Keeping your WordPress Blogs Speedy & Secure

Archives for :

Sloppy patching, insecure plug-ins made Panama Papers leak possible

Posted by : Barry On : April 11, 2016

Category: Security

Sloppy patching, insecure plug-ins made Panama Papers leak possible

Simple WordPress Security

Posted by : Barry On : October 5, 2015

Category: Uncategorized

Here’s presentation slides on some WordPress security basics; the slides can be downloaded here.

Please contact us if you need help securing your WordPress sites.

WordPress Attacks: Time To Wake Up

Posted by : Barry On : October 4, 2015

Category: Security

The latest WordPress hacks highlight our continued laziness when implementing online security

High-profile WP sites hacked: MIT, NEA and Penn State servers.

Posted by : Barry On : October 4, 2015

Category: Security

70% of WordPress sites are running outdated software and are vulnerable to hackers launching DDoS attacks.

PCI DSS & WordPress

Posted by : Barry On : July 19, 2015

Category: Security

Tags:, , ,

I gave a presentation last night on the PCI DSS Credit-Card security standards and how they apply to WordPress eCommerce users.

The slides can be downloaded here.

Please contact us if you need help securing your eCom sites.

 

General PCI DSS information & resources:
https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
https://www.pcisecuritystandards.org/security_standards/
https://www.pcisecuritystandards.org/security_standards/documents.php (SAQs are here)

CheckMarx reports on insecurity in top plugins

Posted by : Barry On : July 14, 2015

Category: Security

CheckMarx reports they have analyzed the 50 most popular WordPress plugins and found:

  • 20% of the most popular plugins are vulnerable to common Web attacks
  • 7 of the 10 most popular eCommerce plugins are vulnerable to common Web attacks

One might guess that less popular plugins are often worse, on average.

Recommendations:

  1. Only download plugins from WordPress.org
  2. Keep your plugins up-to-date
  3. Uninstall unused plugins
  4. Especially for e-Commerce sites, limit the number of plugins
  5. Avoid plugins which appear to be long out-of-date or abandoned

BotNet attacking WordPress hosts with brute-force password attempts

Posted by : Barry On : July 14, 2015

Category: Security

Ars Technica reports a BotNet with 90,000 IP addresses is trying to brute-force WordPress installs via password guessing.
BlogSec.net recommends performing the following steps immediately to protect your sites from getting hacked:

  1. disable or rename default admin accounts (replace them with different name-based accounts with strong passwords)
  2. limit the number of admin / network admin accounts
  3. install a plugin such as Limit Login Attempts

Pass-Phrase advice cartoon

WordPress Cache plugins vulnerable, actively exploited

Posted by : Barry On : May 7, 2015

Category: Security

Vulnerabilities have been found in 2 caching plugins: W3 Total Cache and WP Super Cache… be sure you update your plugins!

© All rights reserved.

Powered by WordPress

Archives

Authors

Pages