Common WordPress Security Issues & How to Secure Your Site
Last night I was invited to speak at the Boulder WordPress meetup. My friend Angela drew a big crowd, and they listened intently to me talking a little too long about WordPress security vulnerabilities and what you can do to protect your WordPress site. That talk, like this article, is focused on protecting WordPress users and site-owners from common security problems. I have a whole other course about what WordPress developers should do to keep WordPress secure. This article will intentionally simplify complex technical details which often just cloud the story of security from a WordPress site owners perspective. There are far too many complex acronyms for WordPress security conversations to make sense easily to most non-developers.
How to Change WordPress User Passwords via FTP
A member from the WPShout Facebook Group blew my mind last week with this set of instructions for either resetting WordPress user passwords or adding new users using only an FTP connection. This was in response to our Quick Guide that describes how to do the same thing inside phpMyAdmin, which requires cPanel (or similar) access. For many situations, I believe this FTP route is quite a bit simpler and requires requesting less complete access from your clients.
How to Reset Your WordPress Password with cPanel and phpMyAdmin
In this Quick Guide, we’ll walk you through how to reset a WordPress user’s password using cPanel and phpMyAdmin. To change WordPress passwords from cPanel is simple (it takes less than a minute front-to-back) and it’s a very useful trick to know—one we use at least a couple times every single month in our work with our clients.
A Comparison of WordPress Two-Factor Options
I’ve been thinking hard about two-factor authentication in the last few months. I think it’s great, but you can’t deny the hassle. So while I’ve enabled it on small number of my most valuable accounts, I admit that I’ve not put it everywhere. I don’t have it on my WordPress sites–partly from avoidance of the (admittedly, relatively minor) hassle it represents, more just out of inertia. Helpfully, I just found this solid article from the folks over at WP WhiteSecurity about what options exist for turning on two factor for WordPress.