Keeping your WordPress Blogs Speedy & Secure

Archives for :

Sloppy patching, insecure plug-ins made Panama Papers leak possible

Simple WordPress Security

Here’s presentation slides on some WordPress security basics; the slides can be downloaded here.

Please contact us if you need help securing your WordPress sites.

WordPress Attacks: Time To Wake Up

High-profile WP sites hacked: MIT, NEA and Penn State servers.

PCI DSS & WordPress

I gave a presentation last night on the PCI DSS Credit-Card security standards and how they apply to WordPress eCommerce users.

The slides can be downloaded here.

Please contact us if you need help securing your eCom sites.


General PCI DSS information & resources: (SAQs are here)

CheckMarx reports on insecurity in top plugins

CheckMarx reports they have analyzed the 50 most popular WordPress plugins and found:

  • 20% of the most popular plugins are vulnerable to common Web attacks
  • 7 of the 10 most popular eCommerce plugins are vulnerable to common Web attacks

One might guess that less popular plugins are often worse, on average.


  1. Only download plugins from
  2. Keep your plugins up-to-date
  3. Uninstall unused plugins
  4. Especially for e-Commerce sites, limit the number of plugins
  5. Avoid plugins which appear to be long out-of-date or abandoned

BotNet attacking WordPress hosts with brute-force password attempts

Ars Technica reports a BotNet with 90,000 IP addresses is trying to brute-force WordPress installs via password guessing. recommends performing the following steps immediately to protect your sites from getting hacked:

  1. disable or rename default admin accounts (replace them with different name-based accounts with strong passwords)
  2. limit the number of admin / network admin accounts
  3. install a plugin such as Limit Login Attempts

Pass-Phrase advice cartoon

WordPress Cache plugins vulnerable, actively exploited

Vulnerabilities have been found in 2 caching plugins: W3 Total Cache and WP Super Cache… be sure you update your plugins!