Posts

This is a weekly round up of WordPress Security news for July 24, 2017 that I have accumulated from across the web. Some is old WordPress news some new WordPress news but always interesting. pay attention this stuff your security is at stake.

Round up of WordPress Security News and Tips July 24, 2017

This is a weekly round up of WordPress Security news for July 24, 2017 that I have accumulated from across the web. Some is old WordPress news some new WordPress news but always interesting. pay attention this stuff your security is at stake. The Weekly round up of Security News, Tips, and information to help you keep your WordPress website safe and secure.

This is a weekly round up of WordPress Security news I have accumulated from across the web some old some new but always useful. The new relates to keeping a WordPress secure.

 


This week we have the following Security News for you.

Your WordPress plugins might be silently losing business data

https://venturebeat.com/2017/07/19/your-wordpress-plugins-might-be-silently-losing-business-data/If your WordPress site uses third-party plugins, you may be experiencing data loss and other problematic behavior without even knowing it.

Like many of you, I’ve become quite attached to WordPress over the past 15 years. It is by far the most popular content management system, powering 28 percent of the Internet, and still the fastest growing, with over 500 sites created on the platform each day. Considering myself well versed in the software, I was surprised to discover — while working on a digital design project for a client — what could be the Y2K of WordPress. Many WordPress plugins are suffering data loss, and it looks like this problem will soon explode if not properly addressed. Read original article here…. venturebeat.com

WordPress Sites at Risk From PHP Code Execution

https://securityintelligence.com/news/wordpress-sites-at-risk-from-php-code-execution/New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.

The campaign, which was revealed by security specialist Wordfence, peaked during May and June when attackers targeted recently installed, but not configured, instances WordPress, SecurityWeek reported. Outsiders can use a successful attack to take over the new WordPress website and then potentially gain access to the entire hosting account. Read original article here…. securityintelligence.com

5 Simple Ways To Secure Your WordPress Website, Without Plugins

http://www.business2community.com/cybersecurity/5-simple-ways-secure-wordpress-website-without-plugins-01813854#a2wEZSsx4z7qBUU2.97Any time security is brought up with WordPress, the first thought is external sources that could be used to protect your website. But in fact hardening WordPress must start with the install and the administrator of the website. Websites are no longer like sheets of paper, they are dynamic and like software that require strong protection that has to start with the most basic things.

That’s what we are writing about here. Many of these issues arise when we, Element 502, take over the security, SEO and administration of a WordPress website. Read original article here…. business2community.com

WordPress Performance Testing: Why, How & Which Tools to Use

http://www.wpexplorer.com/wordpress-performance-testing/Tons of articles written as the one guide to performance on WordPress, tons of content dedicated to the subject at hand but, what about the tools we use for measurement?

The online and software tools we use are a big part of the equation. A wrong tool or improper results can lead you astray. Today we are going to do the exact opposite, today we are going to benchmark the benchmarks and see if we can come up with a better idea of what’s good, what’s acceptable and what should be definitely avoided when trying to analyze our sites in our need for speed. Read original article here…. wpexplorer.com

 

 

 

 

 

Well that’s a wrap for this week more next week from WP Plugins A to Z.

The Weekly round up of Security News, Tips, and information to help you keep your WordPress website safe and secure. This is a weekly round up of WordPress Security news I have accumulated from across the web some old some new but always useful. The new relates to keeping a WordPress secur

Round up of WordPress Security News and Tips

The Weekly round up of Security News, Tips, and information to help you keep your WordPress website safe and secure. This is a weekly round up of WordPress Security news I have accumulated from across the web some old some new but always useful. The new relates to keeping a WordPress securThe Weekly round up of Security News, Tips, and information to help you keep your WordPress website safe and secure.

This is a weekly round up of WordPress Security news I have accumulated from across the web some old some new but always useful. The new relates to keeping a WordPress secure.

 


This week we have the following Security News for you.

The Ultimate Guide to WordPress Security

https://premium.wpmudev.org/blog/ultimate-guide-wordpress-security/Hackers attack WordPress sites both big and small with over 90,978 attacks happening per minute. Fortunately, there are numerous ways you can protect your WordPress site.

