There’s no doubt about it: we’re living in a world of over-sharers. Bloggers, social media users, celebrity influencers… It seems like everyone wants to be a Kardashian these days; to give the world a close-up look into what’s happening behind the scenes of their lives or to share every thought that’s running through their head. […]
Why Not All Password Managers are Secure and What to Do About It
With over 30 million monthly brute force attacks, it’s crucial to use strong passwords everywhere. But creating and remembering unique strong passwords across all your accounts can feel like an impossible task. A password manager can help… or can it? While using and enforcing strong passwords is strongly recommended especially on your WordPress website, not […]
Everything You Wanted to Ask a GDPR Expert but Were Afraid to Ask
If you’re like 99.9% of developers, site managers, agencies and freelancers, the last thing on your list of priorities for the past 2 years has been GDPR compliance. You have a million other tasks on your plate and dumping energy into government regulated data protection laws seems like a complete waste of energy. Especially when […]
WordPress 4.9.5 Squashes 25 Bugs
WordPress 4.9.5 is available for download and is a maintenance and security release. WordPress 4.9.4 and earlier versions are affected by three security issues. The following security hardening changes are in 4.9.5. Localhost is no longer treated as the same host by default. Safe redirects are used when redirecting the login page if SSL is forced. Versions strings are correctly …
Why Two-Factor Authentication Isn’t Always Totally Secure
In 15 minutes, you can lose your phone service, identity and money. All it takes is insecure two-factor authentication and human error. Two-factor authentication is an additional method of security that’s used to supplement your login credentials on websites that have it enabled. It requires you to confirm you’re logging in with a physical device […]
Let’s Encrypt Wildcard Certificates Are Now Available
In July of last year, Let’s Encrypt announced that it would begin issuing Wildcard certificates for free in January of 2018. Although a little late, the organization has announced that Wildcard certificate support is now live. In addition to these certificates, the organization has updated its ACME protocol to version 2.0. ACMEv2 is required for clients that want to use …
New Plugin Makes WordPress Core Updates More Secure by Requiring Cryptographic Signature Verification
In 2016, WordFence published their findings of a vulnerability that could have compromised the servers that are used to send out WordPress updates. It turned out to be a complex, obscure vulnerability that ignited a conversation surrounding the security of api.wordpress.org and what could happen if the servers were compromised. One idea that was brought forth is to digitally sign …
Get the Most Out of Defender and Maximize WordPress Security
Anyone who owns, builds, manages, or hosts WordPress sites should be obsessed with security. It’s not that WordPress isn’t a safe platform to build websites with. It’s just that, being the most popular and widely used CMS in the world, WordPress is an easy target for hackers. This is why WordPress blogs can’t and shouldn’t […]
Do You Know Why Hackers Are Targeting Your WordPress Site?
As we discover better ways to secure WordPress websites, it’s easy to feel a bit more relaxed about the whole thing… which is both good and bad. It’s good because it means we trust the tools and services we’ve invested in to harden security in WordPress. It’s bad though when we mistakenly confuse the tightening […]
Scanning and Fixing Your WordPress Site for Free with WP Checkup
When it comes to your WordPress website, what you don’t know can hurt you or at least your website. Instead of taking that chance, you can get free scans and fixes with WP Checkup. Tracking your WordPress website regularly for issues is important. That’s how you can prevent major meltdowns of epic proportions or at […]