Security

4 Privacy Focussed Analytics Plugins for WordPress – WordPress Website Design Article

Looking for an alternative to Google Analytics for your website? Then you might like to find out more about the following WordPress plugins. Whether we like it or not, when we’re online, we’re subjected to countless methods of tracking how we interact with a website. As well as how we arrived at the website, paths we’re taking and a lot more besides. With the advent of GDPR (if you’re in the EU) things are tough for website owners, complying with laws…

Read More

Delivering Enterprise-Grade Security for All – WordPress Website Design Article

Cybersecurity continues to pose a challenge for businesses (and websites) of all sizes, and today, organizations face an evolving list of security threats and concerns. Businesses that fail to secure their digital experiences are increasingly vulnerable to attack from a growing number of bad actors, and the fallout from a security breach can expand well beyond the breach itself, including a negative impact on brand reputation, revenue, and an increase in customer churn. With distributed denial-of-service (DDoS) attacks becoming more…

Read More

Consequences of Not Updating Your WordPress Website – WordPress Website Design Article

Do you see update notifications on your WordPress dashboard and choose to ignore them? Did you know using outdated WordPress installations allows hackers to exploit your website?  According to WordPress statistics, only 36% of users have the latest version installed (as of February 2020). Many website owners choose to defer installing updates to their WordPress website for several reasons. Some may feel updates come too frequently or they cause problems to their site. But not updating your website invites a…

Read More

A Guide to iThemes Security Pro Lockouts – WordPress Website Design Article

iThemes Security Pro lockouts are a way to harden your website against external attacks, including WordPress brute force attacks. In this guide, we’ll cover iThemes Security Pro lockouts and how to use them. Keep reading for tips to avoid the dreaded lockout screen (in case you or your client has accidentally locked yourself out of your website) and how to release the lockout if it’s triggered. (Locked out? Get the release lockout solution now!) What Types of iThemes Security Pro…

Read More

5 Best Website Security Check Tools – WordPress Website Design Article

Looking for the best website security check tool? Want to make sure that your website is safe and doesn’t suffer from any potential vulnerabilities that might cause issues in the future? You’re in the right place. You know that website security is important – but how do you tell whether your website is secure or not? That’s what the following tools can help with. Better yet, almost all of the tools on our list are free. And the one tool…

Read More

News – WordPress 5.3.1 Security and Maintenance Release – WordPress.org – WordPress Website Design Article

WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.1 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now. If you have sites that support automatic background updates, they’ve already started the update process. Security updates Four…

Read More

You’re Being Tracked Online: Here’s How – WordPress Website Design Article

If you use the internet regularly, you’re likely aware that you’re being tracked. From your search engine queries to the time you spend on certain websites, your digital activity is being monitored or recorded. Website tracking is often employed by advertising networks for ad-targeting. You’ve probably noticed that after you shop on an e-commerce website, you get ads for the very products you looked at or similar ones on other websites. That is website tracking in action. How, though, is…

Read More

Validate CSP from Command Line – Website Design Article

The content security policy spec has been an amazing front-end security tool to help prevent XSS and other types of attacks. I’d go as far to say that every site should implement as specific CSP as possible. If you aren’t familiar with CSPs, here’s a quick example: Content-Security-Policy: default-src ‘self’; img-src *; media-src media1.com media2.com; script-src userscripts.example.com If a linked resource or content on the page doesn’t pass a given CSP rule, it wont be loaded. Of course getting a…

Read More

Upgrading Navigations to HTTPS, Sale of .org Domains, New Browser Engine – Website Design Article

In this week’s roundup: DuckDuckGo gets smarter encryption, a fight over the sale of dot org domains, and a new browser engine is in the works. Let’s get into the news! DuckDuckGo upgrades and open-sources its encryption DuckDuckGo has open-sourced its “Smarter Encryption” technology that enables upgrading from HTTP to HTTPS, and Pinterest (a popular social network) is already using it for outbound traffic — when people navigate from Pinterest to other websites — with great results: Their outbound HTTPS…

Read More

Privacy Protection with VPN » Protect Your Privacy When Traveling – WordPress Website Design Article