Today, I want to share with you how you can make your WordPress site’s security air tight with basic through to advanced techniques. I’ll also explore how WordPress can be vulnerable to attacks, how hackers compromise websites, how to troubleshoot a hacked site and security plugins you can install.

Feel free to jump down to any section you want to see first: Read original article here…. premium.wpmudev.org

Hackers Are Using Automated Scans to Target Unfinished WordPress Installs

https://www.bleepingcomputer.com/news/security/hackers-are-using-automated-scans-to-target-unfinished-wordpress-installs/Experts from security firm Wordfence say they have observed a wave of web attacks that took aim at unfinished WordPress installations.

These are sites where a user had uploaded the WordPress CMS, started but never finished the installation process.

These sites remained open to external connections, and anyone could have accessed their install panel and complete the installation on behalf of the user.

According to Wordfence, this is exactly what happened. For almost a month, starting with the end of May and through mid-June, an attacker had mass-scanned the Internet for WordPress installations that still featured their installation file. Read original article here…. bleepingcomputer.com

Rotate Your Site’s SALT Keys for Better Brute Force Protection

https://www.blogaid.net/rotate-your-sites-salt-keys-for-better-brute-force-protection/?utm_source=BlogAid+Newsletter&utm_campaign=7a1d335cb0-BlogAid_Blog_Posts5_12_2015&utm_medium=email&utm_term=0_7bdf20ec49-7a1d335cb0-710348757Your WordPress site has a set of master keys to protect your login.

They are called SALT keys.

And they need to be periodically rotated for better security from Brute Force attacks and/or having your site hacked.

Discover what your SALT keys do, where they are located, and how to rotate them.

When you input your username and password into the login screen of your WordPress site, they have to be checked against something to ensure they are correct.
https://api.wordpress.org/secret-key/1.1/salt/
Read original article here…. blogaid.net

Let’s Encrypt Passes 100 Million Certificates Issued, Will Offer Wildcard Certificates in January 2018

https://wptavern.com/lets-encrypt-passes-100-million-certificates-issued-will-offer-wildcard-certificates-in-january-2018Let’s Encrypt, the free and open certificate authority that launched in 2016, has issued more than 100 million certificates as of June 2017 and is currently securing 47 million domains. Earlier this year, the web passed a major milestone of getting more than 50% of traffic encrypted. Let’s Encrypt has been a major contributor to that percentage growing to nearly 58%.

“When Let’s Encrypt’s service first became available, less than 40% of page loads on the Web used HTTPS,” ISRG Executive Director Josh Aas said. “It took the Web 20 years to get to that point. In the 19 months since we launched, encrypted page loads have gone up by 18%, to nearly 58%. That’s an incredible rate of change for the Web.” Read original article here…. wptavern.com

Configuring WordPress to Always Use HTTPS/SSL

https://www.paidmembershipspro.com/configuring-wordpress-always-use-httpsssl/SSL encryption adds a layer of security to your website that makes it harder for malicious actors to collect personal information submitted through forms on your website.

This post will walk you through obtaining an SSL certificate (Let’s Encrypt or Other Providers), installing it on your web server (Let’s Encrypt or Other Providers), setting up your WordPress site to use HTTPS URLs, and fixing any “mixed content” type errors that come up when a page served over HTTPS links to non-HTTPS content. Read original article here…. paidmembershipspro.com

7 Tips to Improve WordPress Security

https://www.codementor.io/codementorteam/tutorials/tips-to-improve-wordpress-security-xep9sr558You just spent many days and sleepless nights to make a blog on WordPress or simply a WordPress website. Now that it is up and running, you are on cloud nine. What if, without a moment’s notice, it goes down due to a security loophole and you are left clueless. This is some nightmarish stuff, but fret not. Here is our detailed guide to help you cover some security patch for your WordPress website so that you have lesser things to take care of. However, you must accept the fact that maintain your WordPress website’s security is an ongoing job and will require you to get back at regular intervals to introduce new changes and make necessary fixes over time. So, let’s begin.

If you are new to the realm of WordPress, keep this glued to the back of your head that never use “Admin” as a username for any of your WordPress websites. You might consider this a smart choice, but hackers know this. Choose a unique username with capital letters along with special characters. Also, you can consider adding a new user providing it with administration privileges. This will be indeed a nice move to make. Read original article here…. codementor.io