The WordPress login form is the access point to the world of WordPress. This simple form allows authorized users who successfully enter their account details to enter the WordPress admin area. By default, the WordPress login page can be accessed by appending /wp-login.php or /wp-admin/, to your main WordPress URL. The login paths are similar…

Seeing a ‘This site may be hacked’ message under your site in Google search results is alarming. Your visitors seeing it is downright terrifying. Many people still wonder if going on such a site can cause their device to be hacked, so you are bound to see a huge negative impact on your site if…

WordPress is the most popular content management system in the world. It powers 43% of all websites on the Internet. And due to its popularity, it is a popular target for hackers. According to a 2018 Sucuri report, 90% of all CMS-based websites cleaned by it during that year were WordPress websites. No WordPress user…

WordPress file permissions are a hotly debated topic, and you will find tons of advice (quite a bit of it incorrect) online. WordPress also has an article about file permissions and how to set them to secure your site, but those instructions are hard to follow.  In this article, we have put together a complete…

Whitelisting IP addresses is a manual way to ensure that certain IPs have access to your WordPress website. In some cases, it is because you have a private site for limited users. Other times, it is because plugin IPs are blocked and they cannot function properly. We have often seen this when one website has…

MalCare is a new face in WordPress plugins for security, but is considered a strong contender alongside the biggest names like Wordfence and Sucuri. But, does it make sense to spring for a subscription when there is a free version available?  Security plugins protect sites from hackers, their malware, their bots, therefore security is not…

Brute force attacks can overwhelm sites, even before an attack is actually successful. These attacks on WordPress sites hammer the login page, attempting to break through to your site dashboard. If you see a lot of requests on for wp-login.php or wp-admin, you may well be under a brute force attack. Install a WordPress firewall with…

If you want to secure your WordPress site, you will find a lot of advice online, some of which is good, and some outright damaging, albeit well-meaning.  When it comes to WordPress security, you need to be able to trust your sources and find information that is not only credible, but also feasible and applicable….

WordPress XSS or cross-site scripting attacks are the most common WordPress attack mechanisms today. They target visitors of your website, wanting to steal their information. The worst part of XSS attacks is that attackers use vulnerabilities on your WordPress website to do this. Protect your visitors from XSS attacks by installing a WordPress firewall.  On…

SQL injections are some of the most devastating attacks on WordPress sites. In fact, they are rated second on the list of most critical WordPress vulnerabilities, second only to cross-site scripting attacks. A WordPress SQL injection lets a hacker gain access to your site database, and thereafter flood your site with malware. If you suspect…