How to Disable File Editing in the Admin Area of WordPress
In this text and video Quick Guide, we describe how to disable all kinds of file editing within the WordPress admin area (also known as wp-admin).
A Rational Approach to Updating Your WordPress Install
The ability to update WordPress core, themes and plugins from within the Dashboard is quite amazing. It has taken a process that was at one time tedious and made it incredibly simple. Anyone can do it. All it takes is a few clicks and you’re running the latest versions of everything.
Prevent Brute Force Attacks in WordPress with the Limit Login Attempts Plugin
If you’re interested in securing your WordPress site (and you should be!), then Limit Login Attempts is a small, efficient, perfect plugin. It does one single thing—prevent brute force attacks against your WordPress site—and does it well.
How to Change WordPress Password in phpMyAdmin (a cPanel tool)
In this Quick Guide, we’ll walk you through how to change a WordPress user’s password using phpMyAdmin, a tool found in most webhosting cPanels. To change WordPress passwords from phpMyAdmin is simple (it takes less than a minute front-to-back) and it’s a very useful trick to know—one we use at least a couple times every single month in our work with our clients.
Crypto-coin-stealing code sneaks into fairly popular NPM library
David Explains the OWASP Top Ten
While writing WordPress Security with Confidence last year, I spent a lot of time waiting for the latest revision of the OWASP Top Ten, the 2017 version. They ended up taking too much too long to publish, and I made the course focusing on the 2013 version, which was the most-recent-finalized iteration at the time the course went live. I don’t regret that choice, but I wanted to make sure I was well acquainted with the 2017 iteration.
How to Compare the Features of WordPress Security Plugins (and Services)
As a part of WordPress Security with Confidence, I built a feature that I felt a lot of people were hungry for. It’s a comparison table of WordPress security plugins. It starts to take people along the journey from “security is a serious topic that I have no idea how to handle” and toward “security is a set of problems I can solve in a variety of ways.” That transition is my motivation for the course, and it’s also the motivation for something I just made free: WPSecurityCompared.com. Which, well, makes it easy to compare WordPress security plugins.
David Writes on Insecure PHP and WordPress Functions for Smashing Magazine
Your first million dollars. The game-winning catch. A guest post in Smashing Magazine. These are life’s moments of pure success, and David had one of them this week. We’ll keep you posted on the other two.
WordPress Security With Confidence: Announcement of our Next Course
We all know the importance of taking WordPress security seriously. Yet, from choosing the right plugin to HTTPS, from to Equifax to GDPR, from “secure enough” to “absolutely secure,” the world of WordPress security is confusing, obfuscated, and difficult to navigate.
A Comparison of WordPress Two-Factor Options
I’ve been thinking hard about two-factor authentication in the last few months. I think it’s great, but you can’t deny the hassle. So while I’ve enabled it on small number of my most valuable accounts, I admit that I’ve not put it everywhere. I don’t have it on my WordPress sites–partly from avoidance of the (admittedly, relatively minor) hassle it represents, more just out of inertia. Helpfully, I just found this solid article from the folks over at WP WhiteSecurity about what options exist for turning on two factor for WordPress.