Protect your WordPress from Mass WordPress Brute Force Attacks
A WordPress brute force attack has been around and making the news the last couple of weeks. The botnet that is launching these brute force attacks is going around all of the WordPress blogs and...
View ArticleUse WordPress User Roles for Improved WordPress Security
WordPress is shipped with different WordPress users roles and capabilities and in a multi user WordPress blog or website it is important to only give the required permissions, or capabilities to users...
View ArticleVulnerability in WP Super Cache and W3 Total Cache
A very serious vulnerability (remote code execution) was discovered in two of the biggest WordPress caching plugins, WP Super Cache and W3 Total Cache (W3TC). Remote code execution “is used to describe...
View ArticleClik here to view.
Getting to Know WPScan WordPress Security Scanner
WPScan is a black box WordPress Security Scanner written in Ruby. Ideal for penetration testers, security professionals and WordPress administrators WPScan can find security weaknesses within a...
View ArticleHow to Hide the WordPress Version from the Generator Meta Tag
An out of the box installation of WordPress discloses the version number in the Generator meta tag. Therefore everyone who accesses your website knows what software you are running and which version....
View ArticleClik here to view.
Ensure Users Use Strong WordPress Passwords with WPScan
As a WordPress administrator or webmaster you are responsible for the security of the WordPress blog or website you manage. Most probably you’ve already done a lot to beef up the security, but what...
View ArticleClik here to view.
How to Enumerate WordPress Users with WPScan
WPScan WordPress Security Scanner can be used to enumerate the plugins installed on a target website, themes and also the WordPress users. You might need to enumerate a list of WordPress users for...
View ArticleDisable Theme and Plugin Editors in WordPress to Improve Security
WordPress administrators can use the Theme Editor and Plugin Editor in the WordPress dashboard to directly edit WordPress themes and plugin files. As a security measure it is recommended to disable the...
View ArticleClik here to view.
Generate a Self Signed SSL Certificate for HTTPS on Apache
As we’ve seen in the blog post Website SSL and HTTPS Explained, to encrypt HTTP traffic and access your website over HTTPS you need an SSL certificate. If you do not have the budget for an SSL web...
View ArticleClik here to view.
Self-Signed SSL Certificate VS Commercial SSL Certificate
As we have seen in a previous blog post, it is possible to generate a self-signed certificate for your Apache web server for free within minutes rather than buying a commercial SSL certificate. So why...
View ArticleHow to Hide the WordPress Version from the Generator Meta Tag
An out of the box installation of WordPress discloses the version number in the Generator meta tag. Therefore everyone who accesses your website knows what software you are running and which version....
View ArticleClik here to view.
Ensure Users Use Strong WordPress Passwords with WPScan
As a WordPress administrator or webmaster you are responsible for the security of the WordPress blog or website you manage. Most probably you’ve already done a lot to beef up the security, but what...
View ArticleClik here to view.
How to Enumerate WordPress Users with WPScan
WPScan WordPress Security Scanner can be used to enumerate the plugins installed on a target website, themes and also the WordPress users. You might need to enumerate a list of WordPress users for...
View ArticleDisable Theme and Plugin Editors in WordPress to Improve Security
WordPress administrators can use the Theme Editor and Plugin Editor in the WordPress dashboard to directly edit WordPress themes and plugin files. As a security measure it is recommended to disable the...
View ArticleWebsite SSL and HTTPS Explained
Website SSL (secure socket layer), or as many people know it HTTPS, is used mainly for identification and for encrypting HTTP traffic. In this series of SSL blog posts we will explain why you should...
View ArticleClik here to view.
Generate a Self Signed SSL Certificate for HTTPS on Apache
As we’ve seen in the blog post Website SSL and HTTPS Explained, to encrypt HTTP traffic and access your website over HTTPS you need an SSL certificate. If you do not have the budget for an SSL web...
View ArticleClik here to view.
Self-Signed SSL Certificate VS Commercial SSL Certificate
As we have seen in a previous blog post, it is possible to generate a self-signed certificate for your Apache web server for free within minutes rather than buying a commercial SSL certificate. So why...
View ArticleState of Security of WordPress Plugins
In June 2013 Checkmarx’s research lab did a one of a kind comprehensive source code audit to test the state of security of WordPress most popular plugins. Checkmarx’s identified that more than 20% of...
View ArticleClik here to view.
State of Security of WordPress Blogs and Websites
A recent WordPress security infographic shows that more than 170,000 WordPress sites were hacked in 2012. That is an increase of more than 18% when compared to the 144,000 hacked WordPress sites in...
View ArticleClik here to view.
Use Google Authenticator Plugin to Improve WordPress Security
Enable 2-Step Authentication on your WordPress The Google Authenticator WordPress security plugin is a very easy to configure WordPress security plugin that allows you to enable 2 step verification...
View Article