Putting your site in maintenance mode is like putting an “Out Of Service” sign outside an elevator. It makes sure clients and customers know that there is the site is undergoing changes and to not interact with it.  Without maintenance mode, you risk losing data like comments, new posts, new registrations, new orders, etc.  This…

We’re here to talk about an important issue in WordPress security. Some people believe that stolen session cookies cause most website hacks—up to 60% of them. This simply isn’t true, and believing it can lead to bad security choices.  Misconceptions can cause people to use the wrong fixes, ignoring real security issues. We’re in a…

Managing multiple user accounts on your WordPress site can seem daunting. It includes several tasks that range from managing user roles to monitoring user activity.  Unmanaged user accounts are not just an administrative oversight, but they significantly heighten the risk of security breaches on your website. For example, allowing anyone to register without verification can…

Security headers are an essential tool in the world of WordPress security that often fly under the radar. These powerful lines of code work behind the scenes, quietly standing guard and deflecting sinister online threats. From preventing information theft to blocking sneaky intrusion efforts, security headers are a great line of defense. TL;DR: WordPress security…

As a WordPress site owner, you need to know what is happening on your site all the time: who has made what change when.  An activity log plugin, as the name suggests, captures every action and event that occurs on your site. It is a great way to keep accountability, and can be an early…

Recovering access to a WordPress account can be incredibly frustrating. Perhaps you’ve changed developers and the new one can’t access wp-admin. Or someone has been careless and lost their credentials, the password reset link isn’t working, and you can’t log in, no matter what you have tried.  The good thing is, it’s possible. We’ve tried…

Seeing unusually large traffic numbers in Google Analytics can be both confusing and concerning. Unfamiliar website referrals can redirect you to unwanted destinations and distort the true performance metrics of your site.  Unfortunately, there is no way to remove spam in your traffic analytics. You can only prevent future spam attacks from here on out….

The Content-Security-Policy (CSP) HTTP header is a powerful tool in any WordPress site administrator’s arsenal. It aims to provide an extra layer of security for websites by preventing the loading of malicious scripts or content. Implementing the CSP header in WordPress may seem daunting. However, our experience of over 10 years in the WordPress ecosystem…

Are you concerned about protecting your WordPress site from Cross-Site Scripting (XSS) attacks? Wondering how to leverage browser capabilities to prevent malicious script injections? Do the varying levels of browser security among your users concern you? This is where setting up proper HTTP headers plays a pivotal role. And among these headers, the X-XSS security…

A sudden surge in website traffic is undeniably exciting for any online business or website owner. However, when you notice a significant increase in traffic from unusual and suspicious sources, alarm bells start ringing.  You might be experiencing the common menace known as referral spam.  As these misleading practices continue to infiltrate website analytics, accurately…