Tag: WordPress security
Common WordPress Security Issues & How to Secure Your Site
Last night I was invited to speak at the Boulder WordPress meetup. My friend Angela drew a big crowd, and they listened intently to me talking a little too long about WordPress security vulnerabilities and what you can do to protect your WordPress site. That talk, like this article, is focused on protecting WordPress users and site-owners from common security problems. I have a whole other course about what WordPress developers should do to keep WordPress secure. This article will intentionally simplify complex technical details which often just cloud the story of security from a WordPress site owners perspective. There are far too many complex acronyms for WordPress security conversations to make sense easily to most non-developers.
Crypto-coin-stealing code sneaks into fairly popular NPM library
How to Use iThemes Security to Enforce Strong Passwords in WordPress
It’s important to think about password security in WordPress. Enforce strong passwords so that your users are never able to have one like “chicago”, and you’re well on your way. But how? How can you make sure that WordPress passwords are as strong as they should be, when you aren’t the only one with an account on the site? That’s where the iThemes Security plugin in WordPress comes it, it has a simple setting that’ll prevent people from setting low-security passwords, and you’ll have a whole load off your mind. Better yet, iThemes Security is a free plugin.
How to Compare the Features of WordPress Security Plugins (and Services)
As a part of WordPress Security with Confidence, I built a feature that I felt a lot of people were hungry for. It’s a comparison table of WordPress security plugins. It starts to take people along the journey from “security is a serious topic that I have no idea how to handle” and toward “security is a set of problems I can solve in a variety of ways.” That transition is my motivation for the course, and it’s also the motivation for something I just made free: WPSecurityCompared.com. Which, well, makes it easy to compare WordPress security plugins.
Watch My Free WordPress User Security Talk
Last night, I gave a talk at my local WordPress Meetup here in Fort Collins about security for site owners. Because I think it’s basically required that you rehearse a talk at least once before giving it, I went ahead and whipped out my screen recording software for one of these practice-runs and put it on YouTube. It’s here:
Don’t Get Abandoned on WordPress 4.9.3
A pretty unfortunate and important issue happened when WordPress 4.9.3 was released a few days ago: it has an error that makes it impossible for WordPress to update itself again. After the error was understood, they stopped rolling out automatic updates. But that was after quite a few sites (speculatively: millions) had updated to it. That’s a problem. So, if you’re running 4.9.3 on any WordPress site, make sure that it (manually, perhaps) gets to WordPress 4.9.4. That’s crucial. Let’s explore why.
The Complete Guide to WordPress Security
WordPress sites are one of the most common targets for attack on the internet. They’re hacked more than any other type of site. If you, your friends, or someone you know has never had an experience of a WordPress site getting “hacked”, you’ve either been extremely lucky or have abnormally careful people surrounding you in your life.