The REST API came with big hopes for modernizing and improving WordPress performance. I’m a huge fan, but if you don’t understand how the API works, it can lead to mistakes that end in big security holes for your site, especially if you’re not a developer. In this post, I want to share some of […] View original post at …
How To Make Money Offering A WordPress Maintenance Service
How would you like an extra $100-$300+ per client every month? If your WordPress development, design or marketing business isn’t offering a WordPress site maintenance package you’re missing out on a huge opportunity. Give your clients peace of mind and spare them the horror they would suffer if left to their own devices, all while […] View original post at …
Make Your WordPress Sites 100% Immune To Phishing
Google recently made a splash in the security scene when they announced none of their 85,000+ employees have been successfully phished on their work-related accounts since early 2017. It’s the kind of magic sauce we all long to boast about for our clients’ WordPress sites. What was the secret to Google’s success and how can […] View original post at …
Defender 2.0, Forced 2FA, New Tweaks And “We’ll Clean Up Your Site!”
Defender 2.0 is now available including forced Two-Factor Authentication by user role and a new XML-RPC disabler. Big news, I know…but the real stunner comes as a new members-only service upgrade. WPMU DEV security experts will now restore and clean up your site after it’s been hacked! Defender has already been downloaded half a million […] View original post at …
Should You Start an Anonymous Blog? 8 Reasons to Consider It (And 8 Not To)
There’s no doubt about it: we’re living in a world of over-sharers. Bloggers, social media users, celebrity influencers… It seems like everyone wants to be a Kardashian these days; to give the world a close-up look into what’s happening behind the scenes of their lives or to share every thought that’s running through their head. […] View original post at …
Why Not All Password Managers are Secure and What to Do About It
With over 30 million monthly brute force attacks, it’s crucial to use strong passwords everywhere. But creating and remembering unique strong passwords across all your accounts can feel like an impossible task. A password manager can help… or can it? While using and enforcing strong passwords is strongly recommended especially on your WordPress website, not […] View original post at …
Everything You Wanted to Ask a GDPR Expert but Were Afraid to Ask
If you’re like 99.9% of developers, site managers, agencies and freelancers, the last thing on your list of priorities for the past 2 years has been GDPR compliance. You have a million other tasks on your plate and dumping energy into government regulated data protection laws seems like a complete waste of energy. Especially when […] View original post at …
WordPress 4.9.5 Squashes 25 Bugs
WordPress 4.9.5 is available for download and is a maintenance and security release. WordPress 4.9.4 and earlier versions are affected by three security issues. The following security hardening changes are in 4.9.5. Localhost is no longer treated as the same host by default. Safe redirects are used when redirecting the login page if SSL is forced. Versions strings are correctly …
Why Two-Factor Authentication Isn’t Always Totally Secure
In 15 minutes, you can lose your phone service, identity and money. All it takes is insecure two-factor authentication and human error. Two-factor authentication is an additional method of security that’s used to supplement your login credentials on websites that have it enabled. It requires you to confirm you’re logging in with a physical device […] View original post at …
Let’s Encrypt Wildcard Certificates Are Now Available
In July of last year, Let’s Encrypt announced that it would begin issuing Wildcard certificates for free in January of 2018. Although a little late, the organization has announced that Wildcard certificate support is now live. In addition to these certificates, the organization has updated its ACME protocol to version 2.0. ACMEv2 is required for clients that want to use …