Tag: WordPress security
SVGs in WordPress: How to Upload Them and Why to Use Them
This article is all about SVGs: how and why to use SVGs in WordPress, including how to allow SVG file uploads in WordPress. Whether you love, fear, or simply don’t understand this image format, we’ve got you covered.
How to Disable File Editing in the Admin Area of WordPress
In this text and video Quick Guide, we describe how to disable all kinds of file editing within the WordPress admin area (also known as wp-admin).
Update the Elementor Plugin ASAP: Security Vulnerability Found
They found a security vulnerability in the Elementor plugin. It’s patched in the newest version of the plugin, so if you use Elementor, please update to the latest version as soon as you can. (And if you happen to be nervous about updating stuff, this week’s article is perfectly timed.)
How Real is Movie Hacking?
I know, you know: “not very realistic” is the knock against hacking in the movies. It’s like an old joke for people in the know.
Common WordPress Security Issues & How to Secure Your Site
Last night I was invited to speak at the Boulder WordPress meetup. My friend Angela drew a big crowd, and they listened intently to me talking a little too long about WordPress security vulnerabilities and what you can do to protect your WordPress site. That talk, like this article, is focused on protecting WordPress users and site-owners from common security problems. I have a whole other course about what WordPress developers should do to keep WordPress secure. This article will intentionally simplify complex technical details which often just cloud the story of security from a WordPress site owners perspective. There are far too many complex acronyms for WordPress security conversations to make sense easily to most non-developers.
Crypto-coin-stealing code sneaks into fairly popular NPM library
How to Use iThemes Security to Enforce Strong Passwords in WordPress
It’s important to think about password security in WordPress. Enforce strong passwords so that your users are never able to have one like “chicago”, and you’re well on your way. But how? How can you make sure that WordPress passwords are as strong as they should be, when you aren’t the only one with an account on the site? That’s where the iThemes Security plugin in WordPress comes it, it has a simple setting that’ll prevent people from setting low-security passwords, and you’ll have a whole load off your mind. Better yet, iThemes Security is a free plugin.
How to Compare the Features of WordPress Security Plugins (and Services)
As a part of WordPress Security with Confidence, I built a feature that I felt a lot of people were hungry for. It’s a comparison table of WordPress security plugins. It starts to take people along the journey from “security is a serious topic that I have no idea how to handle” and toward “security is a set of problems I can solve in a variety of ways.” That transition is my motivation for the course, and it’s also the motivation for something I just made free: WPSecurityCompared.com. Which, well, makes it easy to compare WordPress security plugins.
Watch My Free WordPress User Security Talk
Last night, I gave a talk at my local WordPress Meetup here in Fort Collins about security for site owners. Because I think it’s basically required that you rehearse a talk at least once before giving it, I went ahead and whipped out my screen recording software for one of these practice-runs and put it on YouTube. It’s here:
Don’t Get Abandoned on WordPress 4.9.3
A pretty unfortunate and important issue happened when WordPress 4.9.3 was released a few days ago: it has an error that makes it impossible for WordPress to update itself again. After the error was understood, they stopped rolling out automatic updates. But that was after quite a few sites (speculatively: millions) had updated to it. That’s a problem. So, if you’re running 4.9.3 on any WordPress site, make sure that it (manually, perhaps) gets to WordPress 4.9.4. That’s crucial. Let’s explore why.