WordPress Vulnerability Roundup: April 2020, Part 1

https://ithemes.com/wordpress-vulnerability-roundup-april-2020-part-1/

New WordPress plugin and theme vulnerabilities were disclosed during the first half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into four different categories: WordPress core WordPress plugins WordPress themes WordPress Core Vulnerabilities There haven’t been any disclosed WordPress vulnerabilities in 2020. WordPress Plugin Vulnerabilities Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested […]

WordPress Vulnerability Roundup: March 2020, Part 1

https://ithemes.com/wordpress-vulnerability-roundup-march-2020-part-1/

New WordPress plugin and theme vulnerabilities were disclosed during the first half of March, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into four different categories: WordPress core WordPress plugins WordPress themes WordPress Core Vulnerabilities There haven’t been any disclosed WordPress vulnerabilities in 2020. WordPress Plugin Vulnerabilities Several new WordPress plugin vulnerabilities have been discovered this month so far. Make sure to follow the suggested […]

7 WordPress Security Best Practices

https://ithemes.com/7-wordpress-security-best-practices/

As hacks and security breaches become more of a concern for anyone running a WordPress website, it’s important to know you can drastically improve your security by using a few WordPress security best practices. If you don’t already have a WordPress security strategy in place, this post will help you understand seven ways you can secure and protect your WordPress website. WordPress Security Best Practices 1. Use a strong password with the help of a password manager. 2. Two-Factor ALL THE THINGS. 3. Regularly change your WordPress salts. 4. Use secure file permissions. 5. Use sFTP whenever possible. 6. Use […]

Combat WordPress Brute Force Attacks with the iThemes Brute Force Protection Network – Free in iThemes Security

https://ithemes.com/combat-wordpress-brute-force-attacks-ithemes-brute-force-protection-network-free-ithemes-security/

A new way to combat WordPress Brute Force Attacks just arrived with the new iThemes Brute Force Protection Network. This new brute force protection setting is available in the latest version of iThemes Security — free to download on the WordPress.org Plugin Directory. Understanding Brute Force Attacks Unlike hacks that focus on vulnerabilities in software, brute force attacks exploit the simplest method of gaining access to a site: by trying usernames and passwords, over and over again, until it gets in. If one had unlimited time and wanted to try an unlimited number of password combinations to get into your site they […]

New One-Click WordPress Security Check in iThemes Security

https://ithemes.com/one-click-secure-site-wordpress-security-check/

The latest version of iThemes Security Pro (6.4.2) & iThemes Security Free (7.6.1) includes a new “one-click” WordPress Security Check for your WordPress site. The Security Check feature is designed to help save you time and ensure your site is using the recommended security settings. Features/Settings Enabled by Security Check With just one click of the “Secure Site” button, iThemes Security will enable and configure all the recommended security features and settings within the plugin. This table lists out the feature/setting and the benefits activated by the Security Check. Feature/Setting Benefit Banned Users Blocks specific IP addresses and user agents […]

New! Save Time Securing WordPress With User Groups

https://ithemes.com/new-save-time-securing-wordpress-with-user-groups/

The iThemes Security Pro plugin already helps you lock down your WordPress website down to the user-level with the User Security Check and User Logging features. Today, we are excited to roll out the New User Groups feature gives you the power to enforce the right level of security for the right people. Introducing User Groups: The Right Amount of Security for The Right People There is a balance of restriction and usability that you must strike when implementing a security strategy. Using the new User Groups, you can create a group of everyone who can make changes to your […]

A Guide to iThemes Security Pro Lockouts

https://ithemes.com/ithemes-security-pro-lockouts-guide/

iThemes Security Pro lockouts are a way to harden your website against external attacks, including WordPress brute force attacks. In this guide, we’ll cover iThemes Security Pro lockouts and how to use them. Keep reading for tips to avoid the dreaded lockout screen (in case you or your client has accidentally locked yourself out of your website) and how to release the lockout if it’s triggered. (Locked out? Get the release lockout solution now!) What Types of iThemes Security Pro Lockouts Are There? There are multiple ways a lockout can be triggered using the iThemes Security Pro plugin. The 4 […]

iThemes Security Setup Essentials (January 2020)

https://ithemes.com/ithemes-security-setup-essentials-january-2020/

iThemes Security Pro has a multitude of settings to help you secure your WordPress website. In this webinar, iThemes Associate Product Manager Michael Moore provides in-depth explanations of each security feature and a walkthrough of how to customize iThemes Security Pro for your needs. Watch the Video: How To Set Up the iThemes Security Plugin on Your WordPress Website A WordPress security plugin like iThemes Security Pro adds an important extra layer of security to your website. To make setup easier, a one-click WordPress Security Check will enable the recommend settings. There a lot of other great features you can […]

New! iThemes Security now includes Security Check Pro and CCPA changes in Pro

https://ithemes.com/new-ithemes-security-get-a-pro-feature-and-ccpa-changes-in-pro/

Not every site is the same; that is why we have always been hesitant to take a blanket approach to WordPress Security. For example, several sites are behind some proxy. When a site is behind a proxy, it could appear that every visitor is coming from the same IP address. When malicious actors seem to have the same IP of your customers, it can make it tricky to lockout the correct IPs and prevent the attacker from bypass the lockout. iThemes Security Check Pro Proxy Detection iThemes Security version 7.6.0 now includes the Security Check Pro, which was previously only […]

How to Secure Your Online Store for the Holidays: A 10-Point Website Security Audit

https://ithemes.com/10-point-ecommerce-website-security-audit/

If you are running an online store, you are likely to see a steep increase in traffic during the holiday season. With new customers entering their payment information and personal addresses onto your website, it’s more important than ever to secure your online store in preparation for the holidays. November and December are the busiest shopping months of the year, which makes any downtime related to a hack or security breach more expensive than any other time of year. Your website’s uptime has never been more valuable, and that is why this is the perfect time to perform a security […]