How to Use WordPress User Roles for Improved WordPress Security

As a content management system, WordPress has a set user roles. In essence, these WordPress user roles define the capabilities (permissions to carry out specific website tasks) of each individual user on your website. As your site grows, it’s essential to understand those roles and capabilities to ensure the continued security of your website. Since assigning wrong user roles could lead to disastrous consequences. In this article, we’ll outline what user roles are (including custom roles), so you’ll know how to assign them correctly. We’ll also cover how to use WordPress plugins to manage and monitor the activity of your […]

Why a strong password policy is so important for your WordPress website

If you’ve been managing a WordPress site for a while, you may be wondering why a strong password policy is so important. Surely, users are aware that they need to use strong passwords? Unfortunately, many users knowingly use weak passwords, putting your WordPress site at risk. There are differing reasons why this continues to occur. Some don’t want to have to remember a complex password. Whereas others like to reuse the same password across multiple sites. Either way, enforcing a strong password policy protects you against users’ poor password choices such as password123. In this post, we will explain why password security is […]

PPMWP 2.3.1: improved support for third party plugins

Today we are excited to announce update 2.3.1 of the Password Policy Manager plugin. The highlight of this update is improved support for other third party plugins, such as login redirects, e-Commerce and membership type plugins. Even though this update is a maintenance release, it still packs a punch. Let’s dive right in to see what’s new and improved in this update. Improved support for third party plugins Many site administrators use the Password Policy Manager plugin to configure password policies on membership, subscription and e-Commerce sites. So since the plugin is used alongside other plugins such as WooCommerce, Login […]

WP 2FA 1.4.2: Improved 2FA policies & multisite network support

WP 2FA 1.4.2 comes with a good number of improvements. This update will benefit mostly those who want to setup two-factor authentication on a multisite network, or have multiple word user roles, such as shop manager in WooCommerce. However, there is much more to this update than just that. Let’s dive right in to see what else is new, improved and fixed in this exciting update. Improved 2F policies & multisite network support In this version update of the WP 2FA plugin we have added new specific two-factor authentication (2FA) policies for multisite networks. With this update, site admins can […]

The ultimate guide to WordPress user management

There’s nothing more complicated for webmasters than to manage their website users. If your website or eCommerce solution users aren’t managed correctly, they can inflict site-breaking damage and loosen up tight security protocols. While WordPress user management is vitally important, you also have to be able to run your business. You do not want to spend most of your time actively managing your users. That drains your resources and time. You have to use the right tools to automated as much as you can so you can focus on the business. Fortunately, there’s a solution. By adhering to a few […]

WP 2FA 1.4: Support for Authy, FreeOTP, and other 2FA apps

Many have chosen to use our WP 2FA plugin because you do not have to be a developer or a security ninja to enable and require 2FA on your website. Our two-factor authentication plugin is dead easy to use. Today, we are taking it a step further; we are releasing an update in which we have added support for a number of 2FA apps. This means that users are no longer restricted to use only the Google Authenticator app. In this update we have also added a handful of several other new features, and a good number of improvements. Let’s […]

PPMWP 2.3: Inactive users check, policies & performance updates

Today we are announcing Password Policy Manager update 2.3.0. This is an exciting release featuring the all new inactive WordPress users check. In it we also included a good number of other password policies improvements and performance updates. Let’s dive right in to see what is new and improved in this latest update of our password policy manager plugin for WordPress. Checks for inactive WordPress users Inactive and forgotten website users are very often targeted by malicious hackers. They are an easy target that can be used to break into a website. Attackers find them ideal because no one is […]

WordPress file permissions: the guide to configuring secure website & web server permissions

WordPress can pretty much run on any operating system that runs PHP. However, the vast majority of WordPress websites run on Linux. Therefore it is important that you understand Linux file permissions. It is crucial to get file permissions right. Setting incorrect file permissions can open your website up for attack. Incorrect file permissions can allow unauthorized users to gain access to potentially sensitive files and data. Such data can then be used as a stepping stone to a larger attack. As a WordPress administrator, file permissions may seem a bit daunting, especially if you’re new to Linux. Fear not! […]

WFCM 1.6: full integration with WP Activity Log

Today we are announcing two releases; Website File Changes Monitor 1.6 and  WP Activity Log 4.1.2. They are being released together because we have integrated the plugins. Let’s dive right in and see what this integration is all about, and what are the benefits to both plugins’ users. Superior file integrity monitoring scans and better activity logs This integration between these two plugins means a superior WordPress file integrity monitoring solution and UX. We are combining the comprehensive activity log of WP Activity Log and the advanced file integrity monitoring technology of the Website File Changes Monitor plugin. From now […]

The WordPress security process; Test, Harden, Monitor, Improve

WordPress security is not unlike many other areas of IT security. It’s not a one time fix. It is something that is never actually finished. Whilst there are several steps you can take to improve your WordPress security, your site and business requirements will change. So adopting a point-in-time security assessment will only give you a false sense of security. Instead, the winning strategy is to follow a continuous process. A process of constantly testing your defenses and iterating on that to improve your website’s security posture. This article aims to offer a simple to follow long-term iterative process you […]