Directory browsing is enabled by default in most web hosts. This is very insecure as anyone can browse through your web directories and gather the information regarding the plugins and themes you are using. This information, in turn, is used to attack your site using the vulnerabilities found in your plugins, themes, and other files. So, let me show you how to disable directory browsing in WordPress to protect your WordPress site and keep … [Read more...]
How to Disable Login Hints in WordPress Login Page [Security Tip]
When you try to log into WordPress site with an incorrect username or password, it will immediately show an error message indicating that the information that you have entered is incorrect. This type of message is generally called as login hints. These login hints may pose a threat to your site as they may help someone to guess your login credentials if they're smart enough. If someone enters a correct username but enters an incorrect … [Read more...]
Receive Email Notifications of Security Vulnerabilities in Installed Plugins
WordPress is popular for a reason, it is feature filled, secure, and flexible. Moreover, almost every WordPress user makes use of different plugins to enhance and protect the WordPress site. In fact, it is one of the first things to after installing WordPress. As useful as the plugins are, they not only make your site flexible but also makes your site a subject of the plugin vulnerabilities. These vulnerabilities in the installed plugins can … [Read more...]
Enable and Protect Your WordPress Site with Two-Factor Authentication
Almost every online and offline account we have are protected by the decades old username and password style authentication. If you have the correct username and password of a particular account, then you can easily login to that account and do whatever you want. Considering the widely available hacking tools and the increased computing power, even a noob is able to crack down the usernames and passwords. Sure, you can easily limit login … [Read more...]
WordPress 4.2.4 – Critical Security Update and Maintenance Release
A few hours back, WordPress team released yet another security and maintenance update patching some critical vulnerabilities. Including WordPress 4.2.3, this is the second update in last fifteen days. In total, this new security update fixes six critical vulnerabilities which include, a potential SQL injection which could compromise the entire website, three cross-site scripting vulnerabilities, an issue where the attacker can lockout a post … [Read more...]