security, your site and business requirements will change. So adopting a point-in-time security ... Read More
Fingerprinting plugins with WPScan

Penetration testing for WordPress websites

WordPress powers a lot of websites on the Internet. So it’s no surprise that seasoned attackers and “script-kiddies” like to target WordPress websites. Whether you’re a webmaster, or a security professional, when tasked with assessing the security posture of a WordPress website, it tends to help to be aware of ... Read More
Why your WordPress e-commerce solution has to be secure (and how to do it)

Why your WordPress e-commerce solution has to be secure (and how to do it)

There’s plenty you need to do to ensure your e-commerce store offers the best possible User Experience (UX). This means keeping WordPress and all other software up-to-date, optimizing your store, and of course, ensuring it’s safe to use and secure. By safe to use, we mean making your best to ... Read More

Configuring WordPress automatic updates

This WordPress tutorials explains how you can configure the WordPress automatic update to ensure that your websites and blogs always run on the latest, most stable and secure WordPress version. It also explains how to enable automatic updating of WordPress plugins and theme. The post Configuring WordPress automatic updates appeared ... Read More
Two-Factor Authentication for WordPress

Top reasons why WordPress websites get hacked (and how you can stop it)

Hacking is the process of finding flaws in a system, and exploiting them to bypass security controls. ‘Ethical’ hackers use this process to learn about a system and find its weaknesses. However, malicious or ‘black hat’ hacking is also common. It is often used to break into websites. There are ... Read More
List of installed plugins on a WordPress website

How to Manually Deactivate WordPress Plugins

Plugins are a great aspect of using WordPress. However, at some point, you’ll need to uninstall or deactivate a plugin for one reason or another. This might present a problem, in that, the default method for deactivating WordPress plugins might not be always available. For example, to fix an issue ... Read More