WPSec

Critical Security Flaw in the WooCommerce Payments plugin

Leave a Comment / Uncategorized / By Jonas Lejon

On March 22, 2023, a significant security flaw was identified in the WooCommerce Payments plugin, a widely used eCommerce payment plugin for WordPress with over 500,000 active installations. Fortunately, white hat security researcher Michael Mazzolini discovered the vulnerability and responsibly disclosed it through HackerOne, allowing websites to install the patched version 5.6.2 before the full …

Critical Security Flaw in the WooCommerce Payments plugin Read More »

How to Protect Your WordPress Site Against Hackers: Top Tips for Optimal Security

Leave a Comment / Uncategorized / By Jonas Lejon

In today’s digital world, website security is more important than ever. WordPress, the most popular content management system (CMS), is often targeted by hackers. Protecting your WordPress site against cyber threats is crucial to safeguard your data, customers, and online reputation. This blog post will share tips to help you secure your WordPress site from …

How to Protect Your WordPress Site Against Hackers: Top Tips for Optimal Security Read More »

Reducing the WordPress Attack Surface

Leave a Comment / security / By Jonas Lejon

WordPress is a widely used content management system that powers millions of websites. Security is crucial for the owners running WordPress sites as a breached site can seriously compromise its users and damage their brand’s identity. This blog post looks at some essential WordPress security requirements and hardening methods without requiring a third-party plugin to …

Reducing the WordPress Attack Surface Read More »

How to scan your WordPress instances for Security Issues using WPScan

Leave a Comment / Uncategorized / By Jonas Lejon

WordPress is a free, open-source web development platform. WordPress is a content management system (CMS) created in PHP and primarily uses MySQL or MariaDB databases. This is a more technical blog post. WordPress is today’s most user-friendly and powerful blogging, content management, e-commerce, and website builder. A Sneak-peek on WPScan The WPScan security scanner was developed …

How to scan your WordPress instances for Security Issues using WPScan Read More »

How to protect (and quicken) your WordPress instances with a reverse proxy

Leave a Comment / Uncategorized / By Jonas Lejon

WordPress powers about 60% of all websites on the internet, which is a staggering figure by any standard. Most of these WordPress instances lack many basic security features that can mean the difference between your website being hacked and… well, not hacked. In this article, we’re going to run through the process of setting up …

How to protect (and quicken) your WordPress instances with a reverse proxy Read More »

How to Break Into WordPress Installations, and How Implementing 2-Factor-Authentication Can Prevent It

Leave a Comment / Uncategorized / By Jonas Lejon

Author: Luke Stephens Like any system, there are many ways to break into a WordPress installation, to name a few: Exploiting an out of date, vulnerable WordPress core Exploting vulnerable plugins or themes Man-in-the-middle attacks Social engineering One of the most common ways to break into a WordPress installation is to simply find the password …

How to Break Into WordPress Installations, and How Implementing 2-Factor-Authentication Can Prevent It Read More »

Eight-Year Study Shows the Dark Side of WordPress Plugins

Leave a Comment / Uncategorized / By Jonas Lejon

A recent study has revealed that spammers have infected 47,000+ WordPress plugins since 2012. This is a significant number, given that plugins are a fundamental component of website development. Researchers used the web development tool YODA to track the origins of the malware, and they found that every compromised website contained at least two malicious …

Eight-Year Study Shows the Dark Side of WordPress Plugins Read More »

WordPress 6.0.2 Security and Maintenance Release

Leave a Comment / Uncategorized / By Jonas Lejon

A new security and maintenance WordPress-release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. This new version has version number 6.0.2. Because this release contains security fixes, it is recommended that you update all your sites immediately. All versions since WordPress 3.7 have also been updated. If you have …

WordPress 6.0.2 Security and Maintenance Release Read More »

Best Practices for Securing Your WordPress Site

1 Comment / Uncategorized / By Jonas Lejon

Author: Devansh Bordia WordPress is the world’s most popular content management platform, used on 45% of websites. This also makes it an attractive target for malicious attackers! In 2021, more than 1.5 million WordPress websites were compromised. In this article, we will cover many ways that your WordPress instance may be attacked, and how to …

Best Practices for Securing Your WordPress Site Read More »

Security in WordPress plugin development

Leave a Comment / Uncategorized / By Jonas Lejon

While WordPress core is well-tested and widely used, it allows plugins to be installed. Those plugins can be developed by, well, anyone! They enable many significant enhancements to the core platform but also have the potential to compromise the security of the entire website, even when they are not activated. This begs the question, as …

Security in WordPress plugin development Read More »