Security

As a regular browser of the Internet, you must have surely come across 404 errors which tell you that the page you were looking for could not be found. Sometimes these are quite funny too, like the one by mint.com. On your own site too, you may see the occasional 404 error. These usually occur…

Certain folders in WordPress, like uploads, are writeable by default so that users can upload files (images, videos, etc) onto your site. Themes and plugins also create files in their respective cache directories while at work which isn’t possible unless these directories are writeable. However, this also opens up your site for potential attacks. Hackers…

In the wake of recent vulnerabilities and their exploits, all WordPress owners and administrators are on high alert with regard to security. The main challenge when it comes to securing our sites is to keep ourselves up to date with all the latest news – which plugin vulnerability has been discovered, what is the new…

As a WordPress site owner, security has always been top concern for me and also a tad overwhelming. The knowledge that new vulnerabilities are exposed every day only makes it that much scarier. I decided that having a good scanning solution in place for my site would be the way to go forward. Once I…

The latest WordPress plugin vulnerability disclosed by Sucuri recently is in the WP eCommerce plugin that lets attackers access and modify private information on your site. It allows malicious users to export user data such as names, addresses, etc. It also lets attackers buy products on your site and change the status of the transaction to…

Does your WordPress site really need HTTPS from wordpress_backup If you own a WordPress site, you must have mulled over this move at some point – HTTPS. HTTPS is a secure form of HTTP, the underlying protocol used on the Internet. With HTTP, all messages are exchanged in plain-text. So anyone wanting to snoop on…

In our earlier article How to ban users based on IP address, we learnt how to keep suspicious users out of our site. But that was only possible if you get to know their IP addresses. We don’t need to always wait for an attacker to knock on our doors to bump up our security….

WordPress has a standard login page called wp-login.php through which a user can access the dashboard. Given the growing number of brute force attacks on WordPress sites in recent times, users are often suggested to the default login URL (i.e. wp-login.php). So instead of logging into your site using /wp-login.php, you’ll now have a new…

Brute force attacks on WordPress have increased manifold in the past few years. Also known as password-guessing or dictionary attack, they use a systematic trial and method approach where every combination is used to crack your password. If you have a site that includes login authentication, you’re a likely target for attack. That covers almost…