WordPress file permissions: the guide to configuring secure website & web server permissions

https://www.wpwhitesecurity.com/wordpress-file-permissions-guide-secure-website-server/

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions. It is crucial to get file permissions right. Setting incorrect file permissions can open your website up for attack. Incorrect file permissions can allow unauthorized users to gain access to potentially sensitive files and data. Such data can then be used as a stepping stone to a larger attack. As a WordPress administrator, file permissions may seem a bit daunting, especially if you’re new to Linux. Fear not! […]

WFCM 1.6: full integration with WP Activity Log

https://www.wpwhitesecurity.com/wfcm-1-6/

Today we are announcing two releases; Website File Changes Monitor 1.6 and  WP Activity Log 4.1.2. They are being released together because we have integrated the plugins. Let’s dive right in and see what this integration is all about, and what are the benefits to both plugins’ users. Superior file integrity monitoring scans and better activity logs This integration between these two plugins means a superior WordPress file integrity monitoring solution and UX. We are combining the comprehensive activity log of WP Activity Log and the advanced file integrity monitoring technology of the Website File Changes Monitor plugin. From now […]

The WordPress security process; Test, Harden, Monitor, Improve

https://www.wpwhitesecurity.com/wordpress-security-process-test-harden-monitor-improve/

WordPress security is not unlike many other areas of IT security. It’s not a one time fix. It is something that is never actually finished. Whilst there are several steps you can take to improve your WordPress security, your site and business requirements will change. So adopting a point-in-time security assessment will only give you a false sense of security. Instead, the winning strategy is to follow a continuous process. A process of constantly testing your defenses and iterating on that to improve your website’s security posture. This article aims to offer a simple to follow long-term iterative process you […]

WP 2FA 1.3: 2FA setup website page & improved 2FA policies

https://www.wpwhitesecurity.com/wp-2fa-1-3/

The most highly requested WP 2FA feature we are asked for is to allow users to setup two-factor authentication from a website page. In eCommerce stores and membership / subscription websites users only have access to custom user profile pages, so it was not possible for them to setup 2FA. With this update of our two-factor authentication plugin for WordPress, all site users, members and customers can setup 2FA from a website page. They do not need to have access the WordPress dashboard. In this release post we explain how we are supporting custom user profile pages, and also highlight […]

Secure your WordPress login with these easy-to-use plugins

https://www.wpwhitesecurity.com/wordpress-secure-login-plugins/

When it comes to managing your WordPress site, keeping your login secure and working well should be of top priority. Whether you operate an eCommerce store, or a membership site, making sure that your users utilize a strong username and password combination is essential to securing your website against outside threats and hacking attempts. And yet, some of your users may well continue to use weaker passwords and usernames for their WordPress login. Passwords such as password123 or even 1234 leave a gaping hole in your site’s defenses. However, by using a couple of plugins, you can secure your WordPress login. […]

WordPress Two-Factor Authentication (2FA): what is it & using it on your site

https://www.wpwhitesecurity.com/two-factor-authentication-wordpress/

The security of your WordPress website depends on the systems you put in place to protect it and harden its security. With the sharp increase of automated password guessing, your users’ sensitive information and access to your site are more at risk than ever. This is why it’s so important to protect your WordPress site further by adding two-factor authentication. Because your site is only as strong as its weakest password. In this article, we’ll illustrate what WordPress two-factor authentication is, why it’s so important, and how to implement it on your website with an easy to use two-factor authentication […]

WP 2FA 1.2: Multisite networks support, configurable email notifications templates & other updates

https://www.wpwhitesecurity.com/wp-2fa-1-2/

Today we are excited to release WP 2FA update 1.2. In just a month, our easy-to-use two-factor authentication (2FA) plugin has been downloaded more than 1,000 times. It received very good reception, and many of you sent us feedback. Thank you for that. The highlights of this update are support for WordPress multisite network, configurable email templates, and out of the box support for custom login pages. These notes highlight what is new, improved and fixed in this update of WP 2FA. WordPress Multisite network support Since with WP 2FA you can enable policies to make two-factor authentication mandatory, a […]

How to make your WordPress website CCPA compliant

https://www.wpwhitesecurity.com/make-wordpress-website-ccpa-compliant/

After the introduction of GDPR back in 2018, there’s now another law that’s set to further effect WordPress webmasters in their bid to remain compliant with local data privacy regulations. Its name? The California Consumer Protection Act (or CCPA for short). This new piece of legislation is designed to provide Californians with enhanced protection with regard to the use of their personal information. It came into force at the beginning of the year 2020. This guide will walk you through what the CCPA website compliance requirements are. It also explains what it means for your website in practice, and how to implement […]

PPMWP 2.2: Out of the box support for custom login pages & other updates

https://www.wpwhitesecurity.com/ppmwp-2-2/

Today we are releasing Password Policy Manager 2.2. The highlights of this update are the out of the box support for custom login pages and the plugin translations. We have also included a number of updates and fixed a number of issues in this update. These release notes highlight what is new, improved and fixed in this exciting update of our password security plugin for WordPress. Out of the box support for custom login pages Up until this update, site administrators had to add a code snippet to the custom login page template there were using. Otherwise, users were not […]

WFCM 1.5: Hourly file integrity scans & other plugin improvements

https://www.wpwhitesecurity.com/wfcm-1-5/

In this update of the Website File Changes Monitor plugin we focused on further improving the file scanning technology. The results speak for themselves; faster scans that requires less resources. Here, you can read in more details what is new and improved in update 1.5 of our file integrity monitor WordPress plugin. Hourly file integrity scans The more frequent the file integrity monitoring scans are, the earlier you can identify a file change on your WordPress website. In this update we have included the option to configure hourly file changes scans, allowing you to be alerted of any changes, malicious […]