WordPress PCI compliance for e-commerce & business sites


If you have an e-commerce or business WordPress site, most probably you’ve already heard of PCI DSS and PCI compliance. As an online merchant / seller your WordPress website has to be compliant to the PCI DSS regulations, otherwise you risk being fined. Even if you use a third party payment gateway such as PayPal or Stripe, there are still some regulatory requirements your website has to adhere to. We have prepared this definitive guide to WordPress PCI compliance for site owners to help you build a PCI DSS compliant website. In this guide we explain in detail all you […]

WP 2FA 1.7: Refactored plugin for better performance, design, and reliability


Today we are happy to announce update 1.7.0 of the WP 2FA plugin. It has already been one year and three months since we launched the plugin, and since then, we’ve learned a lot about how the plugin is used and how it should work to best serve our users’ needs. In this update, we focused on rewriting many parts of the plugin, which allow for better performance, design, and reliability. Let’s dive right in to see what is new, improved, and fixed in this update. What’s new? With every new update released, we continue to enhance the efficiency of […]

Hardening PHP for WordPress


WordPress runs on PHP, and is a core component to pay attention to when hardening your WordPress site. This article will cover some of the most common, low-hanging fruit you can address when it comes to PHP security for WordPress. Heads up – Be careful when making changes to your PHP settings. Incorrect settings and syntax may damage your website. Always test your changes in a development or staging environment before making changes in production. Table of contents Use the latest PHP version Suppress the PHP version Remove any phpinfo() files Suppress PHP errors and warnings Restrict includes Disable remote […]

WFCM 1.8.0: Background file integrity scanning and improved scalability


Today, we are happy to announce update 1.8.0 of the Website File Changes Monitor plugin for WordPress. Prior to this update, the plugin had some issues with the scan timing and resources required to run the scans. This update introduces a completely revamped version of the plugin allowing for better reliability, performance and scalability. Below is a highlight of what is new and improved in the latest update of our file integrity monitoring WordPress plugin. File integrity scans moved as a background task In this update, we focused on further improving the file scanning technology. One of the benefits of […]

PCI compliance and WooCommerce – All you need to know


Whether you’re building, maintaining, or operating an eCommerce website, you need to be aware of your security responsibilities. Luckily, there are standards and regulations that can help you keep online stores, such as those built with WooCommerce, safe and secure. The most notable among these is the Payment Card Industry Data Security Standard (PCI-DSS). Do all WooCommerce sites need to be PCI Compliant? No, not all sites that use WooCommerce are required to be PCI-DSS compliant. These regulations apply to businesses that accept online payments with debit and credit cards.PCI-DSS does not apply if you’re using WooCommerce to display an […]

Top 10 WordPress website maintenance tips


A newly installed WordPress site feels so good. No speed issues, no plugin conflict, no errors, no problems at all. You are exhilarated, and you can’t wait to see thousands of readers on your website every week. Few months down the line, your seemingly perfect site begins to struggle. Speed might become a problem, some plugin or theme updates might create some technical problems, someone from your team makes a mistake, and much more! What happened? Well, everything in the world needs maintenance and your WordPress site isn’t an exception. If you maintain your website properly, it will thrive for […]

WordPress email deliverability and how to improve it


Email is arguably the most common electronic communication medium on Earth. It’s used for everything, from communication to alert notifications, to password reset flows and email-based Two-factor Authentication (2FA). As a website owner sending email from your WordPress site, there are a few issues you’ll likely encounter. If you simply try and install a plugin to send emails on your website’s behalf, your email will almost certainly end up in the junk/spam folder, assuming the mail server even allows it through in the first place. What’s more, while PHP has a built-in mail() function to send email, some hosts disable […]

WP 2FA 1.6.0: New users’ 2FA status column & customizable redirects after 2FA setup


It has been almost four months since we released the last update of the WP 2FA plugin. So naturally, today we are very excited to announce WP 2FA 1.6.0. Since the plugin is now used by more than 15,000 users, we are getting a lot of useful feedback. Because of the feedback, this update comes with a decent number of highly requested new features and performance improvements. Thanks a lot for all the feedback and make sure to keep it coming! So without wasting any more time, let’s dive right in to see what’s new and improved in this update […]

Handling WordPress failed login attempts on your site


Many alarm themselves when they notice WordPress failed login attempts on their websites. On the other hand, security and tech-savvy people do not bother much about failed login attempts.  After all, every website will get its fair share of bot traffic and dictionary attacks. Does your WordPress website receive a lot of failed login attempts? This article explains why your WordPress gets such attacks and what you should do about them. It also suggests a number of recommendations to help you improve the security of your website’s login pages. You notice too many failed login attempts on your WordPress Those […]

PPMWP 2.4.0: New feature to block users with failed login attempts & other updates


Today we are happy to announce Password Policy Manager update 2.4.0. This exciting release features the much anticipated new feature to block users which have failed login attempts as well as other updates and improvements. Let’s dive right in to see what is new and improved in this latest update of our Password Policy Manager plugin for WordPress. Block users with multiple failed login attempts By default, WordPress allows users to try to log in as many times as they want. This functionality is often exploited – attackers use easily available automated tools to launch dictionary attacks and guess your […]