From the very beginnings of WordPress, there have been features that allow you to interact remotely with your site. These same features build your community by allowing other bloggers to reference your posts. At the core of all of this is XML-RPC. XML-RPC, or XML Remote Procedure Call, powers these features in WordPress: Connecting to your site(s) with your smartphone Trackbacks …
How to Hide Your WordPress Login Page From Hackers and Brute Force
Running a WordPress website can feel like managing a magnet for malicious login attempts. Brute force attempts to log into WordPress are so common there’s a page in the Codex dedicated to the topic. There are many strategies for dealing with this problem, and the best strategy is to deploy multiple strategies. In this article, I’ll explain how I implement …
Privacy Checklist: 10 Tips for Protecting Visitors to Your WordPress Site
Businesses of all sizes—bloggers, SMBs, eCommerce companies, large enterprises, and more—understand the importance of having a website. Without it, a business is relegated to the more time – and labor – intensive (and not to mention outdated) method of increasing brand recognition and converting leads through cold calling and word-of-mouth. Plus, if your brand doesn’t have a website, you’re relying …
WP Mobile Detector Plugin Patched for Arbitrary File Upload Vulnerability, Exploits Ongoing
Researchers at Sucuri are reporting that the WP Mobile Detector plugin has been patched for an arbitrary file upload vulnerability that is being actively exploited in the wild. The plugin, which was temporarily removed from the WordPress Plugin Directory, had more than 10,000 active installs before the exploits began. According to Sucuri, the majority of compromised sites have been infected …
Adding Free SSL Certificate and HTTPS to WordPress with Let’s Encrypt and Certbot
Installing an SSL certificate on your domain is an essential step you should take to secure your WordPress site and now with Let’s Encrypt you can get one for free. An SSL certificate encrypts the connection between your site and your visitors’ browser so hackers can’t intercept and steal personal information. Normally, SSL certificates can be cumbersome to install and …
Jetpack 4.0.3 Patches a Critical XSS Vulnerability
Jetpack 4.0.3 is a security release that contains an important fix for a critical vulnerability that has been present in the plugin since version 2.0, released in 2012. According to Jetpack team member Sam Hotchkiss, a stored XSS vulnerability was found in the way that some Jetpack shortcodes are processed, which allows an attacker to insert JavaScript into comments to …
Help, I’ve Been Hacked! How to Troubleshoot and Fix a WordPress Site
Getting hacked is one of the most frustrating experiences you’ll face as a site admin. Unfortunately, even if you have bolstered your site’s defenses, about 30,000 sites are hacked daily and it’s likely your site will fall prey sooner or later. So it’s important you know what to do when that day comes. Fortunately, it’s possible to figure out exactly …
A Comprehensive Guide to Editing. htaccess for WordPress Security
The .htaccess file in your WordPress install is a powerful configuration file that you can use to override the settings on your web server to improve your site’s security and performance. Short for “Hypertext Access,”, you can edit the file and with the right commands, you can enable/disable extra functionality and features to protect your site from spammers, hackers and …
How to Scan Your WordPress Site and Patch Security Vulnerabilities
There are well over 7.5 million attacks on WordPress sites every hour so the probability of your site being attacked is almost guaranteed. Simply scanning your site for vulnerabilities, however, can help you keep nasty hackers at bay. Scanning your site will tell you how your site is vulnerable to attack so you can then take specific actions to patch any holes in your security. So …
Critical Vulnerabilities Found in PhpStorm, Immediate Update Advised
JetBrains announced today that it has released a security update for PhpStorm and all of its other IntelliJ-based IDEs due to a set of critical vulnerabilities: The cross-site request forgery (CSRF) flaw in the IDE’s built-in webserver allowed an attacker to access local file system from a malicious web page without user consent. Over-permissive CORS settings allowed attackers to use …