Keeping your WordPress Blogs Speedy & Secure

Archives for : July2015

PCI DSS & WordPress

Posted by : Barry On : July 19, 2015

Category: Security

Tags:, , ,

I gave a presentation last night on the PCI DSS Credit-Card security standards and how they apply to WordPress eCommerce users.

The slides can be downloaded here.

Please contact us if you need help securing your eCom sites.

 

General PCI DSS information & resources:
https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
https://www.pcisecuritystandards.org/security_standards/
https://www.pcisecuritystandards.org/security_standards/documents.php (SAQs are here)

CheckMarx reports on insecurity in top plugins

Posted by : Barry On : July 14, 2015

Category: Security

CheckMarx reports they have analyzed the 50 most popular WordPress plugins and found:

  • 20% of the most popular plugins are vulnerable to common Web attacks
  • 7 of the 10 most popular eCommerce plugins are vulnerable to common Web attacks

One might guess that less popular plugins are often worse, on average.

Recommendations:

  1. Only download plugins from WordPress.org
  2. Keep your plugins up-to-date
  3. Uninstall unused plugins
  4. Especially for e-Commerce sites, limit the number of plugins
  5. Avoid plugins which appear to be long out-of-date or abandoned

BotNet attacking WordPress hosts with brute-force password attempts

Posted by : Barry On : July 14, 2015

Category: Security

Ars Technica reports a BotNet with 90,000 IP addresses is trying to brute-force WordPress installs via password guessing.
BlogSec.net recommends performing the following steps immediately to protect your sites from getting hacked:

  1. disable or rename default admin accounts (replace them with different name-based accounts with strong passwords)
  2. limit the number of admin / network admin accounts
  3. install a plugin such as Limit Login Attempts

Pass-Phrase advice cartoon

© All rights reserved.

Powered by WordPress

Archives

Authors

Pages