Understanding DDoS attacks: a guide for WordPress administrators

A Distributed Denial of Service (DDoS) is a type of Denial of Service (DoS) attack in which the attack comes from multiple hosts as opposed to one, making them very difficult to block. As with any DoS attack, the objective is to make a target unavailable by overloading it in some way. Generally, a DDoS attack  entails a number of computers, or bots. During the attack each computer maliciously sends requests to overload the target. Typical targets are web servers and websites, including WordPress websites. As a result, users are unable to access the website or service. This happens because […]

Top reasons why WordPress websites get hacked (and how you can stop it)

Hacking is the process of finding flaws in a system, and exploiting them to bypass security controls. ‘Ethical’ hackers use this process to learn about a system and find its weaknesses. However, malicious or ‘black hat’ hacking is also common. It is often used to break into websites. There are a lot of reasons why hackers target WordPress sites. One of them is the platform’s sheer popularity. By knowing what these reasons are, you’ll gain a better understanding of how to protect your website. In this article, we’re going to break down the reasons people hack websites. Then we’ll talk […]

Choosing the right HTTPS certificate for your WordPress website

In our previous post WordPress HTTPS, SSL and TLS – a guide for website administrators, we explained what HTTPS and all the other technical terms are, and how it works. In this article, we discuss HTTPS certificates, the different ways you may acquire one for your WordPress website, and why you should or shouldn’t pay for one. Let’s dive right in. What is an HTTPS certificate? Before we can discuss the hows and whys of HTTPS certificates, we need to discuss what a certificate is in the first place. A certificate is used to: encrypt the traffic between the web […]

WordPress HTTPS, SSL & TLS – A Guide For Website Administrators

When you visit a website, your browser (also known as a client) sends a HTTP request to a web server. Once the web server sends an HTTP response, the browser can then render the page to your screen. However, HTTP traffic has a problem; it is a plaintext protocol. This makes it susceptible to snooping and meddling. If an attacker is on the same network as you they can intercept and read your HTTP traffic. They may also modify both your requests to the server, as well as the server’s responses back to you. This is known as a Man-in-the-Middle […]

Interview with Ivica Delic on WordPress professionals & security

So far we have only interviewed people who understand and work in application and WordPress security. We have always heard the vendors’ voice. However, in this interview we took a different approach. We interviewed Ivica Delic, a WordPress professional about security. The scope of this interview is to better understand how WordPress professionals, to whom maybe security is not their cup of team, see and understand security products and services. This interview also helps us understand where we can improve and what these professionals are doing to keep their customers’ websites secure. Ivica Delic has been working with WordPress since […]

Website File Changes Monitor 1.3 – UX improvements

Since this is only the third update of the Website File Changes Monitor plugin, we are still finding new ways how to improve the user experience (UX). Thankfully, we get a lot of valuable feedback from the plugin users on how we can make the plugin easier to use and better. Let’s jump right in and see what is new and improved in update 1.3 of our WordPress file integrity monitor plugin. UX improvements in update 1.3 Timestamp of file change: with this update the plugin reports the date and time when it identified the file change. The format of […]

How to Manually Deactivate WordPress Plugins

Plugins are a great aspect of using WordPress. However, at some point, you’ll need to uninstall or deactivate a plugin for one reason or another. This might present a problem, in that, the default method for deactivating WordPress plugins might not be always available. For example, to fix an issue where you lose access to your WordPress dashboard because of an internal server error or plugin conflict, you’d need to manually disable one or more plugins. However, without access to the dashboard, you could only do so using a manual approach. In this article, we’ll highlight the differences between regular […]

Password Policy Manager 1.4: premium trials, advantageous pricing & plugin improvements

In September 2018 we released the first version of the Password Policy Manager plugin for WordPress. The plugin has been a great success. It helps hundreds of administrators ensure their WordPress users use very strong passwords. Today we are announcing update 1.4 of the plugin. With this update we are allowing users to trial the plugin before they buy it, which we believe is very important when selling a premium only plugin. This post tells you about all that is new with update Password Policy Manager 1.4. Premium plugin now available directly from our website Until this release we were […]

Prevention is the way to go when it comes to WordPress security

A common misconception is that malicious hackers only target websites with large income, or those that store valuable sensitive information. However, WordPress websites generally get a lot of unwanted attention, which is why it’s important to take preventive measures from the get-go. The good news is that (on top of basic measures such as having a robust updating strategy) WordPress offers you a lot of options to protect your website against hack attacks. Even simple implementations, such as enabling Two-Factor Authentication (2FA) can drastically improve the security of your website or eCommerce store. In this article, we’ll talk about why […]

What is regulatory compliance & how does it affect WordPress security?

In order to do business, your WordPress website and business have to adhere to rules and regulations. These rules and regulations may take the form of laws (such as GDPR or HIPAA). They may also be compliance requirements, such as PCI DSS or ISO 27001, and may vary from one country to the other. What is compliance? Regulatory compliance, or simply, compliance describes the state of a business being in line with rules and established guidelines specified by a regulatory body. Compliance is a vital component in any organization valuing transparency, security and accountability. Businesses can leverage compliance to conduct […]