WordPress Security

The Dangers of Unlicensed WordPress Plugins and Themes – WordPress Website Design Article

One of the greatest things about WordPress is the open source community behind it. Thanks to the multitude of plugins and themes available, even the most basic of users can create and deploy a WordPress site with ease.Through this beautiful ecosystem that empowers people to build amazing websites, several businesses have also flourished. Premium plugins like Gravity Forms and Easy Digital Downloads have even created niche communities inside the broader WordPress community.The Benefits and Drawbacks of WordPress’ Open Source EcosystemWordPress…

Read More

WordPress Vulnerability Roundup: March 2020, Part 1 – WordPress Website Design Article

Written by Michael Moore on March 11, 2020 Last Updated On March 11, 2020 New WordPress plugin and theme vulnerabilities were disclosed during the first half of March, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into four different categories: WordPress coreWordPress pluginsWordPress themes WordPress…

Read More

Pagely Security Updates: Feb 2020 – WordPress Website Design Article

WordPress CoreNo notable WordPress core security releases.Plugin/Theme Vulnerabilities of NoteDuplicator PluginThe Duplicator and Duplicator-Pro plugins both contained a vulnerability that allowed attackers to make a single request to a website, and be able to download arbitrary files from the WordPress website. It is being reported that attackers are actively using this vulnerability, attempting to download files like wp-config.php; which contains the database credentials and secret encryption salts/keys for a hosted WordPress application.Pagely customers who have not opted out received an…

Read More

Sucuri vs Wordfence: WordPress Security Plugins Showdown – WordPress Website Design Article

WordPress security is like a ticking time bomb. You can never know when it’ll go off. Thousands of WordPress sites get hacked every day. It’s a serious issue that should be nipped in the bud before it blossoms into a menacing threat! There are two major ways to protect your WordPress site: first, opt for a secure hosting service with a proven track record of following industry best practices. Second, beef up your site’s security with a dedicated third-party security…

Read More

How to Prevent a DDoS Attack on Your WordPress Site (6 Key Tips) – WordPress Website Design Article

Usually, an uptick in web traffic is a desirable outcome for your brand. However, you may not anticipate your site being suddenly flooded by thousands of simultaneous requests, causing it to crash. Unfortunately, this is exactly what happens during a Distributed Denial of Service or ‘DDoS’ attack on a WordPress site. Fortunately, like most cybersecurity threats, there are steps you can take to minimize the chances of a DDoS attack on your WordPress site. Implementing a protection plan can help…

Read More

Pagely Security Updates: Jan 2020 – WordPress Website Design Article

WordPress Security and Maintenance Releases: 5.2.4, 5.3.1, and 5.3.2Pagely customers were spared issues from bugs introduced in the 5.3.0 release as, due to the proximity to the holidays, we didn’t upgrade our customers to 5.3 until early January. All Pagely customers received security patches for vulnerabilities identified in WordPress Core before 5.2.4 for the 5.2 branch and 5.3.1 for the 5.3 branch.4 vulnerabilities found in WordPress Core:Privilege Escalation (allowing any user to “sticky” a post)XSS (Cross Site Scripting) Stored in…

Read More

A Guide to iThemes Security Pro Lockouts – WordPress Website Design Article

iThemes Security Pro lockouts are a way to harden your website against external attacks, including WordPress brute force attacks. In this guide, we’ll cover iThemes Security Pro lockouts and how to use them. Keep reading for tips to avoid the dreaded lockout screen (in case you or your client has accidentally locked yourself out of your website) and how to release the lockout if it’s triggered. (Locked out? Get the release lockout solution now!) What Types of iThemes Security Pro…

Read More

iThemes Security Setup Essentials (January 2020) – WordPress Website Design Article

iThemes Security Pro has a multitude of settings to help you secure your WordPress website. In this webinar, iThemes Associate Product Manager Michael Moore provides in-depth explanations of each security feature and a walkthrough of how to customize iThemes Security Pro for your needs. Watch the Video: How To Set Up the iThemes Security Plugin on Your WordPress Website A WordPress security plugin like iThemes Security Pro adds an important extra layer of security to your website. To make setup…

Read More

The 5 Best WordPress User Profile Plugins for 2020 – WordPress Website Design Article

Last Updated on December 11, 2019We’re all witnesses to the immense power of social media. We’ve seen how tightly knit and well organized online communities can affect the real world, create global movements, and even influence political opinions. Not to mention the wonders they can do for budding brands through word-of-mouth promotion. But social media isn’t just Facebook, Instagram, and Twitter. In fact, any business can create its own online community. All it takes is a good WordPress user profile…