Today, creators of online content can work from anywhere in the world. Travel bloggers and owners of sites manage their projects while on the move. They find it essential to be online and reachable 24/7, and the Internet allows it. But aside from the convenience, it brings its own special threats. Awareness is key. Whether you have your own blog or not, you have to be aware of the numerous dangers lurking online, and the common vulnerabilities of users. Check…

Read More

News – WordPress 5.2.4 Update – WordPress.org – WordPress Website Design Article

Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution. Simon has done a great deal of work on the WordPress project, and failing to mention his contributions is a huge oversight on our end. Thank you to all of the reporters for privately disclosing vulnerabilities, which…

Read More

Defend Your WordPress Website Against Brute-Force Attacks – Website Design Article

Whether you’re fairly new to WordPress or an experienced developer, you might be surprised at just how often your websites are under attack. You might also be wondering who, or what, is carrying out this type of activity – not to mention why they’d target you. The answers are simple. In most cases, the bad actor is an automated bot. And you’re being targeted simply because you happen to be running WordPress. As the most popular Content Management System (CMS)…

Read More

Pagely Security Updates – Pagely® – WordPress Website Design Article

This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of risk to our clients, and keeping you updated here is part of that process.WordPress 5.2.4 Security ReleaseOctober 15th, 2019Secure WordPress FastSix VulnerabilitiesSecured by this Patch.The WordPress.org core team has released WordPress 5.2.4, a security release addressing six vulnerabilities from XSS to viewing unauthorized posts.Pagely staff have already begun applying patches…

Read More

News – WordPress 5.2.3 Security and Maintenance Release – WordPress.org – WordPress Website Design Article

WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions of 5.0 and earlier that fix the bugs for you. Security Updates Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first,…

Read More

15 Tips for WordPress Security Without Plugins – Website Design Article

How to increase WordPress security is probably the most widely discussed topic in different WordPress-related forums. You can choose from many great security plugins for sure, however there are also a handful of great tips that don’t require any third-party tools but can remarkably increase security on your WordPress site. Some of these best practices can be easily performed from the WordPress admin, while others can be completed from the cPanel of your hosting account or by editing two configuration files:…

Read More

WordPress Vulnerability Roundup – April 2019 – WordPress Website Design Article

Unfortunately, April 2019 was a busy month for WordPress vulnerabilities. You don’t need to worry because our vulnerability roundup has you covered with what you need to know. We are going to cover what the exploits are and how they can affect you. We’ve divided the vulnerabilities up into three different categories: WordPress Plugins WordPress Themes Breaches From Around the Web We’re including breaches from around the web because it is important to also be aware of vulnerabilities outside of…

Read More

What Is SSL? Like, Really… Plus How to Get It Installed on WordPress – WordPress Website Design Article

What is SSL? Like, really… Okay, so you know what SSL stands for. That would be, “Secure Sockets Layer.” In simple terms, SSL is used to encrypt the connection between a website and its visitor. When this encryption takes place, it means that only that specific website and that specific visitor can read the information they’re sending back and forth. Without the SSL in place, virtually anyone can eavesdrop on the data transfer. And I do mean anyone! The traditional…

Read More

The Vital Role Of Logs In WordPress Security – WordPress Website Design Article

This is the third article in a 3 part series on the use of activity logs in WordPress.Read the first article here.Read the second article here. This is the last part of the three article series about how activity logs can help WordPress site administrators. In the first article we have seen how, with a WordPress activity log, you can improve user accountability and tick some compliance check boxes on your WordPress site. In the second article of this series…

Read More

Malicious Code Found in pipdig Themes – WordPress Website Design Article

Last week, we briefly mentioned the malicious code found in pipdig theme’s Pipdig Power Pack helper plugin. This week, we have more news on that subject, and we also collected some of the best pipdig theme alternatives if you find yourself suddenly needing to switch themes. Beyond that, Wordfence detailed a zero-day vulnerability in the Yellow Pencil plugin, and WooCommerce rolled back their marketplace suggestions. Let’s get to all of this week’s news… WORDPRESS NEWS AND ARTICLES TUTORIALS AND HOW-TOS…

Read More

Hello, Hackers! Best Practices for WordPress Security – WordPress Website Design Article

When talking about WordPress security, it feels like we’re left with 2 choices, devastating paranoia or ignorant bliss. With all the news of our personal information, usernames, passwords, and identities getting jacked and sold on the dark web, the topic of web security to a noobie sounds impossible. But after falling hard into the deep end of web security, I’ve discovered some “not-so-common-sense” WordPress security best practices and pro tips (literally I talked to a pro) to help put your…

Read More

Pipdig Updates P3 Plugin after Reports Expose Vendor Backdoors, Built-in Kill Switch, and Malicious DDoS Code – WordPress Tavern – WordPress Website Design Article

Over the weekend, Pipdig, a small commercial theme company, has been at the center of a scandal after multiple reports exposed a litany of unethical code additions to its Pipdig Power Pack (P3) plugin. On Friday, March 29, Wordfence threat analyst Mikey Veenstra published a report with code examples of the backdoors Pipdig built into their plugin, along with some unsavory and questionable additions to the code. “We have confirmed that the plugin, Pipdig Power Pack (or P3), contains code…

Read More

7 Easy Ways to Secure Your WordPress Website from Brute Force Attacks – WordPress Website Design Article

A brute force attack is one of the most basic types of cyber attacks which aims at gaining access to websites and applications by repeated trial-and-error and guessing of login credentials. The attackers typically employ automation software which sends a large number of requests to the target system. With each request, the software tries to guess the information needed to break in, like username and password. By using different IP addresses, such malicious tools can also disguise themselves. This makes…

Read More

Converting to http to https and Google – WordPress Website Design Article

I recently switched over from a non secure to a secure site. Do I need to submit a new sitemap to Google? Is there anything else I need to do. I am hosted by Bluehost and they helped me with the transition. www.lindemancollective.com This is only a snippet of a WordPress Website Design Article written by Craig Lindeman Read Full Article

Read More

How to Secure a Website With the ‘Holy Trinity’ of Site Security – WordPress Website Design Article

No matter how large or small your site is, or what niche it occupies, it’s likely to be the target for at least a few attacks over its lifespan. Protecting it is essential if you want to avoid losing data or seeing part of your site break. This means putting some careful thought into your site’s security provision. Many WordPress users simply install a single security plugin and think that’s enough to prevent malicious attacks. However, your site’s security plan…

Read More

WPWeekly Episode 349 – Sandy Edwards and the Kids Event Working Group Initiative – WordPress Tavern – WordPress Website Design Article

In this episode, John James Jacoby and I are joined by Sandy Edwards. Sandy gave us a behind the scenes look at what it takes to organize a WordPress event for children and teens. She also provides background information on a new group that’s been formed called the Kids Events Working Group. This group is responsible for setting the foundation for organizers to create and manage WordPress events geared towards children. John recaps his experience…

Read More

A Master Plan for Securing Your WordPress Website Against Threats – WordPress Website Design Article

Creating and maintaining a website on WordPress which is one of the most popular content management systems is a daunting task. But despite being so popular, it’s still vulnerable to online threats in some specific situations. So, the real challenge is how to protect your WordPress website from such threats? To explore the answer let’s take a look at the ten crucial strategies which can help you do the same. Make Sure To Use Two Factor Authentication Two-factor authentication is…

Read More

A Shifting Security Mindset I WP Engine Blog – WordPress Website Design Article

In the business world, cybersecurity has traditionally been viewed as a nice-to-have, rather than a mission-critical, organization-wide imperative. Transformation and growth simply haven’t shared the same conversation space as threat protection, privacy threats, and data breaches. In recent years, however, companies have begun to realize just how vulnerable they really are, and that they can no longer get by with simply fine-tuning existing security protocols and infrastructure as they innovate and modernize products and services. The growing intensity, sophistication, and…

Read More

Security Update: What You Need to Know – WordPress Website Design Article

FooGallery and FooBox have both been updated to address a potential security risk. Freemius recently notified us, as one of their customers, of a potential SDK security vulnerability. They went to work on the issue immediately and asked developers to do the same. The issue was quickly resolved on their side and ours, and our latest update will ensure that your site won’t be at risk. We must commend Vova and the Freemius team as to how they handled the…

Read More