New Plugin Makes WordPress Core Updates More Secure by Requiring Cryptographic Signature Verification

In 2016, WordFence published their findings of a vulnerability that could have compromised the servers that are used to send out WordPress updates. It turned out to be a complex, obscure vulnerability that ignited a conversation surrounding the security of api.wordpress.org and what could happen if the servers were compromised. One idea that was brought Read more about New Plugin Makes WordPress Core Updates More Secure by Requiring Cryptographic Signature Verification[…]

New WP-CLI Project Aims to Extend Checksum Verification to Plugins and Themes

The WP-CLI team is initiating a new project that aims to bring checksum verification to plugins and themes. Checksums are a method of verifying the integrity of files. Three years ago, WP-CLI added the capability of verifying WordPress core checksums using the MD5 algorithm. This is a useful security feature that allows developers to easily Read more about New WP-CLI Project Aims to Extend Checksum Verification to Plugins and Themes[…]

WordPress REST API Vulnerability Exploits Continue

photo credit: Code & Martini by Ivana Vasilj – cc license It has been nearly two weeks since the WordPress security team disclosed an unauthenticated privilege escalation vulnerability in a REST API endpoint in 4.7 and 4.7.1. The vulnerability was patched silently and disclosure was delayed for a week to give WordPress site owners a Read more about WordPress REST API Vulnerability Exploits Continue[…]

8 Must-Do Steps for Securing and Hardening Your WordPress Website

Imagine with me for a moment that you’re a hacker looking for ways to hijack reputable websites and use them to funnel unsuspecting traffic to a nefarious phishing scam.

How would you target websites for maximum impact? One option would be to locate and target a single vulnerability that affects hundreds or thousands of sites. If such a thing could be found and exploited you could create digital carnage in very short order.

Are you starting to see why hardening WordPress is so important?

As the most popular content management system on the web, WordPress is a prime target for hackers everywhere. But there’s something you can do about it.

Why Do Bad Hacks Happen to Good Websites?

Thankfully, the WordPress core software is quite secure. Hacks are rarely able to get under your website’s skin by going straight after the core. When exploits in the core are identified they’re promptly patched.

Rather than go after the core – which they know is a tough nut to crack – hackers generally target things like lazily chosen passwords, poorly-coded plugins, lax file permissions, and sites that haven’t been updated in far too long and are therefore vulnerable to patched exploits.

Since hackers tend to go after the low-hanging fruit, it really isn’t that complicated to harden WordPress and keep it secure. As a matter of fact, you can keep your site at the far upper end of the security bell curve by taking eight simple steps.

Let me walk you through them.

[…]

Fixing the “Are You Sure You Want to Do This” Error in WordPress

The vaguest WordPress error you’ll no doubt come across at some point, which also has a whole laundry list of probable causes, is… “Are you sure you want to do this?” What’s frustrating about this particular error is that it could mean you made a small fixable mistake or, worse, that you’ve been hacked (though typically Read more about Fixing the “Are You Sure You Want to Do This” Error in WordPress[…]

Critical Security Vulnerability Discovered in Elegant Themes Products

Elegant Themes emailed its customers last night to inform them of a critical security vulnerability affecting a large segment of its product line. An information disclosure vulnerability was found in the Divi Builder (included in our Divi and Extra themes, as well as our Divi Builder plugin) which resulted in the potential for user privilege Read more about Critical Security Vulnerability Discovered in Elegant Themes Products[…]

Hacked? How to Clean Your Site and Get Off Google’s Blacklist

So, did it hurt? When you landed at the bottom of the SERPs, I mean, and Google slapped a scary red warning message on your site telling people to keep out. If this happened due to an error on your part (bad SEO, shady linking tactics, etc) that’s one thing. But if your site was hacked Read more about Hacked? How to Clean Your Site and Get Off Google’s Blacklist[…]

How Many WordPress Plugins Is Too Many Plugins…?

The record for the most number of plugins installed on a WPMU DEV member’s WordPress site is 637. I kid you not. And the guy’s site seemed to work just fine, strangely enough. Are you addicted to plugins? Do you enjoy the thrill of the hunt, finding the right plugin to solve a particular problem Read more about How Many WordPress Plugins Is Too Many Plugins…?[…]