Read More

A 10-Point Website Security Audit – WordPress Website Design Article

If you are running an online store, you are likely to see a steep increase in traffic during the holiday season. With new customers entering their payment information and personal addresses onto your website, it’s more important than ever to secure your online store in preparation for the holidays. November and December are the busiest shopping months of the year, which makes any downtime related to a hack or security breach more expensive than any other time of year. Your…

Read More

The Short History of Unauthenticated Site Options Update Vulnerabilities – WordPress Website Design Article

2019 is coming to an end. Over the last year Pagely’s security team noticed a trend in WordPress related attacks targeting unauthenticated changes to a WordPress website’s options table. The attack is specific to WordPress, but in its boiled down essence, this vulnerability would fall under Broken Access Controls/Elevation of Privilege (OWASP Top 10, 2017 A5). In laypersons terms: the application lacks proper authorization checks before performing a sensitive action.Over the course of the year, reports of unauthenticated site option…

Read More

The Comprehensive Guide to WordPress Security in 2019 – WordPress Website Design Article

The benefits of this WordPress security guide are two fold:Learn exactly what you need to know about WordPress security in 2019.Understanding WordPress security helps you adopt a security-oriented mindset that will help you prevent and mitigate risks as you make day-to-day decisions.Get actionable, step-by-step instructions for securing your WordPress site.The steps you need to take aren’t particularly time-consuming, don’t require advanced technical knowledge, and the linked guides are vetted for clarity and completeness.Of course, it’s impossible to cover every possible…

Read More

Pagely Security Updates – Pagely® – WordPress Website Design Article

This article covers our public notifications related to major security issues our clients and the WordPress community should know about. We are always focused on prevention and the mitigation of risk to our clients, and keeping you updated here is part of that process.WordPress 5.2.4 Security ReleaseOctober 15th, 2019Secure WordPress FastSix VulnerabilitiesSecured by this Patch.The WordPress.org core team has released WordPress 5.2.4, a security release addressing six vulnerabilities from XSS to viewing unauthorized posts.Pagely staff have already begun applying patches…

Read More

WordPress Vulnerability Roundup: September 2019, Part 2 – WordPress Website Design Article

Several new WordPress plugin and theme vulnerabilities were disclosed during the last half of September, so we want to keep you aware. In this post, we cover recent WordPress plugin and theme vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. We divide the WordPress Vulnerability Roundup into four different categories: 1. WordPress core 2. WordPress Plugins 3. WordPress Themes 4. Breaches From Around the Web *We include breaches from…

Read More

2 Popular Ways to Backup WordPress Blog (+ Best Backup Plugins) – WordPress Website Design Article

When we work online, the problem comes without knocking our door. Being a blogger from last 4 years, I know the importance of taking timely backup of my blog. As WordPress runs on a web hosting, there are many possible issues which can come with your blog, anytime. Like – Your hosting company might shut down. Your hosting company suspects your WordPress blog for high memory usage. A hacker hacks your blog. You accidentally delete or corrupt your WordPress database…

Read More

8 WordPress Security Infographics to Download & Share – WordPress Website Design Article

Love infographics? We do, too! From WordPress security basics to how to secure your website, we have 8 WordPress security infographics for you to download and share. It feels like every week there’s another security breach in the news. It can cause panic, especially when we think website security has to be complicated. But protecting your WordPress website doesn’t have to be hard. WordPress security is easier than you think. In this infographic, we cover the five ways to secure…

Read More

WordPress Security Tricks to Keep Your Business Website Safe – WordPress Website Design Article

With the increasing number of companies and business using digital marketing techniques to grow, cybersecurity is one of the rising concerns that should be taken good care of not only to protect sensitive business information but customer data as well. Appealing web design and quality content don’t make sure a website is secure, but one must need to take some essential steps to ensure the website’s security. It’s essential for businesses to make their websites safe and secure to browse…

Read More

New! Never Miss a Critical Security Alert with the New Message Center in iThemes Security Pro – WordPress Website Design Article

With the release of iThemes Security Pro 6.0, we have added some subtle improvements and another way for you to stay current on the security health of your WordPress website with a new Security Admin Message Menu. Current iThemes Security Pro, Plugin Suite & Toolkit customers will find version 6.0.0 of the iThemes Security Pro plugin available as an automatic update from your WordPress dashboard (for licensed sites) or as a manual download from the iThemes Member Panel. Save time…

Read More

WordPress Vulnerability Roundup – End of May 2019 – WordPress Website Design Article

New WordPress plugin vulnerabilities have been disclosed this month. 1. WordPress core 2. WordPress Plugins 3. WordPress Themes 4. Breaches From Around the Web *We include breaches from around the web because it is essential to also be aware of vulnerabilities outside of the WordPress ecosystem. Exploits to server software can expose sensitive data. Database breaches can expose the credentials for the users on your site, opening the door for attackers to access your site. WordPress Vulnerabilities There haven’t been…

