WordPress 4.9.5 Squashes 25 Bugs

WordPress 4.9.5 is available for download and is a maintenance and security release. WordPress 4.9.4 and earlier versions are affected by three security issues. The following security hardening changes are in 4.9.5. Localhost is no longer treated as the same host by default. Safe redirects are used when redirecting the login page if SSL is forced. Versions strings are correctly …

Why Two-Factor Authentication Isn’t Always Totally Secure

In 15 minutes, you can lose your phone service, identity and money. All it takes is insecure two-factor authentication and human error. Two-factor authentication is an additional method of security that’s used to supplement your login credentials on websites that have it enabled. It requires you to confirm you’re logging in with a physical device […] View original post at …

New Plugin Makes WordPress Core Updates More Secure by Requiring Cryptographic Signature Verification

In 2016, WordFence published their findings of a vulnerability that could have compromised the servers that are used to send out WordPress updates. It turned out to be a complex, obscure vulnerability that ignited a conversation surrounding the security of api.wordpress.org and what could happen if the servers were compromised. One idea that was brought forth is to digitally sign …

Get the Most Out of Defender and Maximize WordPress Security

Anyone who owns, builds, manages, or hosts WordPress sites should be obsessed with security. It’s not that WordPress isn’t a safe platform to build websites with. It’s just that, being the most popular and widely used CMS in the world, WordPress is an easy target for hackers. This is why WordPress blogs can’t and shouldn’t […] View original post at …