Alert from the the WPScan Team: a glitch in Wordfence version 7.1.12 enabled people to discover usernames if they did the username query using the ‘WWW’ version of the domain name. This was fixed in version 7.1.14 – make sure you have updated..! Stay safe, Martin MaldenOwner – WP Security Basics P.S.Is your WordPress website… Read more. . .
The Basics of Securing your WordPress Website – in Plain, Simple English
This website is for non-technical people who need to understand the basics of securing their WordPress website.
Hi, my name is Martin, and I’ve been working with WordPress since 2006 – so I know a little about it..!
What I write about in this site is not a technical guide to completely securing your WordPress website – it focuses on non-technical steps you can take to get basic security measures in place, and to give you an understanding of the threats you face.
To maximise the protection of your website there are additional technical and configuration steps you will need to put in place. I can carry out an audit of your site and make the required changes to strengthen your site’s defences for you, if you’re not comfortable doing them yourself.
If you’d like to know more about that do please contact me.
If I need to clarify anything please do not hesitate to get in touch!
Listing of articles – click the headline to read:
What would be the worst way to find out your website has been hacked? For me it would be to hear it from a customer. And worse still would be if they were furious because visiting my hacked website had caused their computer to be loaded up with malware. This is not a good way… Read more. . .
Adding Two-Factor-Authentication (2FA), also sometimes called Multi-Factor-Authentication (MFA), to your WordPress login page exponentially increases your website’s resistance to brute force attacks. Why use two factor authentication? Two factor authentication adds a second security element that needs to validate before access to your website is allowed. That makes three factors in all:Your usernameYour passwordThe time-sensitive… Read more. . .
This is the third in my series ‘How do Websites Get Hacked’. The first one dealt with theft and misuse of usernames and passwords and the second one dealt with software vulnerabilities. In this one we will look at Third Party Integrations. What are third party integrations? In WordPress terms: plugins and themes. Plugins One… Read more. . .
I saw an interesting discussion in a forum recently, during which it was asserted that once you move your website to HTTPS it becomes secure. But… Just because a website is running on HTTPS that does not mean it is secure. The only thing that an HTTPS website does is to protect the data that… Read more. . .
There is a vulnerability in version 6.1.0 of the Breadcrumbs NavXT plugin – an excellent plugin (which I use on this site) for placing breadcrumbs on your WordPress installation. Version 6.1.0 had a weakness that allowed your username to be revealed via the REST API. The current version is 6.2.0. Make sure you have updated… Read more. . .