Read More

What is 2 Factor Authentication and How Can It Be Useful? – WordPress Website Design Article

You may have heard how important 2 factor authentication (also known as two-factor authentication or 2FA) is for securing your online accounts. Don’t be embarrassed if you find yourself asking “What is 2 factor authentication?” Don’t worry, not knowing puts you in a large group of users. By the end of this post, you will be a 2 factor authentication expert. In this post, we’ll explain what 2 factor authentication is and what the different methods of 2fa are. You…

Read More

Why Hiding Your WordPress Version Isn’t Enough – WordPress Website Design Article

If you are a website owner currently using WordPress as your CMS, it’s likely that the exceptional security features baked into WordPress played a key role in this decision. After all, the platform is the biggest and most commonly used CMS solution on the internet, and has provided users with secure, open source CMS capabilities for over 15 years. Despite the plethora of protective elements included with WordPress, it would be very naïve to think that your website is invincible.…

Read More

WordPress Vulnerability Roundup – April 2019 – WordPress Website Design Article

Unfortunately, April 2019 was a busy month for WordPress vulnerabilities. You don’t need to worry because our vulnerability roundup has you covered with what you need to know. We are going to cover what the exploits are and how they can affect you. We’ve divided the vulnerabilities up into three different categories: WordPress Plugins WordPress Themes Breaches From Around the Web We’re including breaches from around the web because it is important to also be aware of vulnerabilities outside of…

Read More

WordPress Vulnerability Roundup – Mid-May 2019 – WordPress Website Design Article

New WordPress plugin vulnerabilities have been disclosed this month. We divide the WordPress Vulnerability Roundup into four different categories: WordPress WordPress Plugins WordPress Themes Breaches From Around the Web We include breaches from around the web because it is essential to also be aware of vulnerabilities outside of the WordPress ecosystem. Exploits to server software can expose sensitive data. Database breaches can expose the credentials for the users on your site, opening the door for attackers to access your site.…

Read More

The Vital Role Of Logs In WordPress Security – WordPress Website Design Article

This is the third article in a 3 part series on the use of activity logs in WordPress.Read the first article here.Read the second article here. This is the last part of the three article series about how activity logs can help WordPress site administrators. In the first article we have seen how, with a WordPress activity log, you can improve user accountability and tick some compliance check boxes on your WordPress site. In the second article of this series…

Read More

Common WordPress Security Issues & How to Secure Your Site • WPShout – WordPress Website Design Article

Last night I was invited to speak at the Boulder WordPress meetup. My friend Angela drew a big crowd, and they listened intently to me talking a little too long about WordPress security vulnerabilities and what you can do to protect your WordPress site. That talk, like this article, is focused on protecting WordPress users and site-owners from common security problems. I have a whole other course about what WordPress developers should do to keep WordPress secure. This article will…

Read More

Breathe Freely! Your Security with WPMU DEV is Stronger Than Ever – WordPress Website Design Article

Is WordPress security a big deal to you and your clients? Why would I ask such a silly question? Because our security suite has new superpowers including Defender location-based IP blocking and Automate Safe Upgrade scans…now on up to 5 pages. What’s the WPMU DEV Security Suite, you Ask? We’ve built a fierce set of WordPress protectors to help ward off core, plugin, and theme attacks, minimize downtime, clear blacklisting, and backups that restore your services in case of emergency.…

Read More

2 Popular Ways to Backup WordPress Blog (+ Best Backup Plugins) – WordPress Website Design Article

When we work online, the problem comes without knocking our door. Being a blogger from last 4 years, I know the importance of taking timely backup of my blog. As WordPress runs on a web hosting, there are many possible issues which can come with your blog, anytime. Like – Your hosting company might shut down. Your hosting company suspects your WordPress blog for high memory usage. A hacker hacks your blog. You accidentally delete or corrupt your WordPress database…

Read More

Hello, Hackers! Best Practices for WordPress Security – WordPress Website Design Article

When talking about WordPress security, it feels like we’re left with 2 choices, devastating paranoia or ignorant bliss. With all the news of our personal information, usernames, passwords, and identities getting jacked and sold on the dark web, the topic of web security to a noobie sounds impossible. But after falling hard into the deep end of web security, I’ve discovered some “not-so-common-sense” WordPress security best practices and pro tips (literally I talked to a pro) to help put your…

Read More

5 Best Secure Hosts Compared (2019) – WordPress Website Design Article

Getting hacked is every blogger’s worst nightmare. Isn’t that true? While there are many things you can do to secure your WordPress site using plugins and simple tweaks, one of the best ways to prevent security lapses is to choose a secure WordPress hosting from the beginning. Most hosts advertise something about their security as a general rule of thumb, but not all hosts are equal when it comes to securing your WordPress site. To help you find the most…

Read More