Make Your WordPress Sites 100% Immune To Phishing

Google recently made a splash in the security scene when they announced none of their 85,000+ employees have been successfully phished on their work-related accounts since early 2017. It’s the kind of magic sauce we all long to boast about for our clients’ WordPress sites. What was the secret to Google’s success and how can […] View original post at …

Defender 2.0, Forced 2FA, New Tweaks And “We’ll Clean Up Your Site!”

Defender 2.0 is now available including forced Two-Factor Authentication by user role and a new XML-RPC disabler. Big news, I know…but the real stunner comes as a new members-only service upgrade. WPMU DEV security experts will now restore and clean up your site after it’s been hacked! Defender has already been downloaded half a million […] View original post at …

Should You Start an Anonymous Blog? 8 Reasons to Consider It (And 8 Not To)

There’s no doubt about it: we’re living in a world of over-sharers. Bloggers, social media users, celebrity influencers… It seems like everyone wants to be a Kardashian these days; to give the world a close-up look into what’s happening behind the scenes of their lives or to share every thought that’s running through their head. […] View original post at …

Why Not All Password Managers are Secure and What to Do About It

With over 30 million monthly brute force attacks, it’s crucial to use strong passwords everywhere. But creating and remembering unique strong passwords across all your accounts can feel like an impossible task. A password manager can help… or can it? While using and enforcing strong passwords is strongly recommended especially on your WordPress website, not […] View original post at …

WordPress 4.9.5 Squashes 25 Bugs

WordPress 4.9.5 is available for download and is a maintenance and security release. WordPress 4.9.4 and earlier versions are affected by three security issues. The following security hardening changes are in 4.9.5. Localhost is no longer treated as the same host by default. Safe redirects are used when redirecting the login page if SSL is forced. Versions strings are correctly …

Why Two-Factor Authentication Isn’t Always Totally Secure

In 15 minutes, you can lose your phone service, identity and money. All it takes is insecure two-factor authentication and human error. Two-factor authentication is an additional method of security that’s used to supplement your login credentials on websites that have it enabled. It requires you to confirm you’re logging in with a physical device […] View original post at …

New Plugin Makes WordPress Core Updates More Secure by Requiring Cryptographic Signature Verification

In 2016, WordFence published their findings of a vulnerability that could have compromised the servers that are used to send out WordPress updates. It turned out to be a complex, obscure vulnerability that ignited a conversation surrounding the security of api.wordpress.org and what could happen if the servers were compromised. One idea that was brought forth is to digitally sign …

Get the Most Out of Defender and Maximize WordPress Security

Anyone who owns, builds, manages, or hosts WordPress sites should be obsessed with security. It’s not that WordPress isn’t a safe platform to build websites with. It’s just that, being the most popular and widely used CMS in the world, WordPress is an easy target for hackers. This is why WordPress blogs can’t and shouldn’t […] View original post at …