Website File Changes Monitor 1.7.1: improved UX & other minor improvements

https://www.wpwhitesecurity.com/wfcm-1-7-1/

Today we are happy to announce the release of Website File Changes Monitor 1.7.1. This is a minor but must-install followup to update 1.7.0. In this update we have improved several aspects of the plugin’s user experience (UX) and also addressed a few issues reported in update 1.7.0. Below is a highlight of what is new and improved in the latest update of our file integrity monitoring WordPress plugin: Less icons & more automation In the last update of the plugin we have introduced the new WordPress core repository check. This is used to compare your website’s WordPress core files […]

Hacking WordPress websites & stealing WordPress passwords

https://www.wpwhitesecurity.com/hacking-wordpress-websites-passwords/

A detailed explanation of how attackers use Man-in-the-Middle (MitM) to hack WordPress websites and login credentials. This article is for educational purposes only. Like any other web application with a login form, WordPress submits your username and password in an HTTP request when logging in. By default, HTTP is not an encrypted protocol. That means that unless your WordPress website is using HTTPS, the communication between you and the web server is susceptible to eavesdropping. Hackers with malicious intent can easily intercept and modify your WordPress website’s cleartext (un-encrypted) HTTP traffic. Naturally, one of the most interesting pieces of information […]

Admin Notices Manager 1.1: choose which admin notices you see & which not

https://www.wpwhitesecurity.com/anm-1-1-0/

We can all agree that 2020 was a difficult year. That’s why we are excited to start 2021 with our very first update of the Admin Notices Manager plugin. In this update we added the ability to choose which type of admin notices to show as normal on the WordPress dashboard, in the plugin pop-up, or choose to hide them completely. Additionally, we added an option to capture admin notices with custom type. Now let’s dive right in and see all the new features and improvements in update 1.1 of the Admin Notices Manager plugin. Choose how & where the […]

Interview with Ryan Dewhurst, founder of WPScan

https://www.wpwhitesecurity.com/interview-ryan-dewhurst-wordpress-vulnerabilities/

Ryan Dewhurst is an ethical hacker and penetration tester who has dedicated many years in helping people in the WordPress community improve the security posture of their websites and protect them from malicious attackers. Ryan is the founder of WPScan, a free, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their sites. The WPScan CLI tool currently uses a database of 21,875 WordPress vulnerabilities. 1. For those who do not know you, tell us what you do and a bit about your past and credentials. I’ve been interested in computers and […]

How to safely add custom code to WordPress websites

https://www.wpwhitesecurity.com/safely-add-custom-code-wordpress-websites/

Users are often looking for ways to tweak their websites, plugins and themes, or to add some modifications to an existing functionality. In most of these cases, you can do so by adding custom code to your WordPress website. There is nothing wrong with adding custom code to your website. However, there are a few things that you need to look out for when adding custom code making these changes to your WordPress website. This article highlights what to look out for, and the best practices to adding custom code to your WordPress website. What to look for before adding […]

WFCM 1.7.0: new file integrity checks & detailed email notifications

https://www.wpwhitesecurity.com/wfcm-1-7-0/

2020 has been a very difficult year for everyone. So there is nothing better than ending the year on a high; before we leave for the holidays and enjoy some downtime, we are excited to announce the last release of this year; Website File Changes Monitor 1.7.0. In this update we added a new feature to further improve the detection of possibly tempered WordPress core on a website. We have added several improvements to reduce false positives when it comes to WordPress core updates, and new installs, updates and uninstalls of plugins and themes. On top of that, we have […]

How to choose the best WordPress plugins for your website

https://www.wpwhitesecurity.com/choose-best-plugin/

WordPress plugins are awesome and if you want your site to have a specific function, or add additional functionality, the chances are there is a plugin out there for it. If you’d like to learn more about what WordPress plugins are, refer to our WordPress plugins introduction. On the WordPress’s repository there are over 57,000 plugins. With so many choices, sometimes it can be hard to find exactly what you are looking for. Often, there are multiple plugins that could fit your requirements. When you’re faced with such a decision, it might be tempting to just pick the random one. […]

What are WordPress plugins?

https://www.wpwhitesecurity.com/wordpress-plugins-explanation/

If you are new to WordPress, you might be wondering what are WordPress plugins and what’s their purpose. It’s a reasonably common question to ask because plugins are an important part of the WordPress ecosystem. They are essential if you want to build a website with WordPress. In this article, we explain what WordPress plugins are, what’s their purpose on a website, and how they work. Then, we’ll give you a few tips on how to add plugins to your site and manage them correctly. Let’s dive right in! Table of content What are WordPress plugins? Basic and important plugins’ […]

WP 2FA 1.5: Fully responsive wizard & performance updates

https://www.wpwhitesecurity.com/wp-2fa-1-5-0/

Today we are excited to announce update 1.5 of the WP 2FA plugin. The highlight of this update is the new fully responsive 2FA wizard and a much improved and efficient code. In this update we have also improved a lot of under the hood things. Let’s dive right in for a highlight of what’s new, improved and changed in this update of the WP 2FA plugin. New fully responsive 2FA wizard With this new update of the two-factor authentication plugin for WordPress users can now setup 2FA from their smartphones, tablets and other devices without the need to use […]

The 5 best WordPress security plugins for complete site security

https://www.wpwhitesecurity.com/best-wordpress-security-plugins/

Your WordPress site’s security should be one of your top concerns as a webmaster. However, there’s no such thing as a ‘set and forget’ approach with security. In actual fact, your security arrangements should form part of a never-ending process. You need to continually harden, monitor, improve, and test your WordPress security arrangements. When it comes to the best WordPress security plugins, you’ve got to keep in mind that there’s no ‘one-size-fits-all’ plugin. Securing your website is much more than installing one firewall, or one plugin for that matter. Instead, you need a well-rounded suite of security plugins that meet